Infecté par spy sheriff Résolu

Question

Bonjour, je suis un néophyte de l'informatique. un virus nommé spysherif s'est introduit dans mon pc et je ne sais pas quoi faire. j'ai vu dans votre forum qu il faut vous donner le rapport: je vous le donne. help me please. jean luc.Logfile of HijackThis v1.99.1Scan saved at 13:06:08, on 26/12/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\DRIVERS\CDANTSRV.EXEC:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\explorer.exeC:\WINDOWS\inet20003\services.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\smax4.exeC:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exeC:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exeC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\Program Files\QuickTime\qttask.exeF:\Documents Karim\Nokia PC Suite 6\LaunchApplication.exeC:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\webHancer\Programs\whAgent.exeC:\WINDOWS\system32\paytime.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\Logitech\VideoCall\VideoCall.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeC:\Program Files\Logitech\Video\FxSvr2.exeF:\Documents Karim\Nokia PC Suite 6\PcSync2.exeC:\winstall.exeC:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXEC:\WINDOWS\system32\paytime.exeC:\WINDOWS\system32\sywsvcs.exeC:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exeC:\WINDOWS\inet20003\mm4.exeC:\WINDOWS\system32	askmgr.exeC:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exeC:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeC:\Program Files\MicroStar\WLANUtility\WlanUtility.exeC:\Program Files\MicroStar\WLANUtility\WLAN_Service.exeC:\WINDOWS\system32undll32.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settingsida\Local Settings\Temporary Internet Files\Content.IE5\Y82PHUAA\HijackThis[1].exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.htmlR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensF2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"F3 - REG:win.ini: run=C:\WINDOWS\inet20003\services.exeO2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRA~1\WEBHAN~1\programs\whiehlpr.dllO4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /trayO4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exeO4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exeO4 - HKLM\..\Run: [Microsoft Update 64 BIT] winman32.exeO4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"O4 - HKLM\..\Run: [MVS Splash] C:\PROGRA~1\McAfee\MANAGE~1\VScan\Splash.exeO4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exeO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exeO4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Documents Karim\Nokia PC Suite 6\LaunchApplication.exe -onlytrayO4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exeO4 - HKLM\..\Run: [timessquare] C:\windows	imessquare.exeO4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exeO4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] winman32.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exeO4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostartO4 - HKCU\..\Run: [VideoCall] "C:\Program Files\Logitech\VideoCall\VideoCall.exe" -minimizedO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" bootO4 - HKCU\..\Run: [PcSync] F:\Documents Karim\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"O4 - HKCU\..\Run: [Windows installer] C:\winstall.exeO4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exeO4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\services.exeO4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exeO4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exeO4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exeO8 - Extra context menu item: Ouvrir client sur le moniteur &1 - C:\WINDOWS\web\AOpenClient.htmO8 - Extra context menu item: Ouvrir client sur le moniteur &2 - C:\WINDOWS\web\AOpenClient.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO10 - Hijacked Internet access by WebHancerO10 - Hijacked Internet access by WebHancerO14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cabO16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://fr.vs.mcafeeasap.com/VS2/bin/myCioAgt.cabO16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cabO16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/uploader/FileUploader.cabO16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools.com/downloads/player/Install3.0/Installer.exeO16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game14.zylomgames.com/activex/zylomloader.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cabO18 - Protocol: bw+0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.591.dll (file missing)O18 - Protocol: offline-8876480 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dllO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXEO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: MSI_WLAN_Service - Unknown owner - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exeO23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Nilou17 · Answer

Salut Jean-Luc !!! :oD

Télécharge ceci : (merci a S!RI pour ce programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Exécute-le, double-clique sur Smitfraudfix.cmd.
Choisis l’option 1, il va générer un rapport.
Copie/colle le sur le poste stp.

A++++++++

jean luc · Answer

merci nilou voila le rapport smitfraud

SmitFraudFix v2.08

Rapport fait à 13:39:52,32 le 26/12/2005
Executé à partir de F:\Documents Karim\Documents KARIM\spy\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\

C:\drsmartload1.exe PRESENT !
C:\secure32.html PRESENT !
C:\winstall.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

C:\WINDOWS\desktop.html PRESENT !
C:\WINDOWS\kl.exe PRESENT !
C:\WINDOWS\ms1.exe PRESENT !
C:\WINDOWS\secure32.html PRESENT !
C:\WINDOWS\timessquare.exe PRESENT!
C:\WINDOWS\tool1.exe PRESENT !
C:\WINDOWS\tool2.exe PRESENT !
C:\WINDOWS\tool3.exe PRESENT !
C:\WINDOWS\tool4.exe PRESENT !
C:\WINDOWS\tool5.exe PRESENT !
C:\WINDOWS\toolbar.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

C:\WINDOWS\system32\child.dll PRESENT !
C:\WINDOWS\system32\paytime.exe PRESENT !
C:\WINDOWS\system32\sywsvcs.exe PRESENT !
C:\WINDOWS\system32\zlbw.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\rida\Application Data

C:\Documents and Settings\rida\Application Data\Install.dat PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

C:\Program Files\SpySheriff\ PRESENT!

»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"
"{4F141CBA-1457-6CCA-03A7-7AA21B61EA0F}"="OutPost FireWall"

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

Nilou17 · Answer

Coucou !!! :oDMaintenant, relance SmitfraudFix et choisis l'option 2.Comme précédent, copie-colle le rapport à la fin.A+++++++

jean luc · Answer

voila nilou :

SmitFraudFix v2.08

Rapport fait à 13:51:33,17 le 26/12/2005
Executé à partir de F:\Documents Karim\Documents KARIM\spy\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\drsmartload1.exe supprimé
C:\secure32.html supprimé
C:\winstall.exe supprimé
C:\WINDOWS\desktop.html supprimé
C:\WINDOWS\kl.exe supprimé
C:\WINDOWS\ms1.exe supprimé
C:\WINDOWS\secure32.html supprimé
C:\WINDOWS\timessquare.exe supprimé
C:\WINDOWS\tool1.exe supprimé
C:\WINDOWS\tool2.exe supprimé
C:\WINDOWS\tool3.exe supprimé
C:\WINDOWS\tool4.exe supprimé
C:\WINDOWS\tool5.exe supprimé
C:\WINDOWS\toolbar.exe supprimé
C:\WINDOWS\system32\child.dll supprimé
C:\WINDOWS\system32\paytime.exe supprimé
C:\WINDOWS\system32\sywsvcs.exe supprimé
C:\WINDOWS\system32\zlbw.dll supprimé
C:\Documents and Settings\rida\Application Data\Install.dat supprimé
C:\Program Files\SpySheriff\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport

jean luc · Answer

merci beaucoup a toi, Régis, Moe et Balltrap !!! vous assurez a max !!! ;-)j'attend ton analyse...:-)

Nilou17 · Answer

Tout d'abord, imprime ce message pour ne rien oublier

Désinstalle WebHancer via le Panneau de Configuration (Ajout/Suppression de programmes)

*** Déconnecte toi d'Internet

*** Vide ton cache Internet :

Panneau de configuration - Options Internet :
- Clique sur "Supprimer les cookies"
- Clique sur "Supprimer les fichiers" en cochant la case
Puis valide ...

*** Désactive la restauration système
Clic droit sur poste de travail - propriétés - onglet Restauration système
Coche "désactiver la restauration système" (accepte le redémarrage).

*** Redémarre en mode sans échec
Laisse passer l'écran du bios, puis tapote sur la touche F8.
Choisis le mode sans échec dans les options et valide avec entrée.

*** Rend visible les fichiers cachés et système :
Panneau de configuration - Options des dossiers - onglet Affichage
Coche " Afficher les fichiers et dossiers cachés "
Décoche " Masquer les extensions des fichiers dont le type est connu"
Décoche " Masquer les fichiers protégés du système" puis valide

*** Toujours en mode sans échec, lance HijackThis et fixe :
(Coche les cases au début des lignes suivantes)

F3 - REG:win.ini: run=C:\WINDOWS\inet20003\winlogon.exe
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20003\3.00.12.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\PROGRA~1\WEBHAN~1\programs\whiehlpr.dll

O4 - HKLM\..\Run: [Microsoft Update 64 BIT] winman32.exe
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe

O4 - HKLM\..\Run: [webHancer Agent] "C:\Program Files\webHancer\Programs\whAgent.exe"
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20003\winlogon.exe
O4 - HKLM\..\RunServices: [Microsoft Update 64 BIT] winman32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20003\winlogon.exe

O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer

+ toutes les 016

Puis valide avec Fix Checked

*** Recherche et supprime si présent :

[Dans le cas ou tu utiliserais la fonction Rechercher :
Tous les fichiers et tous les dossiers - Options avancées
• Rechercher dans les dossiers systèmes } DOIT ÊTRE COCHÉ
• Rechercher dans les fichiers et les dossiers cachés } DOIT ÊTRE COCHÉ
• Rechercher dans les sous-dossiers } DOIT ÊTRE COCHÉ

*** Supprime :

C:\WINDOWS\inet20003 (le dossier)
C:\WINDOWS\etb (le dossier)
winman32.exe
windir32.exe

*** Supprime les fichiers temporaires avec ce petit programme :
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

Ou manuellement : vide tout le contenu des dossiers en gras :
-- C:\Documents and Settings\ton compte\Local Settings\Temp
-- C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
-- C:\Temp
-- C:\Windows\Temp
-- C:\WINDOWS\Prefetch : Sauf le fichier layout.ini

*** Vide ta corbeille !

Redémarre normalement ton PC puis reposte un nouveau rapport HijackThis.

A++++++++++

jean luc · Answer

j'ai encore un soucis en fait, le fond d'ecran est tjs bleu meme si je le modifie dans le paneau de configuration.Qu'est ce ca pourrait etre Nilou?

Nilou17 · Answer

Relance SmitfraudFix, choisis l'option 1.Copie-colle le rapport ici.Je dois m'en aller !!!J'essaierai de revenir ce soir !!! A++++++

jeanluc · Answer

Je suis de retour voila les rapport :-)Logfile of HijackThis v1.99.1Scan saved at 15:54:59, on 26/12/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\DRIVERS\CDANTSRV.EXEC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\explorer.exeC:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeC:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeC:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeC:\Program Files\Analog Devices\SoundMAX\smax4.exeC:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exeC:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exeC:\Program Files\Logitech\Video\LogiTray.exeC:\Program Files\Java\jre1.5.0_04\bin\jusched.exeC:\Program Files\Fichiers communs\Real\Update_OBealsched.exeC:\Program Files\QuickTime\qttask.exeF:\Documents Karim\Nokia PC Suite 6\LaunchApplication.exeC:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exeC:\Program Files\iTunes\iTunesHelper.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Program Files\Logitech\VideoCall\VideoCall.exeC:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeF:\Documents Karim\Nokia PC Suite 6\PcSync2.exeC:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exeC:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeC:\PROGRA~1\FICHIE~1\Nokia\MPAPI\MPAPI3s.exeC:\Program Files\MicroStar\WLANUtility\WlanUtility.exeC:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXEC:\Program Files\Logitech\Video\FxSvr2.exeC:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\MicroStar\WLANUtility\WLAN_Service.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\WINDOWS\system32\wuauclt.exeF:\Documents Karim\HijackThis.exeR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LiensF2 - REG:system.ini: Shell=explorer.exe                                                                                                    "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exeO4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exeO4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exeO4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /trayO4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exeO4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exeO4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\myagttry.exe"O4 - HKLM\..\Run: [MVS Splash] C:\PROGRA~1\McAfee\MANAGE~1\VScan\Splash.exeO4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exeO4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exeO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osbootO4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [PCSuiteTrayApplication] F:\Documents Karim\Nokia PC Suite 6\LaunchApplication.exe -onlytrayO4 - HKLM\..\Run: [DataLayer] C:\Program Files\Fichiers communs\PCSuite\DataLayer\DataLayer.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostartO4 - HKCU\..\Run: [VideoCall] "C:\Program Files\Logitech\VideoCall\VideoCall.exe" -minimizedO4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exeO4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" bootO4 - HKCU\..\Run: [PcSync] F:\Documents Karim\Nokia PC Suite 6\PcSync2.exe /NoDialogO4 - HKCU\..\Run: [Shell] "C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.exe"O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-908\dslmon.exeO4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exeO4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXEO4 - Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exeO8 - Extra context menu item: Ouvrir client sur le moniteur &1 - C:\WINDOWS\web\AOpenClient.htmO8 - Extra context menu item: Ouvrir client sur le moniteur &2 - C:\WINDOWS\web\AOpenClient.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin
pjpi150_04.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/O18 - Protocol: bw+0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw+0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw-0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw00s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw10s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw20s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw30s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw40s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw50s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw60s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw70s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw80s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bw90s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwa0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwb0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwc0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwd0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwe0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwf0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dllO18 - Protocol: bwg0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwg0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwh0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwi0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwj0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwk0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwl0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwm0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwn0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwo0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwp0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwq0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwr0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bws0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwt0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwu0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwv0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bww0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwx0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwy0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: bwz0s - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O18 - Protocol: myrm - {4D034FC3-013F-4B95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt3.0.0.591.dll (file missing)O18 - Protocol: offline-8876480 - {0714B358-0D98-4768-A49D-C16241FF99E9} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dllO20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dllO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exeO23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXEO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: MSI_WLAN_Service - Unknown owner - C:\Program Files\MicroStar\WLANUtility\WLAN_Service.exeO23 - Service: McAfee Managed Services Agent (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeSmitFraudFix v2.08Rapport fait à 15:58:33,82 le 26/12/2005Executé à partir de F:\Documents Karim\Documents KARIM\spy\SmitfraudFixOS: Microsoft Windows XP [version 5.1.2600]»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settingsida\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Recherche Menu Démarrer»»»»»»»»»»»»»»»»»»»»»»»» Recherche Bureau»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues»»»»»»»»»»»»»»»»»»»»»»»» Recherche éléments du bureau  »»»»»»»»»»»»»»»»»»»»»»»» Recherche Sharedtaskscheduler[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pr‚-chargeur Browseui""{8C7461EF-2B13-11d2-BE35-3078302C2030}"="D‚mon de cache des cat‚gories de composant"»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapportmerci et ce soir j'espere ;-)

papadoc · Answer

Logfile of HijackThis v1.99.1
Scan saved at 17:57:03, on 23/01/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\m?iexec.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\stoo\erot.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe
C:\DOCUME~1\moi\LOCALS~1\Temp\20108.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\moi\LOCALS~1\Temp\Rar$EX00.656\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {119E35C9-F379-D1DB-0791-F34A3C8CA99D} - C:\WINDOWS\System32\vdeasqj.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {119E35C9-F379-D1DB-0791-F34A3C8CA99D} - C:\WINDOWS\System32\vdeasqj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Sqbw] C:\WINDOWS\System32\m?iexec.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
O4 - HKCU\..\Run: [Tess] "C:\Program Files\stoo\erot.exe" -vt yazr
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE

voila mais je narrive po a men debarasser pouvez vous maider par sur mon adresse ou ici merci

Utilisateur anonyme · Answer

Bonjour morkai,
Il serait préférable que tu fasses ton message personnel, cela rendra les postes plus compréhensibles et la réponse à ton problème sera plus efficace
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm

A bientôt

Infecté par spy sheriff

11 réponses

Votre réponse

Discussions similaires

Newsletters