Sujet Précédent Sujet Suivant

Virus avec msn

Résolu/Fermé
lesgodins - 27 sept. 2007 à 14:02
 papyber - 2 oct. 2007 à 14:40
Bonjour,

moi aussi virus avec msn
jai fait les differentes manip et voici rapport d'erO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Media Bar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - http://www.valloire.net/goodies/fd_caleche05h.jpg
O24 - Desktop Component 1: (no name) - http://www.valloire.net/goodies/fd_caleche05h_1024.jpg
A voir également:

17 réponses

Réponse 1 / 17
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
27 sept. 2007 à 14:03
bonjour
ton rapport hijack this est incomplet, il en manque les 3/4
fais ceci
Procédure infection MSN
1/télécharge et installe le logiciel HijackThis
https://www.pcastuces.com/logitheque/hijackthis.htm
tuto pour l’utiliser
regarde ici c'est parfaitement expliqué en images
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
2/
télécharge AVG Antispyware
https://www.avg.com/en-ww/free-antivirus-download
mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse » onglet « paramètres »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine
3/
Télécharge : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
Un tuto
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
4/
Télécharge MSNFix.zip de !aur3n7 sur le bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le /clic droit / Extraire tout
5/
Télécharge clean.zip, de Malekal
http://www.malekal.com/download/clean.zip

décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
Choisis l'option 1 puis patiente


Comment aller en Mode sans échec lettre C
https://forum.pcastuces.com/sujet.asp?f=25&s=3902
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur

Redémarre en mode sans échec, copie ou imprime ce qui suit car tu n'auras pas accès à internet

1*
double clique sur le fichier MSNFix.bat.
Choisis l'option R.
Si l'infection est détectée, il te suffit d'appuyer sur une touche du clavier. Un redémarrage du PC peut être demandé.
Sauvegarde le rapport puis fais un copier/coller de ce rapport sur le forum,
2*
lance CCleaner , nettoyeur, et supprime tout ce qu'il trouve
lance CCleaner erreur et supprime tout ce qu'il trouve
3*
lance avg antispyware
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Rapports du dossier d'AVG Anti-Spyware
4*
si quelque chose a été trouvé avec clean.malekal , cela devrait être le cas...
Ouvre le dossier jaune nommé clean sur ton bureau.
Double-clique sur clean.cmd
Choisis l'option 2 et copie sur le bureau le rapport généré.
Si une fenêtre s'ouvre, laisse-la.
Clique sur Q pour quitter le programme.

redémarre normalement et poste moi les rapports obtenus

MSNFix
AVG antispyware
Clean .txt
ainsi qu'un scan HijackThis.
0
Réponse 2 / 17
LESGODINS
28 sept. 2007 à 11:27
BJR
voici tous les rapports

avec clean
28/09/2007 a 11:17:38,82

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:19:23, on 28/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\usnsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://windowsxlive.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [usnsvc.exe] C:\WINDOWS\usnsvc.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Picture Package Menu.lnk.disabled
O4 - Global Startup: Picture Package VCD Maker.lnk.disabled
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Media Bar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bw+0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - http://www.valloire.net/goodies/fd_caleche05h.jpg
O24 - Desktop Component 1: (no name) - http://www.valloire.net/goodies/fd_caleche05h_1024.jpg
0
Réponse 3 / 17
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
28 sept. 2007 à 11:59
Télécharge SmitfraudFix de S!Ri, balltrap34 et moe31
http://siri.urz.free.fr/Fix
Installe le à la racine de C\ : double clique sur l'exe pour le décompresser et lancer le fix.
Utilisation ----- option 1 - Recherche :
Double clique sur smitfraudfix.cmd Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
Poste le rapport
Attention : process.exe est détecté par certains antivirus comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité.
0
Réponse 4 / 17
LESGODINS
28 sept. 2007 à 13:51
Bonjour,
SmitFraudFix v2.231

voici le rapport
merci
qu est ce que je fais maintenenat

Rapport fait à 13:45:06,42, 28/09/2007
Executé à partir de C:\Documents and Settings\serrurier jean-Paul\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\SERRUR~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\SERRUR~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\serrurier jean-Paul


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\serrurier jean-Paul\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SERRUR~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://www.valloire.net/goodies/fd_caleche05h.jpg"
"SubscribedURL"="http://www.valloire.net/goodies/fd_caleche05h.jpg"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://www.valloire.net/goodies/fd_caleche05h_1024.jpg"
"SubscribedURL"="http://www.valloire.net/goodies/fd_caleche05h_1024.jpg"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Palladia 300/400 Usb Adsl Modem
DNS Server Search Order: 192.168.1.1

Description: Palladia 300/400 Usb Adsl Modem
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{002D0D7B-3A59-438E-A7DA-0C76C6F355F2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8F9630B9-A698-4CBE-A574-3CB97D3D56DE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{002D0D7B-3A59-438E-A7DA-0C76C6F355F2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8F9630B9-A698-4CBE-A574-3CB97D3D56DE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{002D0D7B-3A59-438E-A7DA-0C76C6F355F2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8F9630B9-A698-4CBE-A574-3CB97D3D56DE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

i
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
28 sept. 2007 à 14:15
Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

C:\WINDOWS\usnsvc.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.

lance hijack this pour un scan et coche les lignes suivantes
O4 - HKLM\..\Run: [usnsvc.exe] C:\WINDOWS\usnsvc.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - Global Startup: Picture Package Menu.lnk.disabled
O4 - Global Startup: Picture Package VCD Maker.lnk.disabled
O18 - Protocol: bw+0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7C9BCA82-F64B-4A6F-BAF5-556B2C7C7ED3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
ferme toutes tes fenêtres y compris internet et clique sur fixer l'objet

Redémarrer l'ordinateur en mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisi la première option : Sans Échec, et valide avec "Entrée"
5) Choisi ton compte habituel, et non Administrateur

· Double cliquer sur Smitfraudfix.exe.
· Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
· A la question Voulez-vous nettoyer le registre ?], répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection. Le fix déterminera si le fichier wininet.dll est infecté.
· A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
· Quitter le programme en appuyant sur Q.
N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
Attention que l'option 2 de l'outil supprime le fond d'écran !

process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Redémarrer normalement et coller sur le forum le rapport généré et un rapport hijack this

comment va le PC?
0
Réponse 6 / 17
LESGODINS
28 sept. 2007 à 16:54
Bonjour
c

Voici le rapport
SmitFraudFix v2.232

Rapport fait à 15:48:51,06, 28/09/2007
Executé à partir de C:\Documents and Settings\serrurier jean-Paul\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{002D0D7B-3A59-438E-A7DA-0C76C6F355F2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8F9630B9-A698-4CBE-A574-3CB97D3D56DE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{002D0D7B-3A59-438E-A7DA-0C76C6F355F2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8F9630B9-A698-4CBE-A574-3CB97D3D56DE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{002D0D7B-3A59-438E-A7DA-0C76C6F355F2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8F9630B9-A698-4CBE-A574-3CB97D3D56DE}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49:57, on 28/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\DOCUME~1\SERRUR~1\LOCALS~1\Temp\{48982058-37A8-4461-A0EE-65FA3CAC6603}\Blaero Start Orb.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Orange\Logiciel de Synchronisation Orange\Voxsync.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Orange\Logiciel de Synchronisation Orange\SyncManager.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\DOCUME~1\SERRUR~1\LOCALS~1\Temp\{128FFEE4-9EC9-4597-A11F-36F3549FFCCE}\sidebar.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.neufsecurite.com/Ols/fscax.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Media Bar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - http://img.lequipe.fr/Xml/Rugby/Titres/Media/OR_Rugby_CM_JournalDesBleus.jpg
0
Réponse 7 / 17
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
28 sept. 2007 à 17:14
refais ceci, supprime l'ancienne version, il faut toujours utiliser la toute dernière...

Télécharge MSNFix.zip de !aur3n7 sur le bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le /clic droit / Extraire tout
double clique sur le fichier MSNFix.bat.
Choisis l'option R.
Si l'infection est détectée, il te suffit d'appuyer sur une touche du clavier. Un redémarrage du PC peut être demandé.
Sauvegarde le rapport puis fais un copier/coller de ce rapport sur le forum
0
Réponse 8 / 17
LESGODINS
28 sept. 2007 à 18:01
tjrs pareil

MSNFix 1.521

C:\Documents and Settings\serrurier jean-Paul\Bureau\MSNFix\MSNFix
Fix exécuté le 28/09/2007 - 17:58:19,48 By serrurier jean-Paul
mode normal


************************ Recherche les dossiers présents

... C:\Program Files\Fichiers communs\Carlson\




************************ Suppression des fichiers



************************ Suppression des dossiers

/!\ ... C:\Program Files\Fichiers communs\Carlson\


************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\N039_jpg.zip] F255582DE0F8D6CB02902CC8ED5BA7CD
[C:\WINDOWS\WLXPGSS.SCR] 1331E709EE682AD4F2EAFF31933E38BC

[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\SERRUR~1\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 28092007_17585135.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END --------------------------------------------
0
Réponse 9 / 17
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
28 sept. 2007 à 18:04
C:\WINDOWS\N039_jpg.zip
tu supprimes le fichier en gras

veux tu faire ceci?
SVP merci d'envoyer le fichier C:\DOCUME~1\SERRUR~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr

veux tu aussi faire ceci
Télécharge Blacklight (le 1er de la page)
https://europe.f-secure.com/exclude/blacklight/index.shtml


Enregistre le sur ton Bureau.
Double-clique fsbl.exe
Clique sur "I ACCEPT" .
clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

poste ce rapport dans ta prochaine réponse.
NE PAS choisir l'option "Rename" de suite car des fichiers légitimes peuvent être présents, tel wbemtest.exe
0
Réponse 10 / 17
LESGODINS
2 oct. 2007 à 09:00
Bonjour,
mon pronleme est resolu cette fois ci , le fichier N039 ....... a bien disparu definitivement de mon ordi . oUF ! j E PEUX ALLER SUR MSN SS PROBLEME MAINTENANT
MERCI

pAR CONTRE AWAST ME MET TOUS LES JOURS UN VIRUS EN QUARANTAINE
MAIS LORDI MARCHE
MERCI ENCORE
0
Réponse 11 / 17
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
2 oct. 2007 à 10:56
bonjour
très content pour toi
pour ce virus, il serait bon tout de même de vérifier...
remet un rapport hijack this p
0
Réponse 12 / 17
LESGODINS
2 oct. 2007 à 11:24
Bonjour,

voilà ,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:12, on 02/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\DOCUME~1\SERRUR~1\LOCALS~1\Temp\{A356153B-0F2F-42EB-B7B6-94131095FF0A}\Blaero Start Orb.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\eMule\emule.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.neufsecurite.com/Ols/fscax.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Media Bar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - http://img.lequipe.fr/Xml/Rugby/Titres/Media/OR_Rugby_CM_JournalDesBleus.jpg
0
Réponse 13 / 17
LESGODINS
2 oct. 2007 à 11:27
Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:15, on 02/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\LClock\LClock.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\DOCUME~1\SERRUR~1\LOCALS~1\Temp\{A356153B-0F2F-42EB-B7B6-94131095FF0A}\Blaero Start Orb.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\eMule\emule.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Windows Media Player\setup_wm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel de Synchronisation Orange.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by131fd.bay131.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://www.neufsecurite.com/Ols/fscax.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (Media Bar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Securitoo AntiVirus Firewall (BackWeb Client - 1044199) - Unknown owner - C:\PROGRA~1\SECURI~1\av_fw\backweb\1044199\Program\SERVIC~1.EXE
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\av_fw\backweb\1044199\program\fsbwsys.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - http://img.lequipe.fr/Xml/Rugby/Titres/Media/OR_Rugby_CM_JournalDesBleus.jpg
0
Réponse 14 / 17
papyber Messages postés 6406 Date d'inscription samedi 24 mars 2007 Statut Contributeur sécurité Dernière intervention 3 octobre 2010 257
2 oct. 2007 à 11:37
il y a effectivement infection
Télécharge LopXPMH sur ton Bureau.
http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip

Dézippe-le et double clique sur le fichier lopxpMH.bat.
Poste le contenu du rapport qui va s'ouvrir.

Malwares qui installent lop et cid

BitDownload
BitGrabber
BitRoll
MessengerPlus! 3
Messenger Plus! Live
NetPumper
TorrentQ
Torrent101
0
Réponse 15 / 17
NoOuNe
2 oct. 2007 à 13:31
Bonjour,
J'essaie moi aussi de supprimer un virus MSN qui s'est installé sur mon ordi... Et je pense que ça a fonctionné, MSN est normal et je n'ai plus de fichier avec un logo en croix qui m'affichait des fenêtres "connect to".
Voici le rapport de MSN Fix :

MSNFix 1.532

C:\MSNFix
Fix exécuté le 02/10/2007 - 13:06:22,29 By NoOuNe
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
... C:\Program Files\Fichiers communs\Carlson\carlton
... C:\WINDOWS\N039_jpg.zip
... C:\WINDOWS\perfmon.exe
... C:\WINDOWS\userinit.exe
... C:\WINDOWS\usnsvc.exe
... C:\WINDOWS\W139_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\N039_jpg.zip
... C:\WINDOWS\W139_jpg.zip

************************ MSNCHK ***** /!\ beta test /!\

[!] C:\WINDOWS\N039_jpg.zip is INFECTED


************************ Recherche les dossiers présents

... C:\Program Files\Fichiers communs\Carlson\




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
.. OK ... C:\Program Files\Fichiers communs\Carlson\carlton
.. OK ... C:\WINDOWS\N039_jpg.zip
.. OK ... C:\WINDOWS\perfmon.exe
.. OK ... C:\WINDOWS\userinit.exe
/!\ ... C:\WINDOWS\usnsvc.exe
.. OK ... C:\WINDOWS\W139_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\N039_jpg.zip
.. OK ... C:\WINDOWS\W139_jpg.zip


************************ Suppression des dossiers

.. OK ... C:\Program Files\Fichiers communs\Carlson\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\WINDOWS\usnsvc.exe



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 02102007_13112631.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------




et le scan de HijackThis :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:22:48, on 02/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Philips\Philips Lime Service\bin\Lime.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.exalead.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi_Media_France toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Multi_Media_France toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Multi_Media_France toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMult.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Easy PDF Creator] C:\Program Files\Easy PDF Creator\EasyPDFCreator.exe
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Wambo] C:\Program Files\Wambo.com Swapper\Swapper.exe -auto
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhilipsLime] "C:\Program Files\Philips\Philips Lime Service\bin\LimeAlive.exe"
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Userinit Logon Application - Unknown owner - C:\WINDOWS\userinit.exe (file missing)
0
Réponse 16 / 17
LESGODINS
2 oct. 2007 à 13:44
Bonjour,

voici
Rapport lopxpMH2 version 2.0 fait à 13:41:31,00 le 02/10/2007
C:\Documents and Settings\serrurier jean-Paul\Bureau\lopxpMH2\lopxpMH2

******************************************
## Répertoires Application Data

Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 7C95-CFB2

Répertoire de C:\Documents and Settings\All Users\Application Data

22/06/2005 17:17 <REP> .
22/06/2005 17:17 <REP> ..
27/06/2005 15:32 <REP> Adobe
04/07/2005 12:09 <REP> Ahead
23/02/2007 00:40 <REP> BOONTY
01/11/2005 21:46 <REP> CanonBJ
27/06/2005 15:14 <REP> Ciel
27/06/2005 16:01 <REP> CyberLink
27/09/2007 14:30 <REP> Grisoft
07/05/2007 12:58 <REP> InstallShield
21/02/2007 21:23 <REP> Lucasarts
22/06/2005 17:17 <REP> Microsoft
23/03/2007 08:34 <REP> Microsoft Help
07/09/2005 18:39 <REP> MSN Search Toolbar
23/06/2005 15:56 <REP> Pinnacle
22/06/2005 15:33 <REP> SBSI
07/05/2007 12:58 <REP> ScanSoft
23/06/2005 16:00 <REP> SmartSound Software Inc
07/11/2005 21:26 <REP> Spybot - Search & Destroy
03/09/2006 21:49 <REP> Windows Genuine Advantage
02/11/2006 22:41 <REP> Windows Live Toolbar
07/08/2007 10:37 <REP> WindowsLiveInstaller
07/08/2007 10:37 <REP> WLInstaller
10/09/2006 20:41 <REP> Yahoo! Companion
22/06/2005 17:17 62 desktop.ini
1 fichier(s) 62 octets
24 Rép(s) 70 917 304 320 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 7C95-CFB2

Répertoire de C:\Documents and Settings\Default User\Application Data

22/06/2005 17:17 <REP> .
22/06/2005 17:17 <REP> ..
26/08/2005 11:05 <REP> Adobe
26/08/2005 11:05 <REP> CyberLink
22/06/2005 15:23 <REP> Identities
26/08/2005 11:05 <REP> Macromedia
22/06/2005 17:17 <REP> Microsoft
26/08/2005 11:05 <REP> Sun
22/06/2005 17:17 62 desktop.ini
1 fichier(s) 62 octets
8 Rép(s) 70 917 304 320 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 7C95-CFB2

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

22/06/2005 17:17 <REP> .
22/06/2005 17:17 <REP> ..
26/08/2005 11:05 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150040}
26/08/2005 11:05 <REP> Adobe
26/08/2005 11:05 <REP> Ahead
26/08/2005 11:05 <REP> ApplicationHistory
22/06/2005 15:23 <REP> Microsoft
12/04/2007 03:01 <REP> Microsoft Help
26/08/2005 11:05 <REP> WMTools Downloaded Files
26/08/2005 11:05 4 608 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
26/08/2005 11:05 135 fusioncache.dat
26/08/2005 11:05 12 328 GDIPFONTCACHEV1.DAT
3 fichier(s) 17 071 octets
9 Rép(s) 70 917 304 320 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 7C95-CFB2

Répertoire de C:\Documents and Settings\LocalService\Application Data

22/06/2005 15:26 <REP> .
22/06/2005 15:26 <REP> ..
21/06/2006 11:33 <REP> Adobe
22/06/2005 15:26 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 70 917 292 032 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 7C95-CFB2

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

22/06/2005 15:26 <REP> .
22/06/2005 15:26 <REP> ..
21/06/2006 11:33 <REP> Adobe
22/06/2005 15:26 <REP> Microsoft
06/09/2007 15:14 2 272 FontCache3.0.0.0.dat
1 fichier(s) 2 272 octets
4 Rép(s) 70 917 287 936 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 7C95-CFB2

Répertoire de C:\Documents and Settings\NetworkService\Application Data

22/06/2005 15:26 <REP> .
22/06/2005 15:26 <REP> ..
22/06/2005 15:26 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 70 917 287 936 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 7C95-CFB2

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

22/06/2005 15:26 <REP> .
22/06/2005 15:26 <REP> ..
29/09/2005 19:25 <REP> ApplicationHistory
22/06/2005 15:26 <REP> Microsoft
29/09/2005 19:25 137 fusioncache.dat
1 fichier(s) 137 octets
4 Rép(s) 70 917 287 936 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 7C95-CFB2

Répertoire de C:\Documents and Settings\serrurier jean-Paul\Application Data

26/08/2005 11:07 <REP> .
26/08/2005 11:07 <REP> ..
26/08/2005 11:07 <REP> Adobe
31/08/2005 13:48 <REP> AdobeUM
03/02/2006 15:32 <REP> Ahead
07/05/2007 13:26 <REP> ArcSoft
07/05/2007 13:23 <REP> Canon
26/08/2005 11:07 <REP> CyberLink
16/08/2006 02:32 <REP> dvdcss
06/07/2006 17:37 <REP> EoRezo
19/12/2005 00:08 <REP> FotoWire
27/09/2007 14:30 <REP> Grisoft
29/08/2005 12:46 <REP> Help
26/08/2005 11:07 <REP> Identities
04/01/2006 16:06 <REP> Leadertech
26/08/2005 11:07 <REP> Macromedia
26/08/2005 11:07 <REP> Microsoft
07/09/2005 18:40 <REP> MSN Search Toolbar
12/08/2007 22:35 <REP> OpenOffice.org2
07/05/2007 12:58 <REP> ScanSoft
11/03/2007 23:10 <REP> Stardock
11/03/2007 23:15 <REP> Styler
26/08/2005 11:07 <REP> Sun
23/07/2006 02:44 <REP> vlc
06/06/2007 08:34 <REP> Voxmobili
10/04/2007 06:42 <REP> Windows Desktop Search
26/08/2005 11:07 62 desktop.ini
08/12/2005 22:46 1 388 ViewerApp.dat
2 fichier(s) 1 450 octets
26 Rép(s) 70 917 287 936 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 7C95-CFB2

Répertoire de C:\Documents and Settings\serrurier jean-Paul\Local Settings\Application Data

26/08/2005 11:07 <REP> .
26/08/2005 11:07 <REP> ..
26/08/2005 11:07 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150040}
26/08/2005 11:07 <REP> Adobe
26/08/2005 11:07 <REP> Ahead
26/08/2005 11:07 <REP> ApplicationHistory
29/08/2005 12:46 <REP> Help
26/08/2005 14:39 <REP> Identities
22/03/2007 10:31 <REP> IM
02/11/2005 14:55 <REP> Logitech-LS
26/08/2005 11:07 <REP> Microsoft
23/03/2007 08:34 <REP> Microsoft Help
11/05/2006 22:41 <REP> OD2
25/09/2007 19:55 <REP> PCHealth
07/05/2007 13:03 <REP> Scansoft
11/03/2007 23:15 <REP> Stardock
03/01/2006 12:59 <REP> Wanadoo Photo
26/08/2005 11:07 <REP> WMTools Downloaded Files
26/08/2005 11:07 76 288 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
26/08/2005 11:07 142 fusioncache.dat
26/08/2005 11:07 91 720 GDIPFONTCACHEV1.DAT
13/03/2007 09:12 2 642 982 IconCache.db
4 fichier(s) 2 811 132 octets
18 Rép(s) 70 917 287 936 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 7C95-CFB2

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

22/06/2005 15:25 <REP> .
22/06/2005 15:25 <REP> ..
26/08/2005 11:05 <REP> Adobe
26/08/2005 11:05 <REP> CyberLink
22/06/2005 15:25 <REP> Identities
26/08/2005 11:05 <REP> Macromedia
22/06/2005 15:25 <REP> Microsoft
26/08/2005 11:05 <REP> Sun
22/06/2005 15:25 62 desktop.ini
1 fichier(s) 62 octets
8 Rép(s) 70 917 283 840 octets libres
Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 7C95-CFB2

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

22/06/2005 15:25 <REP> .
22/06/2005 15:25 <REP> ..
26/08/2005 11:05 <REP> {3248F0A6-6813-11D6-A77B-00B0D0150040}
26/08/2005 11:05 <REP> Adobe
26/08/2005 11:05 <REP> Ahead
26/08/2005 11:05 <REP> ApplicationHistory
22/06/2005 15:25 <REP> Microsoft
26/09/2007 19:00 <REP> WindowsLiveInstaller
26/08/2005 11:05 <REP> WMTools Downloaded Files
26/08/2005 11:05 4 608 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
26/08/2005 11:05 135 fusioncache.dat
26/08/2005 11:05 12 328 GDIPFONTCACHEV1.DAT
26/08/2005 11:05 3 737 886 IconCache.db
4 fichier(s) 3 754 957 octets
9 Rép(s) 70 917 283 840 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\{5E2F8E94-016D-43DA-ACE9-1FA3819AF463}_NOM-D897FD4D775_serrurier
{5E2F8E94-016D-43DA-ACE9-1FA3819AF463}_NOM-D897FD4D775_serrurier inexploitable


C:\WINDOWS\Tasks\{800C3294-5C55-45E2-8481-B2D3E52C20F7}_NOM-D897FD4D775_serrurier
{800C3294-5C55-45E2-8481-B2D3E52C20F7}_NOM-D897FD4D775_serrurier inexploitable


C:\WINDOWS\Tasks\{B968C487-D226-477C-8301-E75A5AD34D53}_NOM-D897FD4D775_serrurier
{B968C487-D226-477C-8301-E75A5AD34D53}_NOM-D897FD4D775_serrurier inexploitable

******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle BOOT
Le numéro de série du volume est 7C95-CFB2

Répertoire de C:\Program Files

28/09/2007 09:24 <REP> .
28/09/2007 09:24 <REP> ..
04/01/2006 15:23 <REP> Adobe
04/07/2005 12:09 <REP> Ahead
24/11/2005 15:28 <REP> Alwil Software
07/05/2007 12:56 <REP> ArcSoft
12/07/2005 13:42 <REP> ATI Technologies
24/05/2006 18:55 <REP> AvantGo Connect
11/03/2007 23:10 <REP> Blaero Start Orb
23/02/2007 00:39 <REP> Boonty
23/02/2007 00:39 <REP> BoontyGames
07/05/2007 13:00 <REP> Canon
27/09/2007 13:22 <REP> CCleaner
27/06/2005 15:14 <REP> Ciel
31/05/2007 20:50 <REP> ColiPoste
24/05/2006 18:55 <REP> Common Files
22/06/2005 15:21 <REP> ComPlus Applications
27/06/2005 16:00 <REP> CyberLink
10/11/2005 02:11 <REP> Diablo II
19/12/2005 00:08 <REP> directx
11/03/2007 23:19 <REP> DiskInternals
04/09/2006 11:57 <REP> e-Carte Bleue
01/10/2007 17:13 <REP> eMule
04/09/2006 11:57 <REP> eoRezo
29/08/2005 09:21 <REP> EPSON
26/09/2007 19:20 <REP> Fichiers communs
04/11/2006 01:07 <REP> Gamenext
27/09/2007 14:30 <REP> Grisoft
22/06/2005 19:26 <REP> HighMAT CD Writing Wizard
09/04/2007 20:21 <REP> IncrediMail
22/06/2005 16:45 <REP> Intel
15/08/2007 22:28 <REP> Internet Explorer
27/09/2006 18:36 <REP> iPhoto Plus 4
27/06/2005 15:30 <REP> ISSENDIS
04/07/2005 13:30 <REP> Java
26/10/2005 15:36 <REP> Kit ADSL
03/08/2006 16:54 <REP> Labtec
11/03/2007 23:09 <REP> LClock
30/12/2006 23:26 <REP> LimeWire
19/12/2005 00:08 <REP> Logitech
21/02/2007 21:23 <REP> LucasArts
22/06/2005 17:40 <REP> Messenger
06/09/2007 15:23 <REP> Microsoft ActiveSync
09/05/2007 09:29 <REP> Microsoft CAPICOM 2.1.0.2
22/06/2005 15:23 <REP> microsoft frontpage
13/09/2007 18:45 <REP> Microsoft FxCop 1.32
13/09/2007 13:10 <REP> Microsoft Office
26/09/2007 19:04 <REP> Microsoft SQL Server Compact Edition
23/03/2007 09:10 <REP> Microsoft Visual Studio
13/09/2007 13:33 <REP> Microsoft Visual Studio 8
23/03/2007 09:11 <REP> Microsoft Works
13/09/2007 13:10 <REP> Microsoft.NET
05/02/2006 20:47 <REP> MinitelADSL
11/03/2007 22:56 <REP> Movie Maker
11/03/2007 23:01 <REP> Mozilla Firefox
06/09/2007 15:14 <REP> MSBuild
31/08/2005 19:35 <REP> MSN
22/06/2005 15:21 <REP> MSN Gaming Zone
27/09/2007 10:55 <REP> MSN Messenger
19/11/2006 01:12 <REP> MSXML 4.0
07/09/2007 10:42 <REP> MSXML 6.0
23/06/2005 14:37 <REP> NetMeeting
22/03/2007 10:40 <REP> Oberon Media
11/08/2007 19:21 <REP> Objective Tarot
12/08/2007 22:29 <REP> OFFICE One6.5
17/03/2006 08:24 <REP> OfficeUpdate11
22/06/2005 15:21 <REP> Online Services
12/08/2007 22:33 <REP> OpenOffice.org 2.2
06/06/2007 08:34 <REP> Orange
13/06/2007 03:10 <REP> Outlook Express
23/06/2005 15:58 <REP> Pinnacle
06/09/2007 21:15 <REP> POI-Warner MN5 Edition
05/09/2007 22:24 <REP> POI-Warner SONY Edition
21/02/2007 21:24 <REP> POI-Warner SONY Edition(2)
06/09/2007 15:09 <REP> Reference Assemblies
21/02/2007 21:24 <REP> Rockstar Games
07/05/2007 12:57 <REP> ScanSoft
26/08/2005 11:22 <REP> Securitoo
22/06/2005 15:22 <REP> Services en ligne
21/02/2007 21:24 <REP> Sitebul Toolbar
23/06/2005 16:00 <REP> SmartSound Software
08/12/2005 13:16 <REP> Sony Corporation
27/09/2007 16:27 <REP> Spybot - Search & Destroy
11/03/2007 23:15 <REP> Styler
27/09/2007 13:49 <REP> Trend Micro
12/09/2005 08:56 <REP> Trust
01/02/2007 13:47 <REP> TurnTool
26/10/2005 15:25 <REP> USB Driver-Express
26/03/2007 17:10 <REP> Valve
23/07/2006 02:43 <REP> VideoLAN
11/03/2007 23:18 <REP> Vista Sidebar
11/03/2007 23:10 <REP> VisualTooltip
14/05/2007 08:08 <REP> Wanadoo
03/01/2006 12:59 <REP> Wanadoo Photo
23/02/2007 15:46 <REP> Webtarot
10/04/2007 09:55 <REP> Windows Desktop Search
22/06/2005 15:32 <REP> Windows Journal Viewer
27/09/2007 10:43 <REP> Windows Live
28/09/2007 07:50 <REP> Windows Live Safety Center
27/09/2007 10:41 <REP> Windows Live Toolbar
03/09/2007 10:49 <REP> Windows Media Connect
03/09/2007 10:53 <REP> Windows Media Connect 2
03/09/2007 10:52 <REP> Windows Media Player
22/06/2005 15:21 <REP> Windows NT
01/10/2006 20:41 <REP> WinRAR
04/09/2006 11:57 <REP> World of Warcraft
22/06/2005 15:23 <REP> xerox
28/03/2006 15:23 <REP> Yahoo!
0 fichier(s) 0 octets
108 Rép(s) 70 917 267 456 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
*.portail.assedic.fr REG_BINARY
www.vania.com REG_BINARY
www.supertoinette.com REG_BINARY
www.bouyguestelecom.fr REG_BINARY
webmail16c.orange.fr REG_BINARY
webmail16a.orange.fr REG_BINARY

* Mozilla Firefox (1 autorisé 2 interdit)

******************************************
## Registre

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport *************

merci
0
Réponse 17 / 17
papyber
2 oct. 2007 à 14:40
pour lesgodins
télécharge GenProc de Lazzzy et Narco4 sur ton bureau
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip

dézippe le dossier, double-clique sur GenProc.bat et poste le contenu du rapport qui s'ouvre

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Peut on retrouver des conversations MSN?
Moi51 -
benzar -

36 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
impossible de me connecter a msn hotmail
Regis -
marino_u -

4 réponses