Infection antivirus xp 2008

Résolu
caprico53 Messages postés 39 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour à tous,

Comme beaucoup d'entre nous, je suis aussi infecté par antivirus xp 2008.

Mon fond d'écran est tout blanc et j'ai la fenêtre de antivirus xp 2008 qui me donne environ 1040 fichier infectés .

Comme beaucoup cela me pose énormement de problèmes surtout qu'avast ne signale rien.

Je poste un rapport hijackthis pour ceux qui peuvent m'aider.

Merci d'avance à tous ceux qui m'aiderons.

Logfile of HijackThis v1.99.1
Scan saved at 21:16:18, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\lphc3wuj0ejrj.exe
C:\Program Files\rhc7wuj0ejrj\rhc7wuj0ejrj.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\WINDOWS\system32\pphc3wuj0ejrj.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lphc3wuj0ejrj] C:\WINDOWS\system32\lphc3wuj0ejrj.exe
O4 - HKLM\..\Run: [SMrhc7wuj0ejrj] C:\Program Files\rhc7wuj0ejrj\rhc7wuj0ejrj.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: bw+0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Configuration: Windows XP
Firefox 3.0.1

16 réponses

  1. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    commence par faire ceci stp :

    Option 1 - Recherche :

    télécharge smitfraudfix et enregistre le sur le bureau à cette adresse (c est le numéro 2 en bas de la page) :

    https://www.androidworld.fr/

    Ensuite double clique sur smitfraudfix puis exécuter

    Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

    (attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

    copier/coller le rapport dans la réponse.

    Un tutoriel sonore et animé est à ta disposition sur le site.

    (Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool".
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains,
    cet utilitaire pourrait arrêter des logiciels de sécurité.)
    0
  2. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok maintenant fais ceci dans l ordre stp :

    Télécharge cet outil de SiRi:

    http://siri.urz.free.fr/RHosts.php

    Double clique dessus pour l'exécuter

    et cliques sur " Restore original Hosts "

    ps : c est normal que rien ne se passe

    ensuire redémarre le pc

    ensuite :

    Option 2 - Nettoyage :

    Redémarrer l'ordinateur en mode sans échec (tapoter rapidement la touche F8 au démarrage du pc pour obtenir le menu des options avancées).

    Double cliquer sur smitfraudfix

    Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

    A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

    Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

    Enregistre le rapport sur ton bureau

    Redémarrer en mode normal et poster le rapport.

    ensuite :

    Télécharger sur le bureau malwarebytes à cette adresse :

    https://www.androidworld.fr/

    Voici un tuto pour bien l installer et bien l utiliser :

    https://www.androidworld.fr/

    aide toi bien du tuto pour supprimer correctement ce qu il aura trouvé

    Après l analyse, redémarrer le pc et poste le rapport !!
    0
    1. caprico53 Messages postés 39 Statut Membre
       
      coucou geoffrey5

      voici le rapport du nettoyage de smitfraudfix.

      SmitFraudFix v2.350

      Rapport fait à 23:25:35.78, 15/09/2008
      Executé à partir de C:\Documents and Settings\ERIC\Bureau\SmitfraudFix
      OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
      Le type du système de fichiers est
      Fix executé en mode sans echec

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


      »»»»»»»»»»»»»»»»»»»»»»»» hosts


      127.0.0.1 localhost

      »»»»»»»»»»»»»»»»»»»»»»»» VACFix

      VACFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

      S!Ri's WS2Fix: LSP not Found.


      »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

      GenericRenosFix by S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


      »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

      IEDFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

      404Fix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri


      »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

      AntiXPVSTFix
      Credits: Malware Analysis & Diagnostic
      Code: S!Ri



      »»»»»»»»»»»»»»»»»»»»»»»» RK


      »»»»»»»»»»»»»»»»»»»»»»»» DNS

      HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
      HKLM\SYSTEM\CCS\Services\Tcpip\..\{CEB98910-525A-4F70-AE1E-F6A6799023D7}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
      HKLM\SYSTEM\CS1\Services\Tcpip\..\{CEB98910-525A-4F70-AE1E-F6A6799023D7}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
      HKLM\SYSTEM\CS3\Services\Tcpip\..\{CEB98910-525A-4F70-AE1E-F6A6799023D7}: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
      HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


      »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


      »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "System"=""


      »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

      Nettoyage terminé.

      »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
      !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll


      »»»»»»»»»»»»»»»»»»»»»»»» Fin
      -1
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Mais de rien caprico, je t ai aidé avec plaisir ;-)

    tu peux aussi supprimer combofix qui est sur ton bureau et mettre résolu !!

    bonne fin de soirée @+
    0
  4. caprico53 Messages postés 39 Statut Membre
     
    Salut GEOFFREY 5

    Merci de m'apporter ton aide.

    Voici donc le rapport que tu as demandé.

    SmitFraudFix v2.350

    Rapport fait à 22:31:12.14, 15/09/2008
    Executé à partir de C:\Documents and Settings\ERIC\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\drivers\CDAC11BA.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\ARPWRMSG.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\lphc3wuj0ejrj.exe
    C:\Program Files\rhc7wuj0ejrj\rhc7wuj0ejrj.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\drivers\svchost.exe
    C:\WINDOWS\system32\pphc3wuj0ejrj.exe
    C:\Program Files\IncrediMail\bin\IMApp.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\HP\KBD\KBD.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    Fichier hosts corrompu !

    127.0.0.1 www.legal-at-spybot.info
    127.0.0.1 legal-at-spybot.info

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\tdssservers.dat détecté, utilisez un scanner de Rootkit
    C:\WINDOWS\system32\tdssl.dll détecté, utilisez un scanner de Rootkit
    C:\WINDOWS\system32\drivers\tdssserv.sys détecté, utilisez un scanner de Rootkit
    C:\WINDOWS\system32\drivers\svchost.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ERIC

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ERIC\Application Data

    C:\Documents and Settings\ERIC\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ERIC\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    C:\DOCUME~1\ALLUSE~1\Bureau\Antivirus XP 2008.lnk PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 16.92.3.242
    DNS Server Search Order: 16.92.3.243
    DNS Server Search Order: 16.81.3.243
    DNS Server Search Order: 16.118.3.243

    Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{CEB98910-525A-4F70-AE1E-F6A6799023D7}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{CEB98910-525A-4F70-AE1E-F6A6799023D7}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{CEB98910-525A-4F70-AE1E-F6A6799023D7}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    -1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok maintenant fais une analyse complete avec malwarebytes stp

    aide toi du tuto pour supprimer correctement ce qu il aura trouvé
    -1
    1. caprico53 Messages postés 39 Statut Membre
       
      Salut GEOFFREY5

      L'analyse de malwarebytes vient de se terminer.Par contre, il me dit qu'il ne peut pas supprimer certains éléments mais ils sont ajoutés à la liste des suppressions au démarrage.

      voici le rapport après la suppression des fichiers.

      Malwarebytes' Anti-Malware 1.28
      Version de la base de données: 1161
      Windows 5.1.2600 Service Pack 2

      16/09/2008 22:35:55
      mbam-log-2008-09-16 (22-35-55).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 258881
      Temps écoulé: 1 hour(s), 32 minute(s), 52 second(s)

      Processus mémoire infecté(s): 3
      Module(s) mémoire infecté(s): 5
      Clé(s) du Registre infectée(s): 32
      Valeur(s) du Registre infectée(s): 8
      Elément(s) de données du Registre infecté(s): 2
      Dossier(s) infecté(s): 23
      Fichier(s) infecté(s): 31

      Processus mémoire infecté(s):
      C:\Program Files\rhc7wuj0ejrj\rhc7wuj0ejrj.exe (Rogue.Multiple) -> Unloaded process successfully.
      C:\WINDOWS\system32\lphc3wuj0ejrj.exe (Trojan.FakeAlert) -> Unloaded process successfully.
      C:\WINDOWS\system32\pphc3wuj0ejrj.exe (Trojan.FakeAlert) -> Unloaded process successfully.

      Module(s) mémoire infecté(s):
      C:\Program Files\rhc7wuj0ejrj\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
      C:\Program Files\rhc7wuj0ejrj\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
      C:\Program Files\rhc7wuj0ejrj\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
      C:\WINDOWS\system32\TDSSl.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\blphc3wuj0ejrj.scr (Trojan.FakeAlert) -> Delete on reboot.

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\msctx32.pp (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\TypeLib\{21f89357-ff5b-4e34-9161-eb05cead8eb6} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{eb663a33-3203-455b-81ed-75db856e0619} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{eda90fa8-492c-4562-a9fd-e44ca0721fa0} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{89286d74-1e06-4ae0-8aee-4d4363d5d814} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{95b187db-43c8-4ac7-af7f-c93b79d21f1a} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\msctx32.pp.1 (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2b2a8719f0d73b540683675697e40b6f8c7c9a8c (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\394ad7ced9b99836082bdf9b59df73c2633b248e (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\93eb9fd3ea40f221e990e3e71343e6d47d3fa0c0 (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\c48d3b9bca9b3a5a04bc26f729ee0c6e389dde2e (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\ecdfb50751ae333aaa4ea5fd47308faa685e8ffe (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2c5eceb3d45147eb99fa51120e7c7adebe213de6 (Adware.123Mania) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\a6a50b0ebf885a7dd4fb6927f1388592138fffe6 (Adware.123Mania) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc7wuj0ejrj (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\rhc7wuj0ejrj (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc7wuj0ejrj (Rogue.Multiple) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3wuj0ejrj (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      C:\Program Files\rhc7wuj0ejrj (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\Documents and Settings\QUENTIN\Local Settings\Application Data\isufg_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Local Settings\Application Data\isufg_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Local Settings\Application Data\isufg.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Local Settings\Application Data\zkfoymk_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Local Settings\Application Data\zkfoymk_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\QUENTIN\Local Settings\Application Data\zkfoymk.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\MSCTX32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Local Settings\Temp\TDSS74e4.tmp (Trojan.Multis) -> Quarantined and deleted successfully.
      C:\Program Files\rhc7wuj0ejrj\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Program Files\rhc7wuj0ejrj\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Program Files\rhc7wuj0ejrj\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Program Files\rhc7wuj0ejrj\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Program Files\rhc7wuj0ejrj\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Program Files\rhc7wuj0ejrj\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Program Files\rhc7wuj0ejrj\rhc7wuj0ejrj.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Program Files\rhc7wuj0ejrj\rhc7wuj0ejrj.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\Program Files\rhc7wuj0ejrj\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
      C:\WINDOWS\system32\blphc3wuj0ejrj.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\lphc3wuj0ejrj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\phc3wuj0ejrj.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\pphc3wuj0ejrj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\ERIC\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
      -1
    2. caprico53 Messages postés 39 Statut Membre
       
      salut geoffrey 5

      désolé pour le retard .

      tout s'est bien passé et je n'ai plus de problème.

      un grand merci pour ton aide .
      -1
  7. caprico53 Messages postés 39 Statut Membre
     
    Salut GEOFFREY5

    J'ai suivi tes instructions à la lettre et maintenant je n4ai plus de fenètre ni d'icone de antivirus xp 2008 sur mon bureau.

    Voici le rapport après nettoyage.

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1161
    Windows 5.1.2600 Service Pack 2

    16/09/2008 22:35:55
    mbam-log-2008-09-16 (22-35-55).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 258881
    Temps écoulé: 1 hour(s), 32 minute(s), 52 second(s)

    Processus mémoire infecté(s): 3
    Module(s) mémoire infecté(s): 5
    Clé(s) du Registre infectée(s): 32
    Valeur(s) du Registre infectée(s): 8
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 23
    Fichier(s) infecté(s): 31

    Processus mémoire infecté(s):
    C:\Program Files\rhc7wuj0ejrj\rhc7wuj0ejrj.exe (Rogue.Multiple) -> Unloaded process successfully.
    C:\WINDOWS\system32\lphc3wuj0ejrj.exe (Trojan.FakeAlert) -> Unloaded process successfully.
    C:\WINDOWS\system32\pphc3wuj0ejrj.exe (Trojan.FakeAlert) -> Unloaded process successfully.

    Module(s) mémoire infecté(s):
    C:\Program Files\rhc7wuj0ejrj\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
    C:\Program Files\rhc7wuj0ejrj\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
    C:\Program Files\rhc7wuj0ejrj\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.
    C:\WINDOWS\system32\TDSSl.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\blphc3wuj0ejrj.scr (Trojan.FakeAlert) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\msctx32.pp (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{21f89357-ff5b-4e34-9161-eb05cead8eb6} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eb663a33-3203-455b-81ed-75db856e0619} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{eda90fa8-492c-4562-a9fd-e44ca0721fa0} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{89286d74-1e06-4ae0-8aee-4d4363d5d814} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{95b187db-43c8-4ac7-af7f-c93b79d21f1a} (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\msctx32.pp.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2b2a8719f0d73b540683675697e40b6f8c7c9a8c (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\394ad7ced9b99836082bdf9b59df73c2633b248e (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\93eb9fd3ea40f221e990e3e71343e6d47d3fa0c0 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\c48d3b9bca9b3a5a04bc26f729ee0c6e389dde2e (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\ecdfb50751ae333aaa4ea5fd47308faa685e8ffe (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\2c5eceb3d45147eb99fa51120e7c7adebe213de6 (Adware.123Mania) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\a6a50b0ebf885a7dd4fb6927f1388592138fffe6 (Adware.123Mania) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc7wuj0ejrj (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhc7wuj0ejrj (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc7wuj0ejrj (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc3wuj0ejrj (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\Program Files\rhc7wuj0ejrj (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Application Data\rhc7wuj0ejrj\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Application Data\rhc7wuj0ejrj\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Documents and Settings\QUENTIN\Local Settings\Application Data\isufg_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Local Settings\Application Data\isufg_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Local Settings\Application Data\isufg.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Local Settings\Application Data\zkfoymk_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Local Settings\Application Data\zkfoymk_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\QUENTIN\Local Settings\Application Data\zkfoymk.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\MSCTX32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Local Settings\Temp\TDSS74e4.tmp (Trojan.Multis) -> Quarantined and deleted successfully.
    C:\Program Files\rhc7wuj0ejrj\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc7wuj0ejrj\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc7wuj0ejrj\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc7wuj0ejrj\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc7wuj0ejrj\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc7wuj0ejrj\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc7wuj0ejrj\rhc7wuj0ejrj.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc7wuj0ejrj\rhc7wuj0ejrj.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhc7wuj0ejrj\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\system32\blphc3wuj0ejrj.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphc3wuj0ejrj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phc3wuj0ejrj.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pphc3wuj0ejrj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\ERIC\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Menu Démarrer\carlton (Dialer) -> Quarantined and deleted successfully.
    -1
  8. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    refais un nouveau rapport hijackthis pour terminer stp
    -1
    1. caprico53 Messages postés 39 Statut Membre
       
      salut

      voici le rapport demandé.

      Logfile of HijackThis v1.99.1
      Scan saved at 19:00:29, on 30/09/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\arservice.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\ARPWRMSG.EXE
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Logitech\Video\CameraAssistant.exe
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\Program Files\IncrediMail\bin\IMApp.exe
      C:\HP\KBD\KBD.EXE
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      c:\windows\system\hpsysdrv.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
      O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
      O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
      O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O18 - Protocol: bw+0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: offline-8876480 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      -1
  9. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    je vois que tu as 3 antivirus : avast, norton et nod32 :s

    lequel utilises tu ??
    -1
    1. caprico53 Messages postés 39 Statut Membre
       
      j'utilise avast mais je trouve bizarre d'avoir norton car je croyai l' avoir désintallé .

      Par contre nod 32 , je ne connais pas et je ne sais pas à quoi il correspond.
      -1
  10. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    norton removal tools : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

    et pour nod32, vas le désinstaller dans ajout/suppression de programmes.
    -1
    1. caprico53 Messages postés 39 Statut Membre
       
      j'ai regardé dans ajout/suppression de programmes et aucun programme portant ce nom apparait dans la liste.

      Est ce normal ?
      -1
  11. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    oui car ce sont surement juste des traces qui sont restées dans ton PC lors de la désinstallation..

    pour norton tu dois exécuter le logiciel que je t ai donné..

    et pour nod32 : fais une recherche de ton PC en tapant nod32 et supprime tout ce qu il trouvera.

    ensuite vide ta corbeille et redémarre le PC

    ensuite :

    ▶ Télécharge Combofix de sUBs

    (c est le numéro 5 en bas de la page)

    ▶ et enregistre le sur le Bureau.

    ▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

    Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    ensuite envois le rapport stp
    -1
    1. caprico53 Messages postés 39 Statut Membre
       
      Salut geoffrey5,

      Me voila revenu.

      voici donc le rapport de combofix :

      ComboFix 08-10-04.07 - ERIC 2008-10-05 15:37:33.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.530 [GMT 2:00]
      Lancé depuis: C:\Documents and Settings\ERIC\Bureau\ComboFix.exe
      * Un nouveau point de restauration a été créé
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk
      C:\Documents and Settings\QUENTIN\Local Settings\Application Data\vuyqiv_navtmp.dat
      C:\Documents and Settings\QUENTIN\real.txt
      C:\Program Files\autorun.inf
      D:\Autorun.inf

      .
      ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_NPF
      -------\Legacy_SYSREST.SYS
      -------\Legacy_TDSSSERV
      -------\Service_TDSSserv


      ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-05 au 2008-10-05 ))))))))))))))))))))))))))))))))))))
      .

      2008-09-30 21:01 . 2008-09-30 21:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
      2008-09-17 20:09 . 2008-09-17 20:09 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
      2008-09-16 20:38 . 2008-09-16 20:38 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-09-16 20:38 . 2008-09-16 20:38 <REP> d-------- C:\Documents and Settings\ERIC\Application Data\Malwarebytes
      2008-09-16 20:38 . 2008-09-16 20:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-09-16 20:38 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2008-09-16 20:38 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
      2008-09-15 22:31 . 2008-09-15 23:25 4,492 --a------ C:\WINDOWS\system32\tmp.reg
      2008-09-15 22:30 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
      2008-09-15 22:30 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
      2008-09-15 22:30 . 2008-09-08 23:38 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
      2008-09-15 22:30 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
      2008-09-15 22:30 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
      2008-09-15 22:30 . 2008-09-15 18:51 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
      2008-09-15 22:30 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
      2008-09-15 22:30 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
      2008-09-15 22:30 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
      2008-09-15 22:30 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
      2008-09-12 21:36 . 2008-09-12 21:36 <REP> d-------- C:\Program Files\iTunes
      2008-09-12 21:36 . 2008-09-12 21:36 <REP> d-------- C:\Program Files\iPod
      2008-09-12 21:36 . 2008-09-12 21:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
      2008-09-12 21:34 . 2008-09-12 21:34 <REP> d-------- C:\Program Files\Bonjour
      2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
      2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-10-05 13:13 --------- d-----w C:\Program Files\Lavasoft
      2008-10-05 12:52 --------- d-----w C:\Documents and Settings\ERIC\Application Data\OpenOffice.org2
      2008-10-05 12:51 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-10-05 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-10-05 11:54 --------- d-----w C:\Documents and Settings\QUENTIN\Application Data\OpenOffice.org2
      2008-10-05 10:15 --------- d-----w C:\Documents and Settings\QUENTIN\Application Data\uTorrent
      2008-10-05 10:05 --------- d-----w C:\Documents and Settings\QUENTIN\Application Data\Apple Computer
      2008-09-30 20:37 --------- d-----w C:\Documents and Settings\ERIC\Application Data\uTorrent
      2008-09-30 19:21 --------- d-----w C:\Program Files\EsetOnlineScanner
      2008-09-30 19:03 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
      2008-09-20 23:51 --------- d-----w C:\Program Files\LimeWire
      2008-09-12 19:33 --------- d-----w C:\Program Files\QuickTime
      2008-09-12 19:32 --------- d-----w C:\Program Files\Fichiers communs\Apple
      2008-09-07 17:34 --------- d-----w C:\Documents and Settings\ERIC\Application Data\dvdcss
      2008-08-26 16:05 --------- d-----w C:\Program Files\HP
      2008-08-26 16:04 --------- d-----w C:\Program Files\Hewlett-Packard
      2008-08-23 08:11 --------- d-----w C:\Program Files\Incomplete
      2008-08-21 11:21 --------- d-----w C:\Documents and Settings\ERIC\Application Data\Apple Computer
      2008-08-21 11:06 --------- d-----w C:\Program Files\Apple Software Update
      2008-08-19 12:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-08-19 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\IM
      2008-08-19 10:18 --------- d-----w C:\Program Files\IncrediMail
      2008-08-19 10:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\IncrediMail
      2007-02-03 23:24 251 ----a-w C:\Program Files\wt3d.ini
      2006-11-19 01:00 52,476 ----a-w C:\Program Files\StartPortableApps.exe
      2007-05-28 16:42 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
      2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
      2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-11 32768]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-26 68856]
      "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2008-07-24 243072]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
      "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 237568]
      "HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
      "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 225280]
      "LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 489472]
      "LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
      "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 262144]
      "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
      "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2004-09-07 1450094]
      "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
      "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
      "ftutil2"="ftutil2.dll" [2004-06-07 C:\WINDOWS\system32\ftutil2.dll]
      "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 C:\WINDOWS\RTHDCPL.EXE]
      "AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 C:\WINDOWS\arpwrmsg.exe]

      C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
      Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-10-19 27136]
      PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-10-19 27136]

      C:\Documents and Settings\ERIC\Menu D‚marrer\Programmes\D‚marrage\
      OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
      Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-10-19 27136]
      PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-10-19 27136]

      C:\Documents and Settings\QUENTIN\Menu D‚marrer\Programmes\D‚marrage\
      OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
      Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-10-19 27136]
      PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-10-19 27136]

      C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
      Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-10-19 27136]
      PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-10-19 27136]

      C:\Documents and Settings\ERIC\Menu D‚marrer\Programmes\D‚marrage\
      OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
      Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-10-19 27136]
      PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-10-19 27136]

      C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
      Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
      Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-04-11 450560]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
      "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "vidc.yv12"= yv12vfw.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Messenger\\msmsgs.exe"=
      "C:\\WINDOWS\\system32\\rtcshare.exe"=
      "C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
      "C:\\WINDOWS\\system32\\java.exe"=
      "C:\\Program Files\\LimeWire\\LimeWire.exe"=
      "C:\\Program Files\\Microsoft Games\\Motocross Madness 2 Trial\\mcm2.exe"=
      "C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
      "C:\\jeux\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
      "C:\\Program Files\\TrackMania Original\\TmOriginal.exe"=
      "C:\\Program Files\\uTorrent\\utorrent.exe"=
      "C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "C:\\Program Files\\iTunes\\iTunes.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
      "AllowInboundEchoRequest"= 1 (0x1)

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
      R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16768]
      R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 26496]
      S3 bfastfao;bfastfao;C:\DOCUME~1\ERIC\LOCALS~1\Temp\bfastfao.sys [ ]
      S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{26efb418-025f-11dd-9861-001921a16f39}]
      \Shell\AutoRun\command - J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eec09ce9-6e65-11dc-9758-001921a16f39}]
      \Shell\AutoRun\command - J:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
      .
      Contenu du dossier 'Tâches planifiées'

      2008-10-03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
      .
      - - - - ORPHELINS SUPPRIMES - - - -

      HKCU-Run-Magentic - C:\PROGRA~1\Magentic\bin\Magentic.exe
      HKLM-Run-TkBellExe - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      HKLM-Run-PCDrProfiler - (no file)


      .
      ------- Examen supplémentaire -------
      .
      FireFox -: Profile - C:\Documents and Settings\ERIC\Application Data\Mozilla\Firefox\Profiles\c7tpgz2r.default\
      FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
      FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
      FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
      FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
      FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
      FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
      FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
      FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-10-05 16:02:54
      Windows 5.1.2600 Service Pack 2 NTFS

      Recherche de processus cachés ...

      Recherche d'éléments en démarrage automatique cachés ...

      Recherche de fichiers cachés ...

      Scan terminé avec succès
      Fichiers cachés: 0

      **************************************************************************
      .
      ------------------------ Autres processus actifs ------------------------
      .
      C:\WINDOWS\system32\ati2evxx.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\arservice.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\ehome\ehrecvr.exe
      C:\WINDOWS\ehome\ehSched.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\ehome\mcrdsvc.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\ati2evxx.exe
      C:\WINDOWS\ehome\ehmsas.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
      C:\Program Files\IncrediMail\bin\ImApp.exe
      C:\Program Files\iPod\bin\iPodService.exe
      .
      **************************************************************************
      .
      Heure de fin: 2008-10-05 16:11:43 - La machine a redémarré [ERIC]
      ComboFix-quarantined-files.txt 2008-10-05 14:11:38

      Avant-CF: 32 602 710 016 octets libres
      Après-CF: 34,152,972,288 octets libres

      234 --- E O F --- 2008-10-03 19:45:45
      -1
  12. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    ok maintenant fais ceci stp :

    ▶ Télécharge sur le bureau Navilog1 (c est le numéro 1 en bas de la page)

    *Si ton antivirus s'affole , le désactiver
    sous vista : Clic-droit sur le raccourci Navilog1 présent sur le bureau et choisis "Exécuter en tant qu'administrateur
    sous XP : double-clic dessus pour l'installer et le lancer

    ▶ Quand installé
    ▶ taper F
    ▶ Appuyer sur une touche jusqu' arriver aux options
    ▶ Choisir Recherche ( = taper 1 )

    ▶ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

    ▶un rapport : fixnavi.txt dans ==> C:

    ▶le copier et le coller dans la réponse
    -1
    1. caprico53 Messages postés 39 Statut Membre
       
      slt

      le rapport navilog1:

      Search Navipromo version 3.2.0 commencé le 05/10/2008 à 17:06:26.12

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Poster ce rapport sur le forum pour le faire analyser !!!
      !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

      Fix lancé depuis C:\Program Files\navilog1
      Mise a jour le 30.09.2007 a 18h00 by IL-MAFIOSO


      Microsoft Windows XP [version 5.1.2600]
      Internet Explorer : 6.0.2900.2180


      *** Recherche Programmes installes ***




      *** Recherche dossiers dans C:\WINDOWS ***



      *** Recherche dossiers dans C:\Program Files ***



      *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




      *** Recherche dossiers dans C:\Documents and Settings\ERIC\Application Data ***


      *** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1 ***


      *** Recherche avec Catchme-rootkit/stealth malware detector by gmer ***
      pour + d'infos : http://www.gmer.net

      Aucun fichier trouvé dans :

      - C:\WINDOWS\system32
      - C:\Documents and Settings\ERIC\local settings\application data



      *** Recherche avec GenericNaviSearch ***
      !!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A verifier impérativement avant toute suppression manuelle !!!

      * Scan C:\WINDOWS\system32 *

      * Scan C:\Documents and Settings\ERIC\local settings\application data *



      *** Recherche fichiers ***




      *** Recherche cles registre ***


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche fichiers connus:

      2)Recherche Heuristique :



      3)Recherche Certificats :

      Certificat Egroup absent !


      *** Analyse Terminé le 05/10/2008 à 17:06:52.59 ***
      -1
  13. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok...il n a rien trouvé mais pour être sure qu il n y ai pas de fichiers cachés, fais quand même la suppression stp :

    ▶ Relance navilog1

    ▶ Choisis cette fois option 2 taper 2

    note : le bureau disparaît

    ▶redémarrage du pc

    ▶ mettre le rapport dans la réponse

    ensuite refais un nouveau rapport hijackthis stp

    je dois m absenter donc je vérifierai tes réponses dès mon retour ;-)

    @+
    -1
    1. caprico53 Messages postés 39 Statut Membre
       
      ok

      voici le rapport après suppression de navilog1 :




      Clean Navipromo version 3.2.0 commencé le 05/10/2008 à 17:30:34.20

      Fix lancé depuis C:\Program Files\navilog1
      Mise a jour le 30.09.2007 a 18h00 by IL-MAFIOSO


      Microsoft Windows XP [version 5.1.2600]
      Internet Explorer : 6.0.2900.2180

      Mode suppression automatique



      *** fsbl1.txt non trouvé ***
      (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


      *** Suppression avec Backups résultats GenericNaviSearch ***

      * Scan C:\WINDOWS\system32 *


      * Scan C:\Documents and Settings\ERIC\local settings\application data *



      *** Suppression dossiers dans C:\WINDOWS ***


      *** Suppression dossiers dans C:\Program Files ***


      *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


      *** Suppression dossiers dans C:\Documents and Settings\ERIC\Application Data ***


      *** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1 ***



      *** Suppression fichiers ***


      *** Suppression fichiers temporaires ***

      Nettoyage contenu C:\WINDOWS\Temp effectué !
      Nettoyage contenu C:\Documents and Settings\ERIC\Local Settings\Temp effectué !

      *** Traitement Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche fichiers connus:


      2)Recherche et Suppression Heuristique :


      *** Sauvegarde du registre vers dossier Backupnavi ***

      sauvegarde du registre réalise avec succes !

      *** Nettoyage registre ***

      Nettoyage registre Ok


      *** Certificats ***

      Certificat Egroup absent !



      *** Nettoyage termine le 05/10/2008 à 17:33:31.15 ***



      et voici le rapport hijackthis :



      Logfile of HijackThis v1.99.1
      Scan saved at 17:37:29, on 05/10/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\arservice.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\ARPWRMSG.EXE
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\Logitech\Video\CameraAssistant.exe
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\Program Files\Ahead\InCD\InCD.exe
      C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\IncrediMail\bin\IMApp.exe
      C:\HP\KBD\KBD.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\WINDOWS\system32\wuauclt.exe
      c:\windows\system\hpsysdrv.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
      O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
      O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
      O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
      O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
      O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
      O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
      O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O18 - Protocol: bw+0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
      O18 - Protocol: offline-8876480 - {03D8FF90-E0DD-409F-9696-4489E6948D5D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
      -1
  14. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    relance hijackthis en cliquant sur scan only et coches ces lignes tsp :

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

    puis tu cliques sur fix checked.

    fais une recherche de ton PC en tapant nod32 et supprimes tout ce qu il trouvera..

    ensuite vides ta corbeille, redémarre le PC et fais ceci stp :

    ▶ Télécharge JavaRa.zip

    ▶ Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)

    ▶ Double-clique sur le répertoire JavaRa obtenu.

    ▶ Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)

    ▶ Clique sur Search For Updates.

    ▶ Sélectionne Update Using jucheck.exe puis clique sur Search.

    ▶ Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.

    ▶ Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.

    ▶ Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.

    ▶ Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.

    * Note : le rapport se trouve aussi là : ( C:\JavaRa.log )

    Ferme l'application et dis moi si tu as encore des problèmes.
    -1
    1. caprico53 Messages postés 39 Statut Membre
       
      salut

      hier soir, la mise a jour de windows m'a installé le pack 3 .

      sachant que j'ai utilisé combofix sous le pack 2 , les resultats que tu as eu sont il faussés ou alors je peux procéder

      comme tu me l'a dit précedemment sans problème ?

      par contre, depuis que j'ai désactivité avast , je n' ai plus l'icone dans la barre des taches ( en bas a droite) alors

      que la fonction est coché dans les parametres d'avast.

      a+
      -1
      1. caprico53 Messages postés 39 Statut Membre > caprico53 Messages postés 39 Statut Membre
         
        salut,

        je n'ai plus de soucis avec antivirus xp 2008 .

        voici le rapport de javara :


        JavaRa 1.11 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Tue Oct 07 20:53:31 2008

        Found and removed: C:\Program Files\Java\jre1.5.0_06

        Found and removed: C:\Program Files\Java\jre1.5.0_10

        Found and removed: C:\Program Files\Java\jre1.5.0_11

        Found and removed: C:\Program Files\Java\jre1.6.0_01

        Found and removed: C:\Program Files\Java\jre1.6.0_02

        Found and removed: C:\Program Files\Java\jre1.6.0_03

        Found and removed: C:\Program Files\Java\jre1.6.0_05

        Found and removed: Software\JavaSoft\Java2D\1.5.0_06

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D510006

        Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511000

        Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D511001

        Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D510006

        Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511000

        Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D511001

        Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D510006

        Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511000

        Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D511001

        Found and removed: SOFTWARE\Classes\JavaPlugin.150_06

        Found and removed: SOFTWARE\Classes\JavaPlugin.150_10

        Found and removed: SOFTWARE\Classes\JavaPlugin.150_11

        Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

        Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_06

        Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_10

        Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.5.0_11

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_06

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_10

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.5.0_11

        Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D510006

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511000

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D511001

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D510006

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511000

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D511001

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150060}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150100}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0150110}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

        Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

        Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610001

        Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610002

        Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610003

        Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610001

        Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610002

        Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610003

        Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

        Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

        Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

        Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Classes\JavaPlugin.160_01

        Found and removed: SOFTWARE\Classes\JavaPlugin.160_02

        Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

        Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

        Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_01

        Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_02

        Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

        Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_01

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_02

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

        Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

        Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610001

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610002

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610003

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610001

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610002

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610003

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610001

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610002

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610003

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160010}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160020}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160030}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_06

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_10

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.5.0_11

        Found and removed: Software\Classes\JavaPlugin.160_01

        Found and removed: Software\Classes\JavaPlugin.160_02

        Found and removed: Software\Classes\JavaPlugin.160_03

        Found and removed: Software\Classes\JavaPlugin.160_05

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_06\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_10\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.5.0_11\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_01\bin\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\bin\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

        Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_01

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_02

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

        Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

        Found and removed: Software\JavaSoft\Java2D\1.6.0_01

        Found and removed: Software\JavaSoft\Java2D\1.6.0_02

        Found and removed: Software\JavaSoft\Java2D\1.6.0_03

        Found and removed: Software\JavaSoft\Java2D\1.6.0_05

        Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

        Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

        JavaRa 1.11 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Tue Oct 07 21:06:35 2008

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

        Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

        ------------------------------------

        Finished reporting.



        JavaRa 1.11 Removal Log.

        Report follows after line.

        ------------------------------------

        The JavaRa removal process was started on Tue Oct 07 21:07:10 2008

        ------------------------------------

        Finished reporting.
        -1
  15. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    si tu n as plus de problemes tu peux faire ceci pour terminer stp :

    Pour supprimer toutes les traces des logiciels qui ont servi à traiter les infections spécifiques :

    ▶ Télécharge Toolscleaner sur ton Bureau :

    (c est le numéro 15 en bas de la page)

    ▶ Double-clique sur ToolsCleaner2.exe et laisse le travailler
    ▶ Clique sur Recherche et laisse le scan se terminer.
    ▶ Clique sur Suppression pour finaliser.
    ▶ Tu peux, si tu le souhaites, te servir des Options facultatives.
    ▶ Clique sur Quitter, pour que le rapport puisse se créer.
    ▶ Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse

    Désactive et réactive la Restauration du système :

    Le fait de faire cette manipulation va supprimer tous les virus qui auraient pu se loger dans les
    points de restauration que tu avais créé auparavant.. Il est donc recommandé de la faire :

    1 Dans la barre des tâches de Windows, clique sur Démarrer.

    2 Clique avec le bouton droit de la souris sur Poste de travail puis clique sur Propriétés.

    3 Dans l'onglet Restauration du système, coche "Désactiver la Restauration du système"

    4 Clique sur Appliquer.

    5 Ensuite décoche "Désactiver la restauration du systeme"

    6 clique sur appliquer puis ok

    7 vas créer un point de restauration en cliquant sur démarrer => tous les programmes => accessoires =>

    outils systeme => restauration du systeme => créer un point de restauration => tu mets un nom

    (exemple : après désinfection sur CCM) puis tu valides.

    Voici un tutoriel en cas de problèmes.(c'est mon site web)

    Tu peux mettre ton problème résolu !!
    -1
    1. caprico53 Messages postés 39 Statut Membre
       
      re salut

      toolscleaner est ce le mème que ccleaner que j'ai déjà sur mon bureau car je ne le trouve pas sur le site que tu m'a indiqué ?
      -1
  16. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    non c est pas pareil...C est le numéro 15 en bas de la page

    C est écrit...
    -1
    1. caprico53 Messages postés 39 Statut Membre
       
      excuse moi , j'etais sur la page TELECHARGEMENT et non accueil
      -1
  17. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ce n est ni dans téléchargements, ni dans accueil...C est dans la rubrique divers
    -1
    1. caprico53 Messages postés 39 Statut Membre
       
      vraiment , ce soir , je n'ai pas les yeux où il faut !

      voici le rapport de toolscleaner :

      [ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

      -->- Recherche:

      C:\Combofix.txt: trouvé !
      C:\cleannavi.txt: trouvé !
      C:\Qoobox: trouvé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
      C:\Documents and Settings\ERIC\Bureau\ComboFix.exe: trouvé !
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\MSNCleaner.exe: trouvé !
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\Navilog1.lnk: trouvé !
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\HijackThis.exe: trouvé !
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\SmitFraudFix.exe: trouvé !
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\hijackthis.log: trouvé !
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\SmitFraudfix: trouvé !
      C:\Documents and Settings\FAMILLE\Bureau\HijackThis.exe: trouvé !
      C:\Documents and Settings\FAMILLE\Bureau\hijackthis.log: trouvé !
      C:\Documents and Settings\FAMILLE\Bureau\MsnFix: trouvé !
      C:\Program Files\Navilog1: trouvé !
      C:\Program Files\Navilog1\Navilog1.bat: trouvé !
      C:\WINDOWS\msnfix.txt: trouvé !

      ---------------------------------
      -->- Suppression:

      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
      C:\Documents and Settings\ERIC\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\MSNCleaner.exe: supprimé !
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\Navilog1.lnk: supprimé !
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\HijackThis.exe: supprimé !
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\SmitFraudFix.exe: supprimé !
      C:\Documents and Settings\FAMILLE\Bureau\HijackThis.exe: supprimé !
      C:\Program Files\Navilog1\Navilog1.bat: supprimé !
      C:\Combofix.txt: supprimé !
      C:\cleannavi.txt: supprimé !
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\hijackthis.log: supprimé !
      C:\Documents and Settings\FAMILLE\Bureau\hijackthis.log: supprimé !
      C:\WINDOWS\msnfix.txt: supprimé !
      C:\Qoobox: supprimé !
      C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
      C:\Documents and Settings\ERIC\Bureau\PROG-NETTOYAGE\SmitFraudfix: supprimé !
      C:\Documents and Settings\FAMILLE\Bureau\MsnFix: supprimé !
      C:\Program Files\Navilog1: supprimé !

      Corbeille vidée!
      Restauration annulée !
      Fichiers temporaires nettoyés !


      JE VIENS DE VOIR TON MESSAGE .

      PROMIS JE PASSE TE " VOIR " POUR TE DONNER MES SUPER IMPRESSIONS ET JE TIENS A TE REMERCIER ENORMEMENT POUR TON AIDE

      A+
      -1