TROJAN BACKDORR AIDEZ MOI SVP

suis coincée. en faisant hijack
Pas trouvé O3 - Toolbar:MSN - {BDAD1DAD-946-A17-ADC1-64B5B4FF55D0}
Ai pas trouvé O23-service : remote procedure call (RPC) monitoing (Rpcmon)
dans hijack; Donc dans clicl démarrrer executer tape services/msc je ne peux
pas double cliquer sur remote procédure call que je ne trouve pas.
Ai peur de continuer et de tout bousiller. Rassure moi, car je vais à
l'aveuglette, en ayant une grande trouille de ma tromper. merci de répondre
vite.

dois-je redémarrer en mode sans échec ? directement

Attention j'ai déliré : winfixer n'est pas un antivirus, faut pas le virer !

Mais pour le reste ça doit marcher.

Je crois qu'il vaut mieux que j'aille me coucher.

Toutes mes excuses.

A Ball trap 34 qui a l'air de bien connaître. Merci pour l'aide cette nuit. N'ai surement pas tout suivi les instructions correctement. Je souhaite recommencer en mode sans échec. Voici ce que j'ai maintenant, après avoir bien bidouillé toute la nuit. Pouvez-vous me reconseillez sur la marche à suivre, maintenant que j'ai bien téléchargé les programmes ad-ware, spybot et clean up. C'est très sympa de m'aider, j'aurai un peu moins peur à exécuter les manoeuvres maintenant.
Au démarrage du micro : message a2 : possible Trojan Dowloader ou spyloader
Logfile of HijackThis v1.99.1
Scan saved at 09:44:16, on 13/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\WinFixer 2005\wfx5.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Fichiers communs\WinSoftware\WFF.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\TatiDanielle\Mes documents\Mes fichiers reçus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O1 - Hosts: 141.225.152.142 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 141.225.152.142 www3.aibgbonline.co.uk
O1 - Hosts: 141.225.152.142 www.bank.alliance-leicester.co.uk
O1 - Hosts: 141.225.152.142 login.iblogin.com
O1 - Hosts: 141.225.152.142 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 141.225.152.142 inet.barclays.co.uk
O1 - Hosts: 141.225.152.142 iibank.barclays.co.uk
O1 - Hosts: 141.225.152.142 iibank.cahoot.com
O1 - Hosts: 141.225.152.142 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 141.225.152.142 ww.hsbc.co.uk
O1 - Hosts: 141.225.152.142 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 141.225.152.142 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ob2.nationet.com
O1 - Hosts: 141.225.152.142 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 141.225.152.142 ww1.nwolb.com
O1 - Hosts: 141.225.152.142 ww1.onlinebanking.iombank.com
O1 - Hosts: 141.225.152.142 ww1.www.rbsdigital.com
O1 - Hosts: 141.225.152.142 welcome.smile.co.uk
O1 - Hosts: 141.225.152.142 login.365online.com
O1 - Hosts: 141.225.152.142 wvw.citizensbankonline.com
O1 - Hosts: 141.225.152.142 esecure.regionsnet.com
O1 - Hosts: 141.225.152.142 rollb.associatedbank.com
O1 - Hosts: 141.225.152.142 upb.unionplanters.com
O1 - Hosts: 141.225.152.142 www.onlinebanking.huntington.com
O1 - Hosts: 141.225.152.142 inet.southtrustonlinebanking.com
O1 - Hosts: 141.225.152.142 logon.personal.wamu.com
O1 - Hosts: 141.225.152.142 login.compassweb.com
O1 - Hosts: 141.225.152.142 logon.firstmeritib.com
O1 - Hosts: 141.225.152.142 login.ccfcuonline.org
O1 - Hosts: 141.225.152.142 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 141.225.152.142 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 141.225.152.142 wvw.totallyfreebanking.com
O1 - Hosts: 141.225.152.142 www.online.wellsfargo.com
O1 - Hosts: 141.225.152.142 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 141.225.152.142 accounts4.keybank.com
O1 - Hosts: 141.225.152.142 logon.bankone.com
O1 - Hosts: 141.225.152.142 www.secure.tdbanknorth.com
O1 - Hosts: 141.225.152.142 www.secure.mvnt4.com
O1 - Hosts: 141.225.152.142 ww.mynfbonline.com
O1 - Hosts: 141.225.152.142 login.forumcuonline.com
O1 - Hosts: 141.225.152.142 www.eds.usersonlnet.com
O1 - Hosts: 141.225.152.142 www.onlineid.bankofamerica.com
O1 - Hosts: 141.225.152.142 wvw.e-gold.com
O1 - Hosts: 141.225.152.142 pcbs.peoples.com
O1 - Hosts: 141.225.152.142 www.global1.onlinebank.com
O1 - Hosts: 141.225.152.142 ww2.mybranch.lafcu.com
O1 - Hosts: 141.225.152.142 login.webbanking.comerica.com
O1 - Hosts: 141.225.152.142 web.banking.firsttennessee.com
O1 - Hosts: 141.225.152.142 logon.members1st.org
O1 - Hosts: 141.225.152.142 www.cib.ibanking-services.com
O1 - Hosts: 141.225.152.142 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 141.225.152.142 wvw.paypal.com
O1 - Hosts: 141.225.152.142 www.signin.ebay.com
O1 - Hosts: 141.225.152.142 wvw.etrade.com
O1 - Hosts: 141.225.152.142 ww4.fleethomelink.fleet.com
O1 - Hosts: 141.225.152.142 ww3.connect.skyfi.com
O1 - Hosts: 141.225.152.142 www6.usbank.com
O1 - Hosts: 141.225.152.142 www.bvi.bancodevalencia.es
O1 - Hosts: 141.225.152.142 extrant.banesto.es
O1 - Hosts: 141.225.152.142 banesnt.banesto.es
O1 - Hosts: 141.225.152.142 activia.caixagalicia.es
O1 - Hosts: 141.225.152.142 www.bancae.caixapenedes.com
O1 - Hosts: 141.225.152.142 login.caixasabadell.net
O1 - Hosts: 141.225.152.142 oii.cajamadrid.es
O1 - Hosts: 141.225.152.142 login.cajamar.es
O1 - Hosts: 141.225.152.142 login.ccm.es
O1 - Hosts: 141.225.152.142 ww.unicaja.es
O1 - Hosts: 141.225.152.142 www5.bancopopular.es
O1 - Hosts: 141.225.152.142 ww3.bbvanet.com
O1 - Hosts: 141.225.152.142 ww.bayernlb.de
O1 - Hosts: 141.225.152.142 ww2.berliner-volksbank.de
O1 - Hosts: 141.225.152.142 ww7.homebanking-berlin.de
O1 - Hosts: 141.225.152.142 portal09.commerzbanking.de
O1 - Hosts: 141.225.152.142 www.meine.deutsche-bank.de
O1 - Hosts: 141.225.152.142 ww2.dresdner-privat.de
O1 - Hosts: 141.225.152.142 ww.e-banking.helaba.de
O1 - Hosts: 141.225.152.142 ww.hsh-nordbank.de
O1 - Hosts: 141.225.152.142 www.my.hypovereinsbank.de
O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de
O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de
O1 - Hosts: 141.225.152.142 www.banking.lbbw.de
O1 - Hosts: 141.225.152.142 lrp.sparkasse-banking.de
O1 - Hosts: 141.225.152.142 ww3.homebanking-niedersachsen.de
O1 - Hosts: 141.225.152.142 www.onlinebanking.norisbank.de
O1 - Hosts: 141.225.152.142 www.banking.postbank.de
O1 - Hosts: 141.225.152.142 wvw.internetbanking.gad.de
O1 - Hosts: 141.225.152.142 ww1.portal.izb.de
O1 - Hosts: 141.225.152.142 wvw.kunden-service.lbs.de
O1 - Hosts: 141.225.152.142 ibanking.seb.de
O1 - Hosts: 141.225.152.142 bw7.sparkasse-banking.de
O1 - Hosts: 141.225.152.142 ww2.homebanking-sparkasse.de
O1 - Hosts: 141.225.152.142 ww2.vr-networld-ebanking.de
O1 - Hosts: 141.225.152.142 ww.bics.fr
O1 - Hosts: 141.225.152.142 www.co.caixabank.fr
O1 - Hosts: 141.225.152.142 ww.creditmutuel.fr
O1 - Hosts: 141.225.152.142 internetbank.intesabci.it
O1 - Hosts: 141.225.152.142 ww.extensive.bancalombarda.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft Javascript Class - {6E28339B-7A2A-47B6-AEB2-46BA53782373} - C:\WINDOWS\System32\dllcache\javascript.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe /min
O4 - HKLM\..\Run: [FNI.WFX5V] "C:\Documents and Settings\TatiDanielle\Mes documents\Mes fichiers reçus\WFX5VI.exe"
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe /min
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O18 - Protocol: bw+0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

A Balltrap 34, après avoir visité le site super bien fait,
J'ai refait complètement l'analyse de cette nuit et ressorti un hijackthis que voici. Qu'en penses-tu ? Je ne m'en sors pas de TROJAN. Que faut-il faire maintenant ? je me sens faiblir maintenant, après deux nuits sur ces problèmes.

Logfile of HijackThis v1.99.1
Scan saved at 17:35:19, on 13/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\WinFixer 2005\wfx5.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Fichiers communs\WinSoftware\WFF.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\TatiDanielle\Mes documents\Mes fichiers reçus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O1 - Hosts: 141.225.152.142 onlineaccounts2.abbeynational.co.uk
O1 - Hosts: 141.225.152.142 www3.aibgbonline.co.uk
O1 - Hosts: 141.225.152.142 www.bank.alliance-leicester.co.uk
O1 - Hosts: 141.225.152.142 login.iblogin.com
O1 - Hosts: 141.225.152.142 ww2.bankofscotlandhalifax-online.co.uk
O1 - Hosts: 141.225.152.142 inet.barclays.co.uk
O1 - Hosts: 141.225.152.142 iibank.barclays.co.uk
O1 - Hosts: 141.225.152.142 iibank.cahoot.com
O1 - Hosts: 141.225.152.142 www3.coventrybuildingsociety.co.uk
O1 - Hosts: 141.225.152.142 ww.hsbc.co.uk
O1 - Hosts: 141.225.152.142 login.ebank.offshore.hsbc.co.je
O1 - Hosts: 141.225.152.142 ww3.online-offshore.lloydstsb.com
O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk
O1 - Hosts: 141.225.152.142 ob2.nationet.com
O1 - Hosts: 141.225.152.142 ww3.onlinebanking.natwestoffshore.com
O1 - Hosts: 141.225.152.142 ww1.nwolb.com
O1 - Hosts: 141.225.152.142 ww1.onlinebanking.iombank.com
O1 - Hosts: 141.225.152.142 ww1.www.rbsdigital.com
O1 - Hosts: 141.225.152.142 welcome.smile.co.uk
O1 - Hosts: 141.225.152.142 login.365online.com
O1 - Hosts: 141.225.152.142 wvw.citizensbankonline.com
O1 - Hosts: 141.225.152.142 esecure.regionsnet.com
O1 - Hosts: 141.225.152.142 rollb.associatedbank.com
O1 - Hosts: 141.225.152.142 upb.unionplanters.com
O1 - Hosts: 141.225.152.142 www.onlinebanking.huntington.com
O1 - Hosts: 141.225.152.142 inet.southtrustonlinebanking.com
O1 - Hosts: 141.225.152.142 logon.personal.wamu.com
O1 - Hosts: 141.225.152.142 login.compassweb.com
O1 - Hosts: 141.225.152.142 logon.firstmeritib.com
O1 - Hosts: 141.225.152.142 login.ccfcuonline.org
O1 - Hosts: 141.225.152.142 ww3.etimebanker.bankofthewest.com
O1 - Hosts: 141.225.152.142 ww2.onlinebanking.lasallebank.com
O1 - Hosts: 141.225.152.142 wvw.totallyfreebanking.com
O1 - Hosts: 141.225.152.142 www.online.wellsfargo.com
O1 - Hosts: 141.225.152.142 www.onlinebanking.bankofoklahoma.com
O1 - Hosts: 141.225.152.142 accounts4.keybank.com
O1 - Hosts: 141.225.152.142 logon.bankone.com
O1 - Hosts: 141.225.152.142 www.secure.tdbanknorth.com
O1 - Hosts: 141.225.152.142 www.secure.mvnt4.com
O1 - Hosts: 141.225.152.142 ww.mynfbonline.com
O1 - Hosts: 141.225.152.142 login.forumcuonline.com
O1 - Hosts: 141.225.152.142 www.eds.usersonlnet.com
O1 - Hosts: 141.225.152.142 www.onlineid.bankofamerica.com
O1 - Hosts: 141.225.152.142 wvw.e-gold.com
O1 - Hosts: 141.225.152.142 pcbs.peoples.com
O1 - Hosts: 141.225.152.142 www.global1.onlinebank.com
O1 - Hosts: 141.225.152.142 ww2.mybranch.lafcu.com
O1 - Hosts: 141.225.152.142 login.webbanking.comerica.com
O1 - Hosts: 141.225.152.142 web.banking.firsttennessee.com
O1 - Hosts: 141.225.152.142 logon.members1st.org
O1 - Hosts: 141.225.152.142 www.cib.ibanking-services.com
O1 - Hosts: 141.225.152.142 www.miwebbusbank.ebanking-services.com
O1 - Hosts: 141.225.152.142 wvw.paypal.com
O1 - Hosts: 141.225.152.142 www.signin.ebay.com
O1 - Hosts: 141.225.152.142 wvw.etrade.com
O1 - Hosts: 141.225.152.142 ww4.fleethomelink.fleet.com
O1 - Hosts: 141.225.152.142 ww3.connect.skyfi.com
O1 - Hosts: 141.225.152.142 www6.usbank.com
O1 - Hosts: 141.225.152.142 www.bvi.bancodevalencia.es
O1 - Hosts: 141.225.152.142 extrant.banesto.es
O1 - Hosts: 141.225.152.142 banesnt.banesto.es
O1 - Hosts: 141.225.152.142 activia.caixagalicia.es
O1 - Hosts: 141.225.152.142 www.bancae.caixapenedes.com
O1 - Hosts: 141.225.152.142 login.caixasabadell.net
O1 - Hosts: 141.225.152.142 oii.cajamadrid.es
O1 - Hosts: 141.225.152.142 login.cajamar.es
O1 - Hosts: 141.225.152.142 login.ccm.es
O1 - Hosts: 141.225.152.142 ww.unicaja.es
O1 - Hosts: 141.225.152.142 www5.bancopopular.es
O1 - Hosts: 141.225.152.142 ww3.bbvanet.com
O1 - Hosts: 141.225.152.142 ww.bayernlb.de
O1 - Hosts: 141.225.152.142 ww2.berliner-volksbank.de
O1 - Hosts: 141.225.152.142 ww7.homebanking-berlin.de
O1 - Hosts: 141.225.152.142 portal09.commerzbanking.de
O1 - Hosts: 141.225.152.142 www.meine.deutsche-bank.de
O1 - Hosts: 141.225.152.142 ww2.dresdner-privat.de
O1 - Hosts: 141.225.152.142 ww.e-banking.helaba.de
O1 - Hosts: 141.225.152.142 ww.hsh-nordbank.de
O1 - Hosts: 141.225.152.142 www.my.hypovereinsbank.de
O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de
O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de
O1 - Hosts: 141.225.152.142 www.banking.lbbw.de
O1 - Hosts: 141.225.152.142 lrp.sparkasse-banking.de
O1 - Hosts: 141.225.152.142 ww3.homebanking-niedersachsen.de
O1 - Hosts: 141.225.152.142 www.onlinebanking.norisbank.de
O1 - Hosts: 141.225.152.142 www.banking.postbank.de
O1 - Hosts: 141.225.152.142 wvw.internetbanking.gad.de
O1 - Hosts: 141.225.152.142 ww1.portal.izb.de
O1 - Hosts: 141.225.152.142 wvw.kunden-service.lbs.de
O1 - Hosts: 141.225.152.142 ibanking.seb.de
O1 - Hosts: 141.225.152.142 bw7.sparkasse-banking.de
O1 - Hosts: 141.225.152.142 ww2.homebanking-sparkasse.de
O1 - Hosts: 141.225.152.142 ww2.vr-networld-ebanking.de
O1 - Hosts: 141.225.152.142 ww.bics.fr
O1 - Hosts: 141.225.152.142 www.co.caixabank.fr
O1 - Hosts: 141.225.152.142 ww.creditmutuel.fr
O1 - Hosts: 141.225.152.142 internetbank.intesabci.it
O1 - Hosts: 141.225.152.142 ww.extensive.bancalombarda.it
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft Javascript Class - {6E28339B-7A2A-47B6-AEB2-46BA53782373} - C:\WINDOWS\System32\dllcache\javascript.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe /min
O4 - HKLM\..\Run: [FNI.WFX5V] "C:\Documents and Settings\TatiDanielle\Mes documents\Mes fichiers reçus\WFX5VI.exe"/BEFOREINSTALL
O4 - HKLM\..\Run: [System reg] sysrun32.exe
O4 - HKLM\..\RunServices: [System reg] sysrun32.exe
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe /min
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O18 - Protocol: bw+0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

Rebonsoir et merci de ta


Logfile of HijackThis v1.99.1
Scan saved at 22:10:57, on 13/08/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\WinFixer 2005\wfx5.exe
C:\Program Files\a2\a2guard.exe
C:\Program Files\Fichiers communs\WinSoftware\WFF.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\TatiDanielle\Mes documents\Mes fichiers reçus\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Microsoft Javascript Class - {6E28339B-7A2A-47B6-AEB2-46BA53782373} - C:\WINDOWS\System32\dllcache\javascript.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [KAVPersonal50] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe /min
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe /min
O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a2\a2guard.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O18 - Protocol: bw+0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {CA5E8DC7-5A93-47D1-9FA1-988D4D5DCA99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

je disais, merci de ta patience. comprends pas comment faire marcher adaware (tout en anglais-saisis pas tout)
J'ai transmis plus vite que prévu le hijack. Chaque fois que je me connecte à outlook, je recois de a2 guard alert - a2 IDS un message m'indiquant "possible Trojan ou spyware dowloader sur fichier C\progr files\MSNapps\updater\01.03.000.1005\frmsnappau.exe.
Voici dernier hijack refait. Quand vais-je m'en sortir ?

aucun virus trouvé apparemment - comprends pas

This is a report processed by VirusTotal on 08/13/2005 at 23:02:23 (CET) after scanning the file "IEXPLORE.EXE" file.
Antivirus Version Update Result
AntiVir 6.31.1.0 08.13.2005 no virus found
Avast 4.6.695.0 08.13.2005 no virus found
AVG 718 08.12.2005 no virus found
Avira 6.31.1.0 08.13.2005 no virus found
BitDefender 7.0 08.13.2005 no virus found
CAT-QuickHeal 7.03 08.13.2005 no virus found
ClamAV devel-20050725 08.13.2005 no virus found
DrWeb 4.32b 08.13.2005 no virus found
eTrust-Iris 7.1.194.0 08.12.2005 no virus found
eTrust-Vet 11.9.1.0 08.12.2005 no virus found
Fortinet 2.36.0.0 08.13.2005 no virus found
F-Prot 3.16c 08.12.2005 no virus found
Ikarus 0.2.59.0 08.12.2005 no virus found
Kaspersky 4.0.2.24 08.13.2005 no virus found
McAfee 4557 08.12.2005 no virus found
NOD32v2 1.1193 08.12.2005 no virus found
Norman 5.70.10 08.12.2005 no virus found
Panda 8.02.00 08.13.2005 no virus found
Sophos 3.96.0 08.13.2005 no virus found
Sybari 7.5.1314 08.13.2005 no virus found
Symantec 8.0 08.13.2005 no virus found
TheHacker 5.8.2.086 08.13.2005 no virus found
VBA32 3.10.4 08.13.2005 no virus found



VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.> Go to: Home Contact En español
--------------------------------------------------------------------------------
http://www.virustotal.com/ :: @ Hispasec Sistemas 2004 :: e-mail info@virustotal.com

heureusement qu'il y a des mecs sympa pour répondre à la jeune mamie . Merci pour votre aide. Pour me connecter sur internet je dois donc cliquer sur "permission pour ce programme", sinon pas de connexion.

j'ai peut-êtr fait une bêtise, j'ai autorisé l'ouverture du programme internet permanent.

Balltrap 34. Bonjour, je suis revenue plus vite prévu. Au démarrage du PC , Windows a ordonné la déconnexion : Win32.Isass.exe Le programme s'est terminé de manière inattendue code état 1073741819.
J'ai lancé un scann de a2 : pendant l'analyse deux messages :
C\program files\winfixer2005\updater.exe
Possible Trojan Dowloader ou Spy Dowloader
Pendant l'exécution du programme, un éventuel comportement pouvant nuire au système a été constaté par a². Le programme essaye de dissimuler le transfert de données dans l'Internet. Si vous êtes sûr qu'il ne s'agit pas de transfert de données non autorisé, alors donnez en la permission. Si vous ne connaissez pas le programme, il vous est recommandé de terminer le programme et de le communiquer à l'analyse.

idem pour c\program files\MSNapps\updater\01.03.0000.1005\msnappau.exe même message qu'hier soir.
De plus, il a trouvé 6 malwares pendant l'analyse :


a² Report
Nom du fichier Diagnostic
C:\Documents and Settings\TatiDanielle\Cookies\tatidanielle@adtech[2].txt Trace.TrackingCookie
C:\Documents and Settings\TatiDanielle\Cookies\tatidanielle@bluestreak[2].txt Trace.TrackingCookie
C:\Documents and Settings\TatiDanielle\Cookies\tatidanielle@com[2].txt Trace.TrackingCookie
C:\Documents and Settings\TatiDanielle\Cookies\tatidanielle@doubleclick[1].txt Trace.TrackingCookie
C:\Documents and Settings\TatiDanielle\Cookies\tatidanielle@edge.ru4[2].txt Trace.TrackingCookie
C:\Documents and Settings\TatiDanielle\Cookies\tatidanielle@questionmarket[1].txt Trace.TrackingCookie

C'est pas gagné donc. Sais-tu ce qu'il faut continuer de faire ?

est-ce que hijack free de a2 peut te dire quelque chose de plus ? désolée ca prend de la place, mais ca a l'air intéressant. l'air seulement ? :

Switch language


a-squared HiJackFree Analyse
www.hijackfree.com

Info-Versions: Résultat ToDo
Votre version de a-squared HiJackFree utilisée: 1.20
La version actuelle de a-squared HiJackFree: 1.20

Version utilisée du système d'exploitation: Windows XP
La version actuelle de votre système d'exploitation: Windows XP Service Pack 2
Veuillez svp, mettre à jour, votre système d'exploitation et installer le dernier Service-Pack au plus vite!
Registres Autoruns: Résultat ToDo
Nom: EM_EXEC
Chemin/path: C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Place: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bon: 1 - Grave: 0
Afficher les détails
Nom: MMTray
Chemin/path: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Place: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bon: 2 - Grave: 0
Afficher les détails
Nom: KAVPersonal50
Chemin/path: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe /minimize
Place: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bon: 1 - Grave: 0
Afficher les détails
Nom: pdfSaver3
Chemin/path:
Place: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bon: 1 - Grave: 0
Afficher les détails
Nom: msnappau
Chemin/path: C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
Place: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bon: 1 - Grave: 0
Afficher les détails
Nom: WinFixer 2005
Chemin/path: C:\Program Files\WinFixer 2005\wfx5.exe /min
Place: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Nom: LDM
Chemin/path: \Program\
Place: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bon: 2 - Grave: 0
Afficher les détails
Nom: Yahoo! Pager
Chemin/path: C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
Place: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bon: 2 - Grave: 2
Afficher les détails À prendre en considération
veuillez svp, comparer les détails avec vos données locales
et/ou rechercher avec Google
Nom: pdfSaver3
Chemin/path: C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
Place: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bon: 1 - Grave: 0
Afficher les détails
Nom: WinFixer 2005
Chemin/path: C:\Program Files\WinFixer 2005\wfx5.exe /min
Place: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Nom: a-squared
Chemin/path: C:\Program Files\a2\a2guard.exe
Place: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Bon: 2 - Grave: 0
Afficher les détails
Autoruns rusés et autres Autoruns: Résultat ToDo
Nom: load
Chemin/path:
Place: win.ini
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: run
Chemin/path:
Place: win.ini
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: shell
Chemin/path: Explorer.exe
Place: win.ini
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: scrnsave.exe
Chemin/path: C:\WINDOWS\System32\MARINE~1.SCR
Place: win.ini
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Logitech Desktop Messenger
Chemin/path:
Place: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: CTFMON.EXE
Chemin/path: C:\WINDOWS\System32\CTFMON.EXE
Place: HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: MSDOS Windows Service
Chemin/path: MSDOS.PIF
Place: HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: MS Unix Binary
Chemin/path: msnq3insller.exe
Place: HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: MS Auto-IPSec Protection
Chemin/path: MSASP32.exe
Place: HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Windows File System Checkd
Chemin/path: ntfsckd.exe
Place: HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: System reg
Chemin/path: sysrun32.exe
Place: HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Run\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Shell
Chemin/path: Explorer.exe
Place: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
Chemin/path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Place: HKLM\Software\Microsoft\Active Setup\Installed Components\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: {22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Chemin/path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT
Place: HKLM\Software\Microsoft\Active Setup\Installed Components\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Chemin/path: C:\WINDOWS\System32\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\System32\system32\themeui.dll
Place: HKLM\Software\Microsoft\Active Setup\Installed Components\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Chemin/path: C:\Program Files\Outlook Express\setup50.exe /APP:OE /CALLER:WINNT /user /install
Place: HKLM\Software\Microsoft\Active Setup\Installed Components\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: {44BBA842-CC51-11CF-AAFA-00AA00B6015B}
Chemin/path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
Place: HKLM\Software\Microsoft\Active Setup\Installed Components\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: {5945c046-1e7d-11d1-bc44-00c04fd912be}
Chemin/path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\System32\INF\msmsgs.inf,BLC.Install.PerUser
Place: HKLM\Software\Microsoft\Active Setup\Installed Components\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Chemin/path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
Place: HKLM\Software\Microsoft\Active Setup\Installed Components\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: {7790769C-0471-11d2-AF11-00C04FA35D02}
Chemin/path: C:\Program Files\Outlook Express\setup50.exe /APP:WAB /CALLER:WINNT /user /install
Place: HKLM\Software\Microsoft\Active Setup\Installed Components\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: {89820200-ECBD-11cf-8B85-00AA005B4340}
Chemin/path: regsvr32.exe /s /n /i:U shell32.dll
Place: HKLM\Software\Microsoft\Active Setup\Installed Components\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: {89820200-ECBD-11cf-8B85-00AA005B4383}
Chemin/path: C:\WINDOWS\System32\system32\ie4uinit.exe
Place: HKLM\Software\Microsoft\Active Setup\Installed Components\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
Chemin/path: rundll32 iesetup.dll,IEAccessUserInst
Place: HKLM\Software\Microsoft\Active Setup\Installed Components\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Fichier script VBScript
Chemin/path: C:\WINDOWS\System32\System32\WScript.exe %1 %*
Place: HKEY_CLASSES_ROOT\vbsfile\shell\open\command\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Fichier script crypté VBScript
Chemin/path: C:\WINDOWS\System32\System32\WScript.exe %1 %*
Place: HKEY_CLASSES_ROOT\vbefile\shell\open\command\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Fichier script JScript
Chemin/path: C:\WINDOWS\System32\System32\WScript.exe %1 %*
Place: HKEY_CLASSES_ROOT\jsfile\shell\open\command\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Fichier script crypté JScript
Chemin/path: C:\WINDOWS\System32\System32\WScript.exe %1 %*
Place: HKEY_CLASSES_ROOT\jsefile\shell\open\command\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Fichier de configuration de lenvironnement dexécution de scripts Windows
Chemin/path: C:\WINDOWS\System32\System32\WScript.exe %1 %*
Place: HKEY_CLASSES_ROOT\wshfile\shell\open\command\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Fichier script Windows
Chemin/path: C:\WINDOWS\System32\System32\WScript.exe %1 %*
Place: HKEY_CLASSES_ROOT\wsffile\shell\open\command\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Application
Chemin/path: %1 %*
Place: HKEY_CLASSES_ROOT\exefile\shell\open\command\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Application MS-DOS
Chemin/path: %1 %*
Place: HKEY_CLASSES_ROOT\comfile\shell\open\command\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Fichier de commande MS-DOS
Chemin/path: %1 %*
Place: HKEY_CLASSES_ROOT\batfile\shell\open\command\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Écran de veille
Chemin/path: %1 /S
Place: HKEY_CLASSES_ROOT\scrfile\shell\open\command\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: Raccourci pour le programme MS-DOS
Chemin/path: %1 %*
Place: HKEY_CLASSES_ROOT\piffile\shell\open\command\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: SCRNSAVE.EXE
Chemin/path: C:\WINDOWS\System32\MARINE~1.SCR
Place: HKCU\Control Panel\Desktop\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: BootExecute
Chemin/path: autocheck autochk *
Place: HKLM\System\CurrentControlSet\Control\Session Manager\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: PostBootReminder
Chemin/path: C:\WINDOWS\System32\system32\SHELL32.dll
Place: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: CDBurn
Chemin/path: C:\WINDOWS\System32\system32\SHELL32.dll
Place: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: WebCheck
Chemin/path:
Place: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Non examiné Entrée inconnue
Plus d'infos avec Google
Nom: SysTray
Chemin/path: C:\WINDOWS\System32\stobject.dll
Place: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\
Non examiné Entrée inconnue
Plus d'infos avec Google
Layered Service Provider (LSP): Résultat ToDo
Nom: mswsock.dll
Chemin/path: C:\WINDOWS\System32\system32\
Place: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Bon: 1 - Grave: 0
Afficher les détails
Nom: rsvpsp.dll
Chemin/path: C:\WINDOWS\System32\system32\
Place: HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\
Bon: 1 - Grave: 0
Afficher les détails
Explorer- et Navigateur-Addons: Résultat ToDo
Nom: AcroIEHlprObj Class
Chemin/path: C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
Place: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
ClsID: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Bon: 1 - Grave: 0
Afficher les détails
Nom:
Chemin/path: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
Place: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
ClsID: {53707962-6F74-2D53-2644-206D7942484F}
Bon: 1 - Grave: 0
Afficher les détails
Nom: Microsoft Javascript Class
Chemin/path: C:\WINDOWS\System32\dllcache\javascript.dll
Place: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
ClsID: {6E28339B-7A2A-47B6-AEB2-46BA53782373}
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Nom: ST
Chemin/path: C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
Place: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
ClsID: {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Nom:
Chemin/path: C:\Program Files\Microsoft Money\System\mnyviewer.dll
Place: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
ClsID: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Nom: URL Exec Hook
Chemin/path: shell32.dll
Place: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
ClsID: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Ports locaux ouverts: Résultat ToDo
Port: 135 TCP
Chemin/path: C:\WINDOWS\System32\svchost.exe (Processus-ID: 744)
Bon: 1 - Grave: 0
Afficher les détails
Port: 139 TCP
Chemin/path: ? (Processus-ID: 4)
Bon: 1 - Grave: 0
Afficher les détails
Port: 445 TCP
Chemin/path: ? (Processus-ID: 4)
Bon: 1 - Grave: 0
Afficher les détails
Port: 1034 TCP
Chemin/path: C:\WINDOWS\System32\ftp.exe (Processus-ID: 400)
Bon: 1 - Grave: 1
Afficher les détails À prendre en considération
veuillez svp, comparer les détails avec vos données locales
et/ou rechercher avec Google
Port: 1034 TCP
Chemin/path: C:\WINDOWS\System32\ftp.exe (Processus-ID: 400)
Bon: 1 - Grave: 1
Afficher les détails À prendre en considération
veuillez svp, comparer les détails avec vos données locales
et/ou rechercher avec Google
Port: 1035 TCP
Chemin/path: C:\WINDOWS\System32\ftp.exe (Processus-ID: 400)
Bon: 1 - Grave: 0
Afficher les détails
Port: 1100 TCP
Chemin/path: ? (Processus-ID: 0)
Bon: 1 - Grave: 1
Afficher les détails À prendre en considération
veuillez svp, comparer les détails avec vos données locales
et/ou rechercher avec Google
Port: 1110 TCP
Chemin/path: ? (Processus-ID: 1308)
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Port: 1125 TCP
Chemin/path: ? (Processus-ID: 1308)
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Port: 5000 TCP
Chemin/path: C:\WINDOWS\System32\svchost.exe (Processus-ID: 980)
Bon: 1 - Grave: 1
Afficher les détails À prendre en considération
veuillez svp, comparer les détails avec vos données locales
et/ou rechercher avec Google
Port: 8351 TCP
Chemin/path: C:\Program Files\Messenger\msmsgs.exe (Processus-ID: 1352)
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Port: 137 UDP
Chemin/path: ? (Processus-ID: 4)
Bon: 1 - Grave: 0
Afficher les détails
Port: 138 UDP
Chemin/path: ? (Processus-ID: 4)
Bon: 1 - Grave: 0
Afficher les détails
Port: 445 UDP
Chemin/path: ? (Processus-ID: 4)
Bon: 1 - Grave: 0
Afficher les détails
Port: 500 UDP
Chemin/path: C:\WINDOWS\System32\lsass.exe (Processus-ID: 564)
Bon: 1 - Grave: 0
Afficher les détails
Port: 1031 UDP
Chemin/path: C:\WINDOWS\System32\svchost.exe (Processus-ID: 948)
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Port: 1033 UDP
Chemin/path: C:\WINDOWS\System32\ftp.exe (Processus-ID: 400)
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Port: 1055 UDP
Chemin/path: C:\Program Files\Messenger\msmsgs.exe (Processus-ID: 1352)
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Port: 1056 UDP
Chemin/path: C:\Program Files\Messenger\msmsgs.exe (Processus-ID: 1352)
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Port: 1068 UDP
Chemin/path: C:\Program Files\Internet Explorer\iexplore.exe (Processus-ID: 944)
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Port: 1081 UDP
Chemin/path: C:\WINDOWS\Explorer.EXE (Processus-ID: 1444)
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Port: 1900 UDP
Chemin/path: C:\WINDOWS\System32\svchost.exe (Processus-ID: 980)
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Port: 1900 UDP
Chemin/path: C:\WINDOWS\System32\svchost.exe (Processus-ID: 980)
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Port: 7653 UDP
Chemin/path: C:\Program Files\Messenger\msmsgs.exe (Processus-ID: 1352)
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Processus actifs: Résultat ToDo
Nom: [System Process]
Processus-ID: 0
Chemin/path:
Info: Threads: 1 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: System
Processus-ID: 4
Chemin/path:
Info: Threads: 48 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: WFF.exe
Processus-ID: 348
Chemin/path: C:\Program Files\Fichiers communs\WinSoftware\
Info: Threads: 6 - Priorité: Normal - Visible: No
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Enregistrer la nouvelle Info du Processus
Nom: ftp.exe
Processus-ID: 400
Chemin/path: C:\WINDOWS\System32\
Info: Threads: 1 - Priorité: Normal - Visible: No
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Enregistrer la nouvelle Info du Processus
Nom: smss.exe
Processus-ID: 428
Chemin/path: C:\WINDOWS\System32\
Info: Threads: 3 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: csrss.exe
Processus-ID: 484
Chemin/path: C:\WINDOWS\System32\
Info: Threads: 11 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: winlogon.exe
Processus-ID: 508
Chemin/path: C:\WINDOWS\System32\
Info: Threads: 20 - Priorité: High - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: services.exe
Processus-ID: 552
Chemin/path: C:\WINDOWS\System32\
Info: Threads: 16 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: lsass.exe
Processus-ID: 564
Chemin/path: C:\WINDOWS\System32\
Info: Threads: 20 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: svchost.exe
Processus-ID: 744
Chemin/path: C:\WINDOWS\System32\
Info: Threads: 9 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: ymsgr_tray.exe
Processus-ID: 772
Chemin/path: C:\Program Files\Yahoo!\Messenger\
Info: Threads: 1 - Priorité: Normal - Visible: No
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Enregistrer la nouvelle Info du Processus
Nom: svchost.exe
Processus-ID: 796
Chemin/path: C:\WINDOWS\System32\
Info: Threads: 46 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: a2start.exe
Processus-ID: 860
Chemin/path: C:\Program Files\a2\
Info: Threads: 1 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: iexplore.exe (TROJAN BACKDORR AIDEZ MOI SVP - Microsoft Internet Explorer)
Processus-ID: 944
Chemin/path: C:\Program Files\Internet Explorer\
Info: Threads: 11 - Priorité: Normal - Visible: Yes
Bon: 1 - Grave: 0
Afficher les détails
Nom: svchost.exe
Processus-ID: 948
Chemin/path: C:\WINDOWS\System32\
Info: Threads: 5 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: svchost.exe
Processus-ID: 980
Chemin/path: C:\WINDOWS\System32\
Info: Threads: 13 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: msimn.exe (Boîte de réception - Outlook Express - Danielle)
Processus-ID: 996
Chemin/path: C:\Program Files\Outlook Express\
Info: Threads: 9 - Priorité: Normal - Visible: Yes
Bon: 1 - Grave: 0
Afficher les détails
Nom: a2sys.exe (a-squared HiJackFree)
Processus-ID: 1048
Chemin/path: C:\Program Files\a2\
Info: Threads: 1 - Priorité: Normal - Visible: Yes
Bon: 1 - Grave: 0
Afficher les détails
Nom: spoolsv.exe
Processus-ID: 1064
Chemin/path: C:\WINDOWS\System32\
Info: Threads: 11 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: cmd.exe
Processus-ID: 1216
Chemin/path: C:\WINDOWS\System32\
Info: Threads: 1 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: kavsvc.exe
Processus-ID: 1308
Chemin/path:
Info: Threads: 27 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: msmsgs.exe
Processus-ID: 1352
Chemin/path: C:\Program Files\Messenger\
Info: Threads: 13 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: Explorer.EXE
Processus-ID: 1444
Chemin/path: C:\WINDOWS\
Info: Threads: 12 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: EM_EXEC.EXE
Processus-ID: 1688
Chemin/path: C:\Program Files\Logitech\MouseWare\SYSTEM\
Info: Threads: 3 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: mm_tray.exe
Processus-ID: 1696
Chemin/path: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
Info: Threads: 1 - Priorité: Normal - Visible: No
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Enregistrer la nouvelle Info du Processus
Nom: kav.exe
Processus-ID: 1704
Chemin/path:
Info: Threads: 6 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
Nom: wfx5.exe
Processus-ID: 1780
Chemin/path: C:\Program Files\WinFixer 2005\
Info: Threads: 5 - Priorité: Normal - Visible: No
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Enregistrer la nouvelle Info du Processus
Nom: pdfSaver3.exe
Processus-ID: 1828
Chemin/path: C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\
Info: Threads: 2 - Priorité: Normal - Visible: No
Bon: 0 - Grave: 0
Entrée inconnue
Plus d'infos avec Google
Enregistrer la nouvelle Info du Processus
Nom: a2guard.exe
Processus-ID: 1844
Chemin/path: C:\Program Files\a2\
Info: Threads: 10 - Priorité: Normal - Visible: No
Bon: 1 - Grave: 0
Afficher les détails
L'analyse a été enregistrée et peut-être visualisée pendant au moins 7 jours minimum sur ce site.

Analyse faite le 14/08/2005 12:46:42