Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

problème avec winfixer....

dapma

Par dapma
dans Analyses et éradication malwares

 Partager

Messages recommandés

dapma Junior Member

dapma

Posté(e)
Posté(e)

Bonjour,

 

j'ai un pb avec winfixer, il s'affiche plus ou moins n'importe qd lorsque je suis sur internet et me demande de faire une analyse de l'ordinateur et de télécharger un programme...

 

j'ai regardé pas mal de logs et de lignes que vous disiez de supprimer, je les ai comparées à ce que j'ai quand je fais un scan avec hijackthis, et j'en ai supprimer quelques unes aussi à l'aide du tutorial de hijackthis, le problème, c'est qu'il est encore revenu!!!!

 

Pourriez-vous m'aider?

 

je vous envoie un log de hijackthis fait aujourd'hui. Merci d'avance.

 

Dapma

 

PS: je pense pas que c'est arrivé avec la barre de msn, car je l'avais avant d'installer cette dernière si mes souvenirs sont bons.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:12:12, on 20/11/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\TPWRTRAY.EXE

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\WINDOWS\System32\TFNF5.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\D-Link AirPlus\AirPlus.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\Anais\Mes documents\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [1QGGWal] C:\WINDOWS\oiokfc.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: D-Link AirPlus.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Compagnon) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6413A252-E6A3-4F78-B692-A34C8E20CA79}: NameServer = 193.252.19.3,193.252.19.4

O18 - Protocol: bw+0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

-Télécharge EasyCleaner

http://personal.inet.fi/business/toniarts/files/EClea2_0.exe

 

redémarre le PC, impérativement en mode sans échec, (n'ayant pas accès à Internet, tu as préalablement copié ces instructions dans un fichier texte)

 

Assure toi d'avoir accès à tous les fichiers.

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Activer la case : Afficher les fichiers et dossiers cachés

Désactiver la case : Masquer les extensions des fichiers dont le type est connu

Désactiver la case : Masquer les fichiers protégés du système d'exploitation

Puis Appliquer

Démarre Hijackthis "Do a system scan only", et coche les lignes suivantes :

O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [1QGGWal] C:\WINDOWS\oiokfc.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: D-Link AirPlus.lnk = ?

 

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

O18 - Protocol: bw+0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {3ED9D702-3C8B-4058-AE0A-0FE02FE4BD72} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Ferme toutes les fenêtres, tous les programmes et clique surFix checked

 

-Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

 

-C:\WINDOWS\oiokfc.exe=>le fichier

-C:\WINDOWS\web\related.htm=>le fichier

 

-Exécute EasyCleaner Registre et Inutiles.Ne pas toucher à la fonction doublons. Supprime tout ce qu'il te propose.

 

Redémarre normalement et poste un nouveau rapport Hijackthis(en mode normal) pour vérification.

 

Fais le scan en ligne suivant et poste le rapport stp:

 

-Symantec:

Choisir virus détection

 

ps:la plupart des lignes 04 que je te fais enlever son inutiles au démarrage!si les changements ne te conviennent pas, sâches que tu peux revenir en arrière :P

dapma Junior Member

dapma

Posté(e)
  • Auteur
Posté(e)

voilà, c'est fait!! j'espère ne plus revoir winfixer!!

voici le scan de hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 18:47:16, on 20/11/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\TPWRTRAY.EXE

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\WINDOWS\System32\TFNF5.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Anais\Mes documents\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Compagnon) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6413A252-E6A3-4F78-B692-A34C8E20CA79}: NameServer = 193.252.19.3,193.252.19.4

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

 

 

et voici le test de scan en ligne :

 

 

Hacker Exposure Check -> safe

Windows Vulnerability Check -> safe

Trojan Horse Check -> safe

Antivirus Product Check -> at risk

 

merci d'avance!

 

Dapma

Thanos Devil Member !

Thanos

Posté(e)
Posté(e) (modifié)

salut dapma

 

Ton rapport ne présente rien d'infectieux. Concernant le rapport du scan en ligne, est ce que tu as bien choisi

 

"virus détection"? Je ne crois pas! Tu as choisi "security scan"!! Refais le test "virus détection" à droite de

 

l'écran! Poste le rapport stp :P

Modifié par charles ingals
dapma Junior Member

dapma

Posté(e)
  • Auteur
Posté(e)

salut dapma

 

Ton rapport ne présente rien d'infectieux. Concernant le rapport du scan en ligne, est ce que tu as bien choisi

 

"virus détection"? Je ne crois pas! Tu as choisi "security scan"!! Refais le test "virus détection" à droite de

 

l'écran! Poste le rapport stp :P

 

 

voici le rapport de symantec:

 

Virus Status: Infected!

Your computer is infected with at least one known threat.

 

 

 

38010 files scanned, 1 file(s) infected on your disk drives.

 

 

No viruses were detected in memory.

 

Your computer is free of known threats. Virus Detection does not check compressed files.

 

Your computer appears safe for now. For real-time protection from viruses, hackers and privacy threats, upgrade

 

 

 

 

puis j'ai fait 2 analyses AVG: la 1ère m'a trouvé 1virus et la 2ème( que j'ai fait en mm tps que l'analyse symantec) n'en a pas trouvé

 

 

 

et voici le rapport du scan de hijackthis:

 

Logfile of HijackThis v1.99.1

Scan saved at 01:33:51, on 21/11/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\TPWRTRAY.EXE

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\WINDOWS\System32\TFNF5.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\System32\rsvp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Anais\Bureau\win\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Compagnon) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6413A252-E6A3-4F78-B692-A34C8E20CA79}: NameServer = 193.252.19.3,193.252.19.4

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

 

 

qu'est-ce que je dois faire au sujet de l'infection trouvée ds le rapport de symantec? et comment?

Thanos Devil Member !

Thanos

Posté(e)
Posté(e) (modifié)

salut dapma

puis j'ai fait 2 analyses AVG: la 1ère m'a trouvé 1virus et la 2ème( que j'ai fait en mm tps que l'analyse symantec) n'en a pas trouvé

Si j'ai bien compris,tu as fais deux scan en même temps?? Faut pas!Les deux peuvent se gêner!

En fait, ce qui est bizarre, c'est qu'il détecte une infection, mais il ne te dis pas ou!!D'habitude,il te donne l'endroit ou se trouve le fichier infecté!

Est ce que AVG a trouvé le fichier dont Symantec fait le rapport?c'est pas évident!

Fais ceci , ca vas nettoyer ton pc comme il faut:

 

Télécharger la version d'essai d'Ewido ici :

 

http://www.ewido.net/fr/

 

et l'installer (important: pendant l'installation, sur la page "Additional Options"

 

décocher les deux options "Install background guard" et "Install scan via context

 

menu").Met le à jour.

 

Lorsque vous étes passé en mode sans échec, relancer Ewido et cliquer sur scanner puis sur scan complet du système.

 

Si des fichiers infectés sont trouvés, garder l'option par défaut Supprimer (avec la ligne "Créer des copies de sauvegarde cryptées dans la quarantaine" cochée).

 

A la fin du scan, Sauver le rapport (Fichier/Enregistrer sous...) et le popster ici

Modifié par charles ingals
dapma Junior Member

dapma

Posté(e)
  • Auteur
Posté(e)

bon, alors je pense que cette fois-ci, j'ai tout fait correctement.

tout d'abordn j'ai fait l'analyse de symantec security, qui m'a trouvé un virus dans :

C:/Program Files/SurfAccuracy/SAcc.exe le virus c'est : Adware.SurfAccuracy

Puis, sans rien modifier, j'ai fait une analyse AVG, qui ne m'a rien trouvé.

Alors, j'ai téléchargé ewido et fait la mise à jour et le scan de l'ordi en mode sans echec, voilà ce qu'il m'a donné : 40 fichiers infectés, voici le rapport :

 

 

 

---------------------------------------------------------

ewido security suite - Rapport de scan

---------------------------------------------------------

 

+ Créé le: 22:45:49, 21/11/2005

+ Somme de contrôle: 184AB614

 

+ Résultats du scan:

 

HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Nettoyer et sauvegarder

HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F}\TypeLib\\ -> Spyware.ISTBar : Nettoyer et sauvegarder

HKLM\SOFTWARE\Classes\ISTx.Installer -> Spyware.ISTBar : Nettoyer et sauvegarder

HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Spyware.ISTBar : Nettoyer et sauvegarder

HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID\\ -> Spyware.ISTBar : Nettoyer et sauvegarder

HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Nettoyer et sauvegarder

HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Nettoyer et sauvegarder

HKLM\SOFTWARE\ISTsvc\history -> Spyware.ISTBar : Nettoyer et sauvegarder

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll -> Spyware.ISTBar : Nettoyer et sauvegarder

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll\\.Owner -> Spyware.ISTBar : Nettoyer et sauvegarder

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/istactivex.dll\\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Nettoyer et sauvegarder

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Nettoyer et sauvegarder

HKU\S-1-5-21-2802022764-3134616843-1333191943-1008\Software\IST -> Spyware.ISTBar : Nettoyer et sauvegarder

HKU\S-1-5-21-2802022764-3134616843-1333191943-1008\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Nettoyer et sauvegarder

HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Erreur durant le nettoyage

C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Nettoyer et sauvegarder

C:\WINDOWS\Downloaded Program Files\UWFX5V_0001_LPNetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Nettoyer et sauvegarder

C:\Documents and Settings\Maye\Cookies\maye@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder

C:\Documents and Settings\Maye\Cookies\maye@estat[1].txt -> Spyware.Cookie.Estat : Nettoyer et sauvegarder

C:\Documents and Settings\Maye\Cookies\maye@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder

C:\Documents and Settings\Maye\Cookies\maye@com[2].txt -> Spyware.Cookie.Com : Nettoyer et sauvegarder

C:\Documents and Settings\Maye\Cookies\maye@hitbox[1].txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder

C:\Documents and Settings\Maye\Cookies\maye@ehg-vivacances.hitbox[1].txt -> Spyware.Cookie.Hitbox : Nettoyer et sauvegarder

C:\Documents and Settings\Anais\Cookies\anais@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Nettoyer et sauvegarder

C:\Documents and Settings\Anais\Cookies\anais@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Nettoyer et sauvegarder

C:\Documents and Settings\Anais\Cookies\anais@weborama[1].txt -> Spyware.Cookie.Weborama : Nettoyer et sauvegarder

C:\Documents and Settings\Anais\Cookies\anais@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Nettoyer et sauvegarder

C:\Documents and Settings\Anais\Cookies\anais@advertising[1].txt -> Spyware.Cookie.Advertising : Nettoyer et sauvegarder

C:\Documents and Settings\Anais\Cookies\anais@atdmt[2].txt -> Spyware.Cookie.Atdmt : Nettoyer et sauvegarder

C:\Documents and Settings\Anais\Cookies\anais@2o7[2].txt -> Spyware.Cookie.2o7 : Nettoyer et sauvegarder

C:\Documents and Settings\Anais\Cookies\anais@adtech[2].txt -> Spyware.Cookie.Adtech : Nettoyer et sauvegarder

C:\Documents and Settings\Anais\Cookies\anais@www.smartadserver[1].txt -> Spyware.Cookie.Smartadserver : Nettoyer et sauvegarder

C:\Program Files\ISTsvc -> Spyware.ISTBar : Nettoyer et sauvegarder

C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Nettoyer et sauvegarder

C:\Program Files\SurfAccuracy\SAcc.exe -> Adware.SurfAccuracy : Nettoyer et sauvegarder

C:\Program Files\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Nettoyer et sauvegarder

C:\Program Files\SurfAccuracy\SAccU.exe -> Adware.SurfAccuracy : Nettoyer et sauvegarder

C:\Program Files\SurfAccuracy\License.lnk -> Adware.SurfAccuracy : Nettoyer et sauvegarder

C:\System Volume Information\_restore{68E0937D-5A01-4A43-A73E-74F5193D0FF8}\RP39\A0010250.SYS -> Trojan.Rootkit.Agent.af : Nettoyer et sauvegarder

C:\System Volume Information\_restore{68E0937D-5A01-4A43-A73E-74F5193D0FF8}\RP48\A0013117.exe -> Spyware.SurfAccuracy : Nettoyer et sauvegarder

 

 

::Fin du rapport

 

 

Bon et ensuite je me suis dit qu'une dernière analyse par symantec ne serai pas forcément inutile, alors là, il me dit qu'il n'y a plus de virus (ouf!) .

bon, pour terminer, un scan de hijackthis :

 

Logfile of HijackThis v1.99.1

Scan saved at 23:16:20, on 21/11/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

C:\Documents and Settings\Anais\Bureau\win\ewido\security suite\ewidoctrl.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\ctfmon.exe

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\System32\TPWRTRAY.EXE

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe

C:\WINDOWS\System32\TFNF5.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\System32\ezSP_Px.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Anais\Bureau\win\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_6_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20

O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Compagnon) - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{6413A252-E6A3-4F78-B692-A34C8E20CA79}: NameServer = 193.252.19.3,193.252.19.4

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Anais\Bureau\win\ewido\security suite\ewidoctrl.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

 

 

sans être spécialiste, ça me parrait déjà plus "clean" qu'avant!! et de plus, plus de trace de winfixer!!!!

Merci beaucoup pour votre aide très précieuse!

 

Dapma

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...