[winlogon.exe] suivi d'un virus

Voici le scan, je ne suis pas capable de les faire disparaitre car le programme ne répond plus.

__________________________________________________
ewido security suite online scanner
https://www.avg.com/en-us/free-antivirus-download
__________________________________________________


Name: Adware.WebDir
Path: HKU\S-1-5-21-527237240-2111687655-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F07DD3-924D-4141-BC74-299F523A95F1}
Risk: Medium

Name: Downloader.Zlob.jt
Path: [748] C:\WINDOWS\system32\ld71A5.tmp
Risk: High

Name: Trojan.Small
Path: C:\WINDOWS\system32\dfrgsrv.exe
Risk: High

Name: Downloader.Zlob.jt
Path: C:\WINDOWS\system32\ld71A5.tmp
Risk: High

Name: Adware.Casino
Path: C:\System Volume Information\_restore{2D091C3F-F4B6-407E-BB82-7A2A64F6A22A}\RP135\A0023658.exe
Risk: Medium

Name: Downloader.Zlob.jx
Path: C:\System Volume Information\_restore{2D091C3F-F4B6-407E-BB82-7A2A64F6A22A}\RP161\A0027720.dll
Risk: High

Name: Downloader.Zlob.jt
Path: C:\FOUND.005\FILE0002.CHK
Risk: High






Voila le 1er rapport,

SmitFraudFix v2.27

Rapport fait à 13:08:38,71, 2006-04-02
Executé à partir de C:\Documents and Settings\Jean\Mes documents\jean_prog\SMITHfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\dfrgsrv.exe PRESENT !
C:\WINDOWS\system32\ncompat.tlb PRESENT !
C:\WINDOWS\system32\1024\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Merci a toi Bernie61 le HijackPROC est ma prochaine étape.
Merci a toi Incognito02 voici les résultat demandé.


Voici le résultat du 2iem scan


SmitFraudFix v2.27

Rapport fait à 13:42:42,71, 2006-04-02
Executé à partir de C:\Documents and Settings\Jean\Mes documents\jean_prog\SMITHfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin




J'ai prit le temps d'éffectuer un autre scan en mode sans échec, l'option 1 voici le résultat.




SmitFraudFix v2.27

Rapport fait à 13:44:51,71, 2006-04-02
Executé à partir de C:\Documents and Settings\Jean\Mes documents\jean_prog\SMITHfraudfix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

[HKEY_CLASSES_ROOT\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

[HKEY_CLASSES_ROOT\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Il y a de divers trojans et les virus qui infecte winlogon.exe, veuillez être spécifiques qu'on vous infecte. Veuillez voir les trojans liés à ce dossier ici : http://precisesecurity.com/files-process/2007/04/07/winlogonexe/

Bonjour Berni61! je ne suis pas capable de les éffacer le prog.. ne répond plus.

je te post le highjackPROC.

a + et merci!


_________________________________________________
ewido security suite online scanner
https://www.avg.com/en-us/free-antivirus-download
__________________________________________________


Name: Adware.WebDir
Path: HKU\S-1-5-21-527237240-2111687655-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58F07DD3-924D-4141-BC74-299F523A95F1}
Risk: Medium

Name: Downloader.Zlob.jt
Path: [748] C:\WINDOWS\system32\ld71A5.tmp
Risk: High

Name: Trojan.Small
Path: C:\WINDOWS\system32\dfrgsrv.exe
Risk: High

Name: Downloader.Zlob.jt
Path: C:\WINDOWS\system32\ld71A5.tmp
Risk: High

Name: Adware.Casino
Path: C:\System Volume Information\_restore{2D091C3F-F4B6-407E-BB82-7A2A64F6A22A}\RP135\A0023658.exe
Risk: Medium

Name: Downloader.Zlob.jx
Path: C:\System Volume Information\_restore{2D091C3F-F4B6-407E-BB82-7A2A64F6A22A}\RP161\A0027720.dll
Risk: High

Name: Downloader.Zlob.jt
Path: C:\FOUND.005\FILE0002.CHK
Risk: High

Hey Bernie61 Voici le résultat avec hijackthis,
Merci encore pour votre coup de pouce et votre expertise car je ni connait rien du tout dans tout cela.

Alone we fall Togheter we stand ! merci encore meme ci mon probleme est loin d'etre réglé.

Le cousin


Logfile of HijackThis v1.99.1
Scan saved at 14:14:35, on 2006-04-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jean\Bureau\HijackThis1-99-1.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\LAVASOFT\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Assistant Internet.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by15fd.bay15.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://www.skibanff.com/skicam/AxisCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://techgenix.com/security/
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Je ne comprend pas vraiment mais voici la liste que j'ai exporté, je ne c pas si c normale mais la liste augmente et diminue de temps a autre.

Unknown 0 192.168.2.11 1137 80.118.149.162 80 TIME_WAIT TCP
Unknown 0 192.168.2.11 1125 80.118.149.162 80 TIME_WAIT TCP
Unknown 0 192.168.2.11 1119 193.19.219.216 80 TIME_WAIT TCP
Unknown 0 192.168.2.11 1117 193.19.219.216 80 TIME_WAIT TCP
Unknown 0 192.168.2.11 1053 206.47.72.169 80 TIME_WAIT TCP
Unknown 0 192.168.2.11 1039 67.69.127.49 80 TIME_WAIT TCP
Unknown 0 127.0.0.1 12080 127.0.0.1 1138 TIME_WAIT TCP
System 4 192.168.2.11 138 LISTEN UDP
System 4 192.168.2.11 137 LISTEN UDP
System 4 0.0.0.0 445 LISTEN UDP
System 4 192.168.2.11 139 LISTEN TCP
System 4 0.0.0.0 445 LISTEN TCP
lsass.exe 804 0.0.0.0 4500 LISTEN UDP C:\WINDOWS\system32\lsass.exe
lsass.exe 804 0.0.0.0 500 LISTEN UDP C:\WINDOWS\system32\lsass.exe
svchost.exe 1040 0.0.0.0 135 LISTEN TCP C:\WINDOWS\system32\svchost.exe
svchost.exe 1136 192.168.2.11 123 LISTEN UDP C:\WINDOWS\System32\svchost.exe
smc.exe 1224 127.0.0.1 1035 LISTEN UDP C:\Program Files\Sygate\SPF\smc.exe
smc.exe 1224 0.0.0.0 1034 LISTEN UDP C:\Program Files\Sygate\SPF\smc.exe
svchost.exe 1292 0.0.0.0 1025 LISTEN UDP C:\WINDOWS\system32\svchost.exe
svchost.exe 1420 192.168.2.11 1900 LISTEN UDP C:\WINDOWS\system32\svchost.exe
ashMaiSv.exe 2408 127.0.0.1 12143 LISTEN TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
ashMaiSv.exe 2408 127.0.0.1 12119 LISTEN TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
ashMaiSv.exe 2408 127.0.0.1 12110 LISTEN TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
ashMaiSv.exe 2408 127.0.0.1 12025 LISTEN TCP C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
ashWebSv.exe 2460 192.168.2.11 1135 193.19.219.216 80 CLOSE_WAIT TCP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
ashWebSv.exe 2460 192.168.2.11 1129 193.19.219.216 80 CLOSE_WAIT TCP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
ashWebSv.exe 2460 192.168.2.11 1055 206.47.72.169 80 ESTABLISHED TCP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
ashWebSv.exe 2460 192.168.2.11 1051 207.68.178.61 80 ESTABLISHED TCP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
ashWebSv.exe 2460 192.168.2.11 1049 67.72.120.62 80 CLOSE_WAIT TCP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
ashWebSv.exe 2460 192.168.2.11 1045 207.68.173.254 80 ESTABLISHED TCP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
ashWebSv.exe 2460 192.168.2.11 1043 207.46.20.30 80 ESTABLISHED TCP C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
alg.exe 2696 127.0.0.1 1031 LISTEN TCP C:\WINDOWS\System32\alg.exe
iexplore.exe 3216 127.0.0.1 1041 LISTEN UDP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 3216 127.0.0.1 1134 127.0.0.1 12080 ESTABLISHED TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 3216 127.0.0.1 1128 127.0.0.1 12080 ESTABLISHED TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 3216 127.0.0.1 1054 127.0.0.1 12080 ESTABLISHED TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 3216 127.0.0.1 1050 127.0.0.1 12080 ESTABLISHED TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 3216 127.0.0.1 1047 127.0.0.1 12080 ESTABLISHED TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 3216 127.0.0.1 1044 127.0.0.1 12080 ESTABLISHED TCP C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe 3216 127.0.0.1 1042 127.0.0.1 12080 ESTABLISHED TCP C:\Program Files\Internet Explorer\iexplore.exe

J'ai effecté un nouveau scan avec ewido. Je crois etre débarrassé des déchets. Apres avoir fait tout cela je crois que mon pc est normal mais je suis devenu un peu parano. la demande d'invitation d'ouverture d'une session windows n'est pas revenue mais je viens de redémarrer et je suis allé pour regarder ma boite a message et cette fenetre est apparue.

Windows messenger (msmsgs.exe) is trying to connect to messenger.hotmail.com [65.54.239.210] using remote port 1863 (MSNP - MSN Messenger Service Protocol). Do you want to allow this program to access the network?"

Voici le détail, je n'est pas répondu la fenetre est toujours sur mon écran. Je ne c vraiment quoi faire étant donnée que les programmes malveillants ressemble a de vrai application. Je vous dit merci pour votre patience et vos conseils.

Le cousin

File Version : 4.7.0.3001
File Description : Windows Messenger (msmsgs.exe)
File Path : C:\Program Files\Messenger\msmsgs.exe
Process ID : 0xA38 (Heximal) 2616 (Decimal)

Connection origin : local initiated
Protocol : TCP
Local Address : 192.168.2.11
Local Port : 1039
Remote Name : messenger.hotmail.com
Remote Address : 65.54.239.210
Remote Port : 1863 (MSNP - MSN Messenger Service Protocol)

Ethernet packet details:
Ethernet II (Packet Length: 76)
Destination: 00-0b-23-8e-30-a4
Source: 00-50-8d-d7-34-1b
Type: IP (0x0800)
Internet Protocol
Version: 4
Header Length: 20 bytes
Flags:
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset:0
Time to live: 128
Protocol: 0x6 (TCP - Transmission Control Protocol)
Header checksum: 0xcb06 (Correct)
Source: 192.168.2.11
Destination: 65.54.239.210
Transmission Control Protocol (TCP)
Source port: 1039
Destination port: 1863
Sequence number: 4072881213
Acknowledgment number: 0
Header length: 28
Flags:
0... .... = Congestion Window Reduce (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...0 .... = Acknowledgment: Not set
.... 0... = Push: Not set
.... .0.. = Reset: Not set
.... ..1. = Syn: Set
.... ...0 = Fin: Not set
Checksum: 0xc55 (Correct)
Data (0 Bytes)

Binary dump of the packet:
0000: 00 0B 23 8E 30 A4 00 50 : 8D D7 34 1B 08 00 45 00 | ..#.0..P..4...E.
0010: 00 30 00 41 40 00 80 06 : 06 CB C0 A8 02 0B 41 36 | .0.A@.........A6
0020: EF D2 04 0F 07 47 F2 C3 : 3C 3D 00 00 00 00 70 02 | .....G..<=....p.
0030: FF FF 55 0C 00 00 02 04 : 05 B4 01 01 04 02 65 72 | ..U...........er
0040: 07 68 6F 74 6D 61 69 6C : 03 63 6F 6D | .hotmail.com

Merci de votre aide, j'aurais une derniere question, dans le détail, la ligne qui indique ceci représente quoi au juste (Time to live: 128 ) ?

Merci bien pour l'info. a+