J'ai ouvert un BV: Malware-gen

mag 89 -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour, j'ai ouvert un dossier sur mon bureau qui s'était installer tout seul(dossiers au nombre
de deux dont un supprimer). Avast m'a averti de ces virus que j'ai mis en quarantaine....
Cependant, lorsque j'allume mon ordi, j'ai un écran bleu puis blanc qui me supprime
l'image de mon bureau, ce message "'file:///C:WINDOWS/privacy_danger:index.htm'est
introuvable.Vérifier que le chemin d'accès ou l'adresse internet sont corrects." C'est la meme
chose lorsque je veux définir un papier peint....J'ai installer ccleaner/avira antivi/avg mais le
problème persiste!!! Ce n'ai peut-étre pas lourd en conséquences??
Merci de m'aider...
Configuration: Windows XP
Firefox 2.0.0.15

9 réponses

  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    - Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31) :
    http://siri.urz.free.fr/Fix/SmitfraudFix.exe ou http://www.geekstogo.com/forum/files/file/6-smitfraudfix/

    - Enregistre-le sur le bureau

    - Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

    - Un rapport sera généré, poste-le dans ta prochaine réponse.

    [*] process.exe est détecté par certains antivirus comme étant un risktool. Il ne s'agit pas d'un virus mais d'un utilitaire destiné à mettre fin à des processus.[*]

    ** Ne fais l'étape 2 que si on te le demande, on doit d'abord examiner le premier rapport de SmitfraudFix
    0
    1. mag 89
       
      Voici le rapport :
      SmitFraudFix v2.329

      Rapport fait à 11:36:14,10, 15/07/2008
      Executé à partir de C:\Documents and Settings\laurant\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est NTFS
      Fix executé en mode normal

      »»»»»»»»»»»»»»»»»»»»»»»» Process

      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Windows Live Toolbar\msn_sl.exe
      C:\Documents and Settings\laurant\Bureau\SmitfraudFix\Policies.exe
      C:\WINDOWS\system32\cmd.exe

      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\laurant


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\laurant\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\laurant\Favoris


      »»»»»»»»»»»»»»»»»»»»»»»» Bureau


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


      »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
      "SubscribedURL"=""
      "FriendlyName"="Privacy Protection"

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="Ma page d'accueil"

      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» VACFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "AppInit_DLLs"=""
      "LoadAppInit_DLLs"=dword:00000001


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Rustock



      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
      DNS Server Search Order: 208.67.220.220
      DNS Server Search Order: 208.67.222.222

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: DhcpNameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: NameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: DhcpNameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: NameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{78BE84ED-50F9-4C7B-927F-46B7788841E6}: DhcpNameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: DhcpNameServer=192.168.1.1 0.0.0.0
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: NameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: DhcpNameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: NameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: DhcpNameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: NameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{78BE84ED-50F9-4C7B-927F-46B7788841E6}: DhcpNameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: DhcpNameServer=192.168.1.1 0.0.0.0
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: NameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: DhcpNameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: NameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: DhcpNameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: NameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{78BE84ED-50F9-4C7B-927F-46B7788841E6}: DhcpNameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: DhcpNameServer=192.168.1.1 0.0.0.0
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: NameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222


      »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin

      Merci de ton aide
      0
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Double-clique sur SmitfraudFix.exe, choisis l'option 2 et Entrée

    - Réponds O(oui) à ces deux questions si elles te sont posées

    Voulez-vous nettoyer le registre ?
    Corriger le fichier infecté ?

    - Un rapport sera généré, sauvegarde-le sur le bureau

    - Poste le rapport SmitfraudFix et un nouveau rapport HijackThis
    0
  3. mag 89
     
    voici le rapport / (j'ai malhureusement effacer le 1er je ne suis pas tres doué!!!) :
    SmitFraudFix v2.329

    Rapport fait à 15:53:34,29, 15/07/2008
    Executé à partir de C:\Documents and Settings\laurant\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 208.67.220.220
    DNS Server Search Order: 208.67.222.222

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{78BE84ED-50F9-4C7B-927F-46B7788841E6}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{78BE84ED-50F9-4C7B-927F-46B7788841E6}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{78BE84ED-50F9-4C7B-927F-46B7788841E6}: DhcpNameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=208.67.220.220,208.67.222.222

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge HijackThis V 2.02 (HijackThis Installer) :
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    - Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    - Clique sur Install ensuite sur I Accept

    - Clique sur Do a scan system and save log file

    - Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. mag 89
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:12:44, on 15/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CS1\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O18 - Protocol: bw+0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {E8FFB98A-B58E-4713-A3CE-DEE0BFCC0752} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O21 - SSODL: fdxbameg - {1A477910-4143-4AF2-A912-24B384C7B95D} - C:\WINDOWS\fdxbameg.dll (file missing)
    O21 - SSODL: fsrpknov - {981B7D6C-4FC0-4205-A248-D9BDDE4FDD30} - C:\WINDOWS\fsrpknov.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Relance HijackThis et choisis Do a system scan only

    ---> Coche les cases qui sont devant les lignes suivantes :

    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL (file missing)

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

    O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    018 - Toutes les lignes

    O21 - SSODL: fdxbameg - {1A477910-4143-4AF2-A912-24B384C7B95D} - C:\WINDOWS\fdxbameg.dll (file missing)

    O21 - SSODL: fsrpknov - {981B7D6C-4FC0-4205-A248-D9BDDE4FDD30} - C:\WINDOWS\fsrpknov.dll (file missing)

    ---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

    ---> Mets à jour Java :
    https://www.java.com/fr/download/manual.jsp

    ---> Redémarre et poste un nouveau rapport HijackThis
    0
    1. mag89
       
      voila la suite!Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:38:06, on 17/07/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
      O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CCS\Services\Tcpip\..\{5039C460-DA3E-4497-9618-5558938C2E6D}: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CCS\Services\Tcpip\..\{FA41F58C-FFAD-4ADA-A22F-A5573AAB1839}: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CS1\Services\Tcpip\..\{17500EBE-31F7-487F-9EBF-BEC3B026CFA5}: NameServer = 208.67.220.220,208.67.222.222
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      0
  8. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge et installe MalwareByte's Anti-Malware :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

    - Mets-le à jour

    - Redémarre en mode sans échec (Recommandé) :
    https://www.malekal.com/demarrer-windows-mode-sans-echec/

    - Choisis ta session habituelle

    - Fais un scan complet avec MalwareByte's Anti-Malware

    - Supprime tout ce que le logiciel trouve, enregistre le rapport

    - Redémarre en mode normal et poste le rapport ici

    Tutorial :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
    1. mag89
       
      excuse moi mais j'ai redefini une photo pour mon bureau, le message ne s'affiche plus et la photo reste en place.
      Faut-il que je fasse la derniere maneuvre que tu m'as conseillé??? Merci
      0
  9. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Je te conseille de le faire.
    0
    1. mag 89
       
      me revoila!!! le mode sans echec ma fait tres peur!!! aujourd'hui infecté par tout autre chose "virus lab 2009 " je sais me servir de ce mode "sans echec" et je m'apprete a t'envoyer le rapport...
      0
  10. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Fais-le en mode normal le scan.
    0