Sujet Précédent Sujet Suivant

Hijackthis

Résolu
Philippe -  
 Utilisateur anonyme -
Bonjour a tous
je crois que j'ai un probléme avec Hijackthis: mon PC est fort lent et j'ai plein de publicités
voici mon rapport:
Logfile of HijackThis v1.99.1
Scan saved at 10:38:30, on 31/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\bG91aXMA\command.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SYSTEM32\Mounter.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\windows\sp2update00.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Philippe\Bureau\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rsfzkxjmvkmzzndgwetsdzjtt.net/ILcW41eIijboqlT4t6huQh1MMr6MBBE0wh6BzjEGiA6NNfnycL0LFXmDfvbpOdAC.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jhyspwoqjqunzywzugkxsmlq.net/ILcW41eIijbY_zu1zCEd2bSVNjVSY4kUGbgDeCdpmfI.cgi
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: (no name) - {BB508FBD-0BED-8662-15DD-F2E00D012850} - C:\DOCUME~1\Philippe\APPLIC~1\AUDIOE~1\Grambold.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll (file missing)
O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\AVA\Watch.exe
O4 - HKLM\..\Run: [sign web way surf] C:\Documents and Settings\All Users\Application Data\Eachfacesignweb\transmedia.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mustek MDC 3000] C:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [dizgeez] C:\WINDOWS\System32\gvhpbzt.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe" /startup "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0500.dll"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\letsroll.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe
O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\smmss.exe
O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] C:\WINDOWS\system32\Madden NFL 2006 crack.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe
O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe
O4 - HKLM\..\Run: [OPEN CASH ISO MESS] C:\Documents and Settings\All Users\Application Data\Amenfordopencash\Heartidle.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KeepRoad] C:\DOCUME~1\Philippe\APPLIC~1\LINKHE~1\play dead.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5A36399-A5DF-4C01-9DC0-609C5B0B85DB}: NameServer = 217.19.192.132 217.19.192.131
O18 - Protocol: bw+0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\spcoinst.dll (file missing)
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\g6jolg1316.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - Unknown owner - C:\Program Files\AVPersonal\AVGUARD.EXE (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bG91aXMA\command.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

si quelqu'un pouvait m'aider ced serait gentil
A voir également:

4 réponses

Réponse 1 / 4
Utilisateur anonyme
 
salut
tu es bien infecte !
Télécharge lopxp ici:

http://cjoint.com/?kumvZSxxY4

2) dezippe le (clic droit dessus > extraire tout)
et lance lopxp.bat
le bloc note va s'ouvrir, copie et colle le contenu ici

A+
0
Philippe
 
VOILA MON RAPPORT:
Rapport fait à 11:39:33,62 le 31/10/2005

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4234-12E3

R‚pertoire de C:\Documents and Settings\All Users\Application Data

31/10/2005 09:47 <REP> Spybot - Search & Destroy
10/06/2005 18:15 <REP> Messenger Plus!
12/01/2005 16:07 <REP> Kodak
03/11/2004 11:25 <REP> Amenfordopencash
25/07/2004 21:42 <REP> Eachfacesignweb
29/05/2004 13:41 <REP> Viewpoint
29/05/2004 13:38 <REP> AOL
27/03/2004 18:29 <REP> McAfee.com
27/05/2003 18:43 <REP> QuickTime
23/12/2002 14:02 <REP> SBT
23/12/2002 10:11 <REP> MSN6
22/12/2002 15:49 <REP> CyberLink
11/12/2002 11:25 <REP> SBSI
11/12/2002 11:20 62 desktop.ini
11/12/2002 11:20 <REP> Microsoft
11/12/2002 11:20 <REP> .
11/12/2002 11:20 <REP> ..
1 fichier(s) 62 octets
16 R‚p(s) 29670539264 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4234-12E3

R‚pertoire de C:\Documents and Settings\Default User\Application Data

11/12/2002 11:20 <REP> Microsoft
11/12/2002 11:20 <REP> Identities
11/12/2002 11:20 62 desktop.ini
11/12/2002 11:20 <REP> ..
11/12/2002 11:20 <REP> .
1 fichier(s) 62 octets
4 R‚p(s) 29670539264 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4234-12E3

R‚pertoire de C:\Documents and Settings\louis\Application Data

22/10/2005 19:15 <REP> Audio Enc User
28/08/2005 17:59 <REP> Google
27/08/2005 15:29 <REP> ppStream
24/07/2005 19:32 <REP> ArcSoft
19/07/2005 22:06 <REP> Sun
19/07/2005 11:20 <REP> Aim
18/07/2005 18:03 <REP> Media Player Classic
18/07/2005 17:34 <REP> LINK HELP ACE
29/12/2004 14:54 <REP> Mozilla
24/12/2003 22:40 <REP> FotoWire
14/12/2003 20:37 <REP> PeerNetworking
06/06/2003 20:11 <REP> Crystal FTP
17/05/2003 17:13 <REP> MSN6
05/04/2003 18:02 <REP> Adobe
05/04/2003 18:02 <REP> InterTrust
12/03/2003 19:13 <REP> Macromedia
25/01/2003 11:35 <REP> Template
04/01/2003 12:59 <REP> Help
23/12/2002 13:55 <REP> Microsoft Web Folders
22/12/2002 16:52 62 desktop.ini
22/12/2002 16:52 <REP> Identities
22/12/2002 16:52 <REP> ..
22/12/2002 16:52 <REP> .
22/12/2002 16:52 <REP> Microsoft
1 fichier(s) 62 octets
23 R‚p(s) 29670506496 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4234-12E3

R‚pertoire de C:\Documents and Settings\eugenie\Application Data

21/08/2005 22:16 <REP> Media Player Classic
21/08/2005 15:14 <REP> Skype
18/08/2005 23:00 <REP> Audio Enc User
09/08/2005 16:06 <REP> Sun
19/03/2005 18:19 <REP> Aim
16/03/2005 19:57 <REP> Notepad++
07/02/2005 12:31 <REP> Template
07/01/2005 21:01 <REP> Mozilla
15/10/2004 20:51 <REP> LINK HELP ACE
01/06/2004 17:42 <REP> Macromedia
01/06/2004 17:30 <REP> AOL
05/06/2003 19:54 <REP> Adobe
19/02/2003 12:55 <REP> Help
22/12/2002 16:54 62 desktop.ini
22/12/2002 16:54 <REP> Identities
22/12/2002 16:54 <REP> ..
22/12/2002 16:54 <REP> .
22/12/2002 16:54 <REP> Microsoft
1 fichier(s) 62 octets
17 R‚p(s) 29670506496 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4234-12E3

R‚pertoire de C:\Documents and Settings\lise\Application Data

22/12/2002 16:56 62 desktop.ini
22/12/2002 16:56 <REP> ..
22/12/2002 16:56 <REP> .
1 fichier(s) 62 octets
2 R‚p(s) 29670506496 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4234-12E3

R‚pertoire de C:\Documents and Settings\Philippe\Application Data

31/10/2005 10:31 <REP> Lavasoft
31/10/2005 07:24 <REP> Audio Enc User
11/09/2005 20:12 <REP> ppStream
02/09/2005 14:01 <REP> Aim
28/08/2005 12:46 <REP> Google
02/08/2005 17:03 <REP> LINK HELP ACE
31/07/2005 10:31 <REP> Adobe
27/07/2005 19:49 <REP> Sun
27/07/2005 13:05 <REP> Media Player Classic
26/07/2005 21:16 <REP> Macromedia
26/07/2005 16:50 <REP> Mozilla
26/07/2005 16:42 62 desktop.ini
26/07/2005 16:42 <REP> Identities
26/07/2005 16:42 <REP> Microsoft
26/07/2005 16:42 <REP> .
26/07/2005 16:42 <REP> ..
1 fichier(s) 62 octets
15 R‚p(s) 29670506496 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks

Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 4234-12E3

R‚pertoire de C:\WINDOWS\Tasks

31/10/2005 07:25 274 B867C9E9918470BD.job
15/10/2005 18:15 258 AD7B2BEB9184A8D7.job
07/09/2005 22:33 270 E22C27ED904BEBAD.job
23/07/2005 07:27 274 A94BF00891846918.job
10/05/2005 13:27 276 AC0D3F9A91D2B9E6.job
25/01/2005 12:10 274 A2F4951A918B06CE.job
27/10/2004 19:16 270 B5C67A0B9039E3C3.job
11/12/2002 11:25 65 desktop.ini
11/12/2002 11:25 6 SA.DAT
11/12/2002 11:25 <REP> .
11/12/2002 11:25 <REP> ..
9 fichier(s) 1ÿ967 octets
2 R‚p(s) 29ÿ670ÿ506ÿ496 octets libres

******************************************
Recherche dans Program files

Le dossier C:\Program Files\C2Media n'existe pas

*************** Fin du rapport ****************
0
Réponse 2 / 4
Utilisateur anonyme
 
Bonjour,

Imprime, ou enregistre la manip dans un fichier dans le bloc notes pour être sur ne rien oublier et de tout faire dans l'ordre.

-------------------
Tu as deux antivirus:
-avast
-antivir
2antivirus actifs sur un pc cree des conflits, d ou des plantages a repetition ou d autres soucis

--->2solutions:
soit tu en desactive un sans le supprimer
soit tu en supprimes un pour en garder qu un seul actif sur ton pc

Apparemment tu as eu antivir que tu as supprimer, donc le mieux est de supprimer les petites traces restantes de ton antivirus supprimé.Voyons cela...

-----

1/Telecharge ceci: Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
-aide en image:(merci à Balltrap34).
http://pageperso.aol.fr/balltrap34/democleanup.htm

Déconnecte toi d'Internet et ferme tout les programmes en cours.

Redémarre en mode sans échec
Redémarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
(Si F8 ne marche pas, essai F5)

Rend visible les fichiers cachés et système
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les extensions des fichiers dont le type est connu"
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Lance hijackthis et clic sur [do a system scan only]
cocher la case au début des lignes suivantes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rsfzkxjmvkmzzndgwetsdzjtt.net/ILcW41eIijboqlT4t6huQh1MMr6MBBE0wh6BzjE GiA6NNfnycL0LFXmDfvbpOdAC.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jhyspwoqjqunzywzugkxsmlq.net/ILcW41eIijbY_zu1zCEd2bSVNjVSY4kUGbgDeCdp mfI.cgi

O2 - BHO: (no name) - {BB508FBD-0BED-8662-15DD-F2E00D012850} - C:\DOCUME~1\Philippe\APPLIC~1\AUDIOE~1\Grambold.exe

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [sign web way surf] C:\Documents and Settings\All Users\Application Data\Eachfacesignweb\transmedia.exe

O4 - HKLM\..\Run: [dizgeez] C:\WINDOWS\System32\gvhpbzt.exe

O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"

O4 - HKLM\..\Run: [shell32] C:\WINDOWS\system32\wuauclt10.exe

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\system32\smmss.exe

O4 - HKLM\..\Run: [Windows update] C:\WINDOWS\system32\wudupdate.exe

O4 - HKLM\..\Run: [I downloaded pirated Software from P2P] C:\WINDOWS\system32\Madden NFL 2006 crack.exe

O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe

O4 - HKLM\..\Run: [msresearch] C:\windows\msresearch.exe

O4 - HKLM\..\Run: [sp2update] C:\windows\sp2update00.exe

O4 - HKLM\..\Run: [OPEN CASH ISO MESS] C:\Documents and Settings\All Users\Application Data\Amenfordopencash\Heartidle.exe

O4 - HKCU\..\Run: [KeepRoad] C:\DOCUME~1\Philippe\APPLIC~1\LINKHE~1\play dead.exe

O20 - Winlogon Notify: Hints - C:\WINDOWS\system32\spcoinst.dll (file missing)

O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\g6jolg1316.dll (file missing)

O23 - Service: AntiVir Service (AntiVirService) - Unknown owner - C:\Program Files\AVPersonal\AVGUARD.EXE (file missing)

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bG91aXMA\command.exe

valider en cliquant sur le bouton [fix checked]

- - - - - - - - -
--------------
¤Arrête ces services :

Clique sur Démarrer->exécuter->tape: services.msc

Double-clique: Service: AntiVir Service

Règle-le sur "Arrêté" et "Désactivé".

Fais de meme avec: Command Service (cmdService)
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Recherche et supprime ces dossiers:

Supprimer les fichiers en suivant le chemin des fichiers infectés si possible, plutot que d'utiliser la fonction "Rechercher"

S'ils sont présents, supprime:

C:\Documents and Settings\Philippe\Application Data\Audio Enc User
C:\Documents and Settings\All Users\Application Data\Eachfacesignweb\transmedia.exe
C:\WINDOWS\System32\gvhpbzt.exe
C:\Program Files\webHancer
C:\WINDOWS\system32\wuauclt10.exe
C:\WINDOWS\system32\smmss.exe
C:\WINDOWS\system32\wudupdate.exe
C:\WINDOWS\system32\Madden NFL 2006 crack.exe
C:\Program Files\SurfAccuracy
C:\windows\msresearch.exe
C:\windows\sp2update00.exe
C:\WINDOWS\bG91aXMA
C:\Documents and Settings\All Users\Application Data\Amenfordopencash\
C:\Documents and Settings\Philippe\Application Data\LINK HELP ACE
C:\Program Files\AVPersonal

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Ensuite fais Démarrer > exécuter et tape cmd
puis valide avec ok

dans la fenêtre qui va s'ouvrir, copie et colle ceci:

del /a C:\WINDOWS\tasks\B867C9E9918470BD.job

et valide en appuyant sur entrée

Fais de meme avec ceci:
del /a C:\WINDOWS\tasks\AD7B2BEB9184A8D7.job
del /a C:\WINDOWS\tasks\E22C27ED904BEBAD.job
del /a C:\WINDOWS\tasks\A94BF00891846918.job
del /a C:\WINDOWS\tasks\AC0D3F9A91D2B9E6.job
del /a C:\WINDOWS\tasks\A2F4951A918B06CE.job
del /a C:\WINDOWS\tasks\B5C67A0B9039E3C3.job

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Ensuite, très important:

:: Supprimer les fichiers temporaires ::

Exécute cleanup40.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Redémarre normalement et reposte un Hijackthis sur le poste…

Précises moi ou en sont tes soucis…

et scan ce fichier qui est surrement verole (sur a 95%)
Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\WINDOWS\system32\letsroll.exe
Clik send et colle le rapport stp

A+
0
Philippe
 
voila mon Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 13:50:51, on 31/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\Mounter.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Philippe\Bureau\Nouveau dossier\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cegetel.net
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O4 - HKLM\..\Run: [WebScan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\AVA\Watch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mustek MDC 3000] C:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Trust\AMI MOUSE 250SP WIRELESS OPTICAL\lwbwheel.exe
O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\letsroll.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5A36399-A5DF-4C01-9DC0-609C5B0B85DB}: NameServer = 217.19.192.132 217.19.192.131
O18 - Protocol: bw+0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {AB20A0B5-C702-4E84-B95A-9FEE6271CC09} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLACSD.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe


sinon il y a quelque fichier que je n'ai pas réussi a supprimer:
-C:\Program Files\AVPersonal
-C:\WINDOWS\system32\smmss.exe
et aussi quand j'ai redémarré mon PC en mode sans erreurs , quelques lignes du Hijackthis n'étaient plus la R0 et une 04 a part ça mon affichage s'est remis en mode windows classique celui que j'avais avant j'arrive plus a l'avoir
0
Réponse 3 / 4
Utilisateur anonyme
 
re,
t es rapide ^^ lol

Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\WINDOWS\system32\letsroll.exe
Clik send et colle le rapport stp
-------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE

----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).

C:\Program Files\AVPersonal

----------------------------------------------------------------------------
¤Arrête ces services :

Clique sur Démarrer->exécuter->tape: services.msc

Double-clique: AntiVir Update (AVWUpSrv) -

Règle-le sur "Arrêté" et "Désactivé".

-----
Pour récupérer ton style xp :
télécharge ceci et décompresse le
http://pageperso.aol.fr/Balltrap34/luna.zip

ensuite met le dans C:\WINDOWS\Resources\Themes\Luna
et double clic dessus

Ensuite réessaye de remettre le style xp

A+
0
Philippe
 
C:\WINDOWS\system32\letsroll.exe : fichier introuvable
C:\Program Files\AVPersonal : impossible a supprimer
et j'ai arreter le service antivir update
0
Philippe > Philippe
 
C:\Program Files\AVPersonal j'ai réussi a supprimer 1 des 2 fichiers de ce dossier le fichier .dll est impossible a supprimer
0
Réponse 4 / 4
Utilisateur anonyme
 
re,
t as recuperer ton style xp?

Pour ce fichier supprime le en mode sans echec
C:\Program Files\AVPersonal

a+
0

Discussions similaires

Analyse des logs hijackthis
philnoug -
nayas13 -

35 réponses
spywar
stephane74 -
stephane74 -

4 réponses
Processus et démarrage
baptcollot -
baptcollot -

4 réponses
Analyse logs hijackthis
embêté -
Utilisateur anonyme -

21 réponses
rapport Hijackthis
kawito33 -
kawito33 -

87 réponses