Spysheriff(virus) résultat de HijackThis1991 - Sécurité - Virus
TomsGuide.com : 700 000 inscrits répondent à toutes vos questions high-tech et informatique.
Pour obtenir de l'aide, inscrivez-vous gratuitement !
 

Ajouter une réponse



Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : Spysheriff(virus) résultat de HijackThis1991
 
benkenobi@IDN
Profil : IDNaute
Plus d'informations
n°35147
11-08-2005 à 08:58:54

aider s.v.p en plus je ne suis plus cappable douvrir ma gestion de tache



Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Sierra\Half-Life\Steam.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\rsvp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Robin\Bureau\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cogeco.ca/fr/index_q.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59585F77-E2CD-B34E-EB4C-B7EEF886BDEB} - C:\WINDOWS\System32\orta.dll (file missing)
O2 - BHO: (no name) - {AF6ACDBC-220D-2A85-7D25-71C2CA2446E6} - C:\WINDOWS\System32\evmmcbv.dll (file missing)
O2 - BHO: (no name) - {E68FB0E2-F71E-4062-9691-1A097D7A27CB} - C:\WINDOWS\System32\jklo.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Steam] "c:\program files\sierra\half-life\steam.exe" -silent
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global User Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Basic\Copernic.exe (file missing)
O9 - Extra 'Tools' menuitem: Lancer Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Basic\Copernic.exe (file missing)
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Basic\Copernic.exe (file missing)
O9 - Extra button: Traduire - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Basic\Translate.htm (file missing)
O9 - Extra 'Tools' menuitem: &Traduire avec Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Basic\Translate.htm (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b28578.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signupte [...] kurity.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233200} - http://www.sexe-exhibition.org/acc [...] -debit.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b28578.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ [...] 0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/132e11 [...] xIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 2879495076
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b28578.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
O18 - Protocol: bw+0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe

Liens sponsorisés


Inscrivez-vous ou connectez-vous pour masquer ceci.

chercheur_
Profil : Helper
Plus d'informations
n°35149
11-08-2005 à 09:20:45

Bonjour

* Télécharge
SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Tu le dézippes sur le Bureau.

Ewido
http://www.ewido.net/fr/download/
Tu l'installes et tu le mets à jour.

* Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.

* Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarres l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuyes sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionnes le mode sans échec approprié et appuyes sur Entrée.

* Lances un scan d'Ewido et supprimes tout.
Sauvegardes le rapport.

* Relances le et choisis cette fois l’option 2 et réponds oui à tout.

* Redémarres normalement et communiques le deuxième rapport de SmitfraudFix avec un nouveau rapport Hijackthis et le rapport d'Ewido.

Bien mettre le début du rapport qui commence par "Logfile of HijackThis v1.99.1"

benkenobi@IDN
Profil : IDNaute
Plus d'informations
n°35154
11-08-2005 à 10:16:42

SmitFraudFix v1.6

Rapport fait à 4:15:39.42 le 2005-08-11
Executé à partir de C:\Documents and Settings\Robin\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

C:\WINDOWS\system32\vxgame?.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Robin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

benkenobi@IDN
Profil : IDNaute
Plus d'informations
n°35242
11-08-2005 à 17:28:31

SmitFraudFix v1.6

Rapport fait à 10:55:46.09 le 2005-08-11
Executé à partir de C:\Documents and Settings\Robin\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Robin\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport



Logfile of HijackThis v1.99.1
Scan saved at 10:56:19 AM, on 2005-08-11
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\program files\sierra\half-life\steam.exe
C:\Documents and Settings\Robin\Bureau\HijackThis1991.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.cogeco.ca/fr/index_q.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {59585F77-E2CD-B34E-EB4C-B7EEF886BDEB} - C:\WINDOWS\System32\orta.dll (file missing)
O2 - BHO: (no name) - {AF6ACDBC-220D-2A85-7D25-71C2CA2446E6} - C:\WINDOWS\System32\evmmcbv.dll (file missing)
O2 - BHO: (no name) - {E68FB0E2-F71E-4062-9691-1A097D7A27CB} - C:\WINDOWS\System32\jklo.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Steam] "c:\program files\sierra\half-life\steam.exe" -silent
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global User Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Basic\Copernic.exe (file missing)
O9 - Extra 'Tools' menuitem: Lancer Copernic 2001 - {2A465934-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Basic\Copernic.exe (file missing)
O9 - Extra button: Copernic - {2A465936-E5F0-11D2-91B5-00104B9C4765} - C:\Program Files\Copernic 2001 Basic\Copernic.exe (file missing)
O9 - Extra button: Traduire - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Basic\Translate.htm (file missing)
O9 - Extra 'Tools' menuitem: &Traduire avec Gist-In-Time - {99EFB53C-C965-43CF-9F45-52242D134187} - file://C:\Program Files\Copernic 2001 Basic\Translate.htm (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b28578.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signupte [...] kurity.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233200} - http://www.sexe-exhibition.org/acc [...] -debit.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b28578.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ [...] 0_0_44.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/132e11 [...] xIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft. [...] 2879495076
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b28578.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1) -
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.57.146.14,69.57.147.175
O18 - Protocol: bw+0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {19FCAEBF-43D4-4293-A829-6532927C1129} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Machine Debug Manager (MDM) - Unknown owner - C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe (file missing)
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe



---------------------------------------------------------
ewido security suite - Rapport de scan
---------------------------------------------------------

+ Créé le: 11:25:13 AM, 2005-08-11
+ Somme de contrôle: 61241098

+ Résultats du scan:

HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{310CC549-4541-46A9-940F-52B342A6E682} -> Spyware.IBIS : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{69357D4E-BF4D-4651-91E9-52ECD45A0128} -> Spyware.IBIS : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{8B0FA130-0C3D-4CB1-AEB7-2C29DA5509A3} -> Spyware.IBIS : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{BBF122A7-8A4D-45B5-9E00-0F68BC87C904} -> Spyware.IBIS : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{CAE0999F-78C5-49DC-9F30-13142AAAABA4} -> Spyware.IBIS : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A} -> Spyware.HotBar : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{F1616B86-9288-489D-B71A-0CCF2F1A89DA} -> Spyware.IBIS : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{FAA356E4-D317-42a6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A} -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Classes\CLSID\{FF76A5DA-6158-4439-99FF-EDC1B3FE100C} -> Spyware.IBIS : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\Files -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\Files\APP -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\Files\BBDE -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\Files\BBDHE -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\Files\BBDI -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\Files\COMMON -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\Files\MAJORSE -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\Files\RADIO -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\Files\SVC -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\Files\TBR -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\PlugIns -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\PlugIns\COMMON -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\PlugIns\RADIO -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\Toolbar\Server -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\WinTools -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\WinTools\nlibx4m -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\WinTools\nlibx4m\ef -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\WinTools\nlibx4m\q8 -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\WinTools\nlibx4m\qe -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\WinTools\nlibx4m\tg -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\WinTools\nlibx4m\tgv -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\WinTools\nlibx4m\tt1 -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\WinTools\nlibx4m\ttt -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\WinTools\nlibx4m\v -> Spyware.WebSearch : Erreur durant le nettoyage
HKLM\SOFTWARE\WinTools\nlibx4m\vv -> Spyware.WebSearch : Erreur durant le nettoyage
HKU\.DEFAULT\Software\Toolbar -> Spyware.WebSearch : Erreur durant le nettoyage
HKU\.DEFAULT\Software\Toolbar\PlugIns -> Spyware.WebSearch : Erreur durant le nettoyage
HKU\.DEFAULT\Software\Toolbar\PlugIns\COMMON -> Spyware.WebSearch : Erreur durant le nettoyage
HKU\.DEFAULT\Software\Toolbar\PlugIns\RADIO -> Spyware.WebSearch : Erreur durant le nettoyage
HKU\.DEFAULT\Software\Toolbar\Server -> Spyware.WebSearch : Erreur durant le nettoyage
HKU\S-1-5-18\Software\Toolbar -> Spyware.WebSearch : Erreur durant le nettoyage
HKU\S-1-5-18\Software\Toolbar\PlugIns -> Spyware.WebSearch : Erreur durant le nettoyage
HKU\S-1-5-18\Software\Toolbar\PlugIns\COMMON -> Spyware.WebSearch : Erreur durant le nettoyage
HKU\S-1-5-18\Software\Toolbar\PlugIns\RADIO -> Spyware.WebSearch : Erreur durant le nettoyage
HKU\S-1-5-18\Software\Toolbar\Server -> Spyware.WebSearch : Erreur durant le nettoyage
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564283.exe -> Dialer.Generic : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564284.exe -> Adware.eZula : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564285.dll -> Dialer.Generic : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564286.dll -> Dialer.Generic : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564287.dll -> Spyware.BargainBuddy : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564288.DLL -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564289.DLL -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564290.DLL -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564291.DLL -> Spyware.P2PNetworking : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564292.exe -> Spyware.404Search : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564293.dll -> Spyware.NaviSearch : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564294.dll -> Spyware.NaviSearch : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564295.dll -> TrojanDownloader.Rameh.c : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564296.dll -> Spyware.EliteBar : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564297.exe -> Spyware.DealHelper : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564298.dll -> Dialer.Generic : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564299.exe -> Spyware.BargainBuddy : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564300.exe -> Spyware.NewDotNet : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564301.exe -> Spyware.NewDotNet : Nettoyer et sauvegarder
C:\System Volume Information\_restore{5D3D5F53-7397-4A52-8296-6AB5D6433B56}\RP1341\A0564302.exe -> Spyware.MediaMotor : Nettoyer et sauvegarder


::Fin du rapport

chercheur_
Profil : Helper
Plus d'informations
n°35539
14-08-2005 à 00:15:02

Bonsoir

1 Télécharge
CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

About Buster
http://www.malwarebytes.biz/index.php?page=downloads
Une fois téléchargé,tu le dézippe,et tu mets un raccourci sur le bureau.

2 Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.

3 Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {59585F77-E2CD-B34E-EB4C-B7EEF886BDEB} - C:\WINDOWS\System32\orta.dll (file missing)
O2 - BHO: (no name) - {AF6ACDBC-220D-2A85-7D25-71C2CA2446E6} - C:\WINDOWS\System32\evmmcbv.dll (file missing)
O2 - BHO: (no name) - {E68FB0E2-F71E-4062-9691-1A097D7A27CB} - C:\WINDOWS\System32\jklo.dll (file missing)
O4 - HKLM\..\RunServices: [atiupdpl] C:\WINDOWS\System32\atiupdpl.exe
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signupte [...] kurity.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {27DA08CF-FCDB-C812-102C-35416A233200} - http://www.sexe-exhibition.org/acc [...] -debit.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/132e11 [...] xIE601.cab

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »

4 Double clique sur About:Buster
Clique sur Begin Removal
Un scan est exécuté (attendre quelques secondes).
Refaire un second scan.
Poste le rapport ici.

5 Assure toi d'avoir accés à tous les fichiers.
Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :
Activer la case : Afficher les fichiers et dossiers cachés
Désactiver la case : Masquer les extensions des fichiers dont le type est connu
Désactiver la case : Masquer les fichiers protégés du système d'exploitation
Puis Appliquer

6 Supprime les fichiers/dossiers incriminés (s'ils existent encore) :

C:\Program Files\couponsandoffers
C:\WINDOWS\System32\orta.dll
C:\WINDOWS\System32\evmmcbv.dll
C:\WINDOWS\System32\jklo.dll
C:\WINDOWS\System32\atiupdpl.exe

7 Lance et exécute CCleaner.

Recache les fichiers systeme afin de ne pas faire d'erreur à l'avenir en sélectionnant ne pas afficher les fichiers cachés ou les fichiers système.

8 Redémarre normalement.

9 Fais une analyse antivirus en ligne sur Panda
http://www.pandasoftware.com/activ [...] ncipal.htm

Colle son rapport ici avec un nouv