Sujet Précédent Sujet Suivant

Pubs intempestives

jml60 Messages postés 10 Statut Membre -  
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
Depuis quelques jours, des fenêtres de pub s'ouvrent intempestivement. Les adresses des sites sont : epass-key.com,fp.gad-network.com ...
J'ai passé plusieurs anti-spyware dont ewido, sans résultats.

En espérant que quelqu'un peut m'aider.
Merci d'avance

14 réponses

Réponse 1 / 14
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Salut,

Tu peux faire ceci STP
F - Hijackthis - Outil de diagnostic et réparation
lire démo
http://pageperso.aol.fr/balltrap34/Hijenr.gif
http://pageperso.aol.fr/balltrap34/demohijack.htm
Télécharge version française ici
http://telechargement.zebulon.fr/160-patch-francais-pour-hijackthis-1991.html
Copie/colle le rapport

Bon courage

A++

0
Réponse 2 / 14
jml60 Messages postés 10 Statut Membre
 
Voici le résultat de hijackthis.
Logfile of HijackThis v1.99.1
Scan saved at 17:14:26, on 14/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Jean Marc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://vpn.gfi.fr/extender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{126ECEB4-C64B-4F05-92C6-748F5638ADEA}: NameServer = 84.103.237.141 86.64.145.141
O18 - Protocol: bw+0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

Merci
0
Réponse 3 / 14
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Salut,

Commence par ça :
Bonjour,

Méthode à suivre dans l'ordre...
----------------------------------------------------------------------------
Télécharger ces logiciels
A utiliser plus tard

A - ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip

B - spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

C - Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..)
Télécharge ici :
https://www.ccleaner.com/ccleaner/download
Tutorial ici:
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

D - Ewido (download)- gratuit même après 14 jours d’essai
http://perso.wanadoo.fr/entraide-hijackthis/Ewido/
Copie/COLLE le rapport généré sur ce forum
Pour certaines versions de Windows antérieures à XP, Ewido peut ne pas être compatible
Dans ce cas, il te faudra utiliser a-squared free et demander une clef pour son usage gratuit
https://www.emsisoft.com/fr/

----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage

Coche « afficher les fichiers et dossiers cachés »

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.

Et appliquer !
=================================
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

O16 - DPF: fdjeux - https://www.fdjeux.net/classes/fdjeux.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://vpn.gfi.fr/extender.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{126ECEB4-C64B-4F05-92C6-748F5638ADEA}: NameServer = 84.103.237.141 86.64.145.141
O18 - Protocol: bw+0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {041DED6E-053E-4959-9E50-B6C42E888BE3} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
============ ============================
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Vide tes fichiers temps et temporary internet file:

Maintenant tu lances
A/ Ad-Aware supprime quarantaine
B/ Spybot Supprime quarantaine
C/ Ccleaner Ewido Copier/coller le rapport
D/
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

Tiens nous au courant

A+

0
Réponse 4 / 14
jml60 Messages postés 10 Statut Membre
 
Bonsoir,
J'ai fait toutes les opérations demandées, mais malheureusement, le problème subsiste.
Voici les adresses que j'obtiens en faisant un clic droit sur l'ecran :
http://www.epass-key.com/ (dialsexy)
http://media.rapid-ss.net/fullpages/vzap_v3/fullpage01/images

Rapport HiJackThis :
Logfile of HijackThis v1.99.1
Scan saved at 21:34:42, on 14/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Jean Marc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{126ECEB4-C64B-4F05-92C6-748F5638ADEA}: NameServer = 86.64.145.140 84.103.237.140
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

Bonne réception et à demain
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
jml60 Messages postés 10 Statut Membre
 
Bonjour,

J'ai des compléments d'information :

Une anlyse avec Spyware Doctor (payant pour l'éradication) détecte :
- Instant Access
- Trojan MailSkinner

Est-ce ces virus qui provoquent l'apparition des pubs et comment les supprimer.

Merci d'avance
0
Réponse 6 / 14
^^Marie^^ Messages postés 126523 Date d'inscription   Statut Membre Dernière intervention   3 279
 
Re,

Tu peus faire le rapport Ewido demandé au poste <3>

Merci

A++
0
Réponse 7 / 14
jml60 Messages postés 10 Statut Membre
 
voici le rapport Ewido :

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:55:30 15/07/2006

+ Scan result:

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\N2HMRA0V\drsmartload_js[1].htm -> Downloader.IstBar.j : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\XDT0GKUS\drsmartload_js[2].htm -> Downloader.IstBar.j : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\N2HMRA0V\get_74109_Spyware.Doctor.v3.8.0.2575-CRD_crack[2].htm -> Downloader.IstBar.u : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\N2HMRA0V\crackz[1].htm -> Not-A-Virus.Exploit.HTML.DialogArg : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\YH0JKLM5\search[3].htm -> Not-A-Virus.Exploit.HTML.DialogArg : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@adtech[2].txt -> TrackingCookie.Adtech : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@estat[1].txt -> TrackingCookie.Estat : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@ehg-neuftelecom.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@hotlog[1].txt -> TrackingCookie.Hotlog : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@spylog[1].txt -> TrackingCookie.Spylog : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@statcounter[1].txt -> TrackingCookie.Statcounter : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@weborama[2].txt -> TrackingCookie.Weborama : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@yadro[1].txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@zedo[2].txt -> TrackingCookie.Zedo : No action taken.

::Report end

Merci et A+
0
Réponse 8 / 14
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Remet un HijackThis

As tu dans ajout/suppression de programme mailskinner?

a++
0
Réponse 9 / 14
jml60 Messages postés 10 Statut Membre
 
rapport HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 13:31:42, on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Jean Marc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{126ECEB4-C64B-4F05-92C6-748F5638ADEA}: NameServer = 84.103.237.145 86.64.145.145
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

Merci
A++
0
Réponse 10 / 14
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

1- T'as pas repondu a ma question?

2-Télécharge Blacklight (de F-Secure) a l’une des 2 adresses :
https://www.f-secure.com/en
https://www.f-secure.com/en

et sauvegarde le sur ton Bureau.

Double-clique blbeta.exe et accepte la licence ; laisse [X]scan through Windows Explorer activé ; clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse

a+
0
Réponse 11 / 14
jml60 Messages postés 10 Statut Membre
 
Salut,

1 - Le programme mailskinner n'est pas dans ajout/suppression de programme

2 - Rapport de Blacklight :

07/15/06 14:09:10 [Info]: BlackLight Engine 1.0.42 initialized
07/15/06 14:09:10 [Info]: OS: 5.1 build 2600 (Service Pack 2)
07/15/06 14:09:10 [Note]: 7019 4
07/15/06 14:09:10 [Note]: 7005 0
07/15/06 14:09:23 [Note]: 7006 0
07/15/06 14:09:23 [Note]: 7011 1952
07/15/06 14:09:23 [Note]: 7026 0
07/15/06 14:09:23 [Note]: 7026 0
07/15/06 14:09:23 [Note]: 7015 292
07/15/06 14:09:23 [Note]: 7015 5
07/15/06 14:09:23 [Note]: 7015 404
07/15/06 14:09:23 [Note]: 7015 5
07/15/06 14:09:23 [Note]: 7024 3
07/15/06 14:09:23 [Info]: Hidden process: C:\windows\system32\grlowjcid.exe
07/15/06 14:09:23 [Note]: FSRAW library version 1.7.1019
07/15/06 14:14:52 [Info]: Hidden file: c:\WINDOWS\Prefetch\GRLOWJCID.EXE-0B7767AA.pf
07/15/06 14:14:52 [Note]: 10002 1
07/15/06 14:15:10 [Info]: Hidden file: c:\WINDOWS\system32\grlowjcid_nav.dat
07/15/06 14:15:10 [Note]: 10002 1
07/15/06 14:15:10 [Info]: Hidden file: c:\WINDOWS\system32\grlowjcid.dat
07/15/06 14:15:10 [Note]: 10002 1
07/15/06 14:15:11 [Info]: Hidden file: C:\windows\system32\grlowjcid.exe
07/15/06 14:15:11 [Note]: 10002 1
07/15/06 14:15:11 [Info]: Hidden file: c:\WINDOWS\system32\grlowjcid_navps.dat
07/15/06 14:15:11 [Note]: 10002 1
07/15/06 14:20:43 [Note]: 7007 0

Merci d'avance, A+
0
Réponse 12 / 14
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut ;

Télécharge Brute Force Uninstaller (de Merijn) ici:
http://www.merijn.org/files/bfu.zip
Créé un nouveau dossier directement à la racine de ton disque dur ou l'endroit qui te convient, nomme ce dossier BFU.
Décompresse le fichier téléchargé dans ce nouveau dossier (par exemple C:\BFU)

Ensuite, télécharge EGDACCESS.bfu (de Metallica) :

Fais un clik droit ici : http://metallica.geekstogo.com/EGDACCESS.bfu et choisis "Enregistrer la cible sous..." afin de télécharger EGDACCESS.bfu (de Metallica). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer ; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

Si tu utilises Internet Explorer, assure-toi lors de la sauvegarde que le champs "Type :" affiche "Tous les fichiers".
Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : EGDACCESS.bfu et BFU.exe (très important).

Ensuite:
Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
clic sur ok pour valider

Redémarre en mode sans échec
Redemarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

Lance "Brute Force Uninstaller" en double-cliquant BFU.exe (Dans le dossier C:\BFU)
- Clique sur le petit dossier jaune, et clique sur : EGDACCESS.bfu
- Coches la case Show log after script ends
- Clique sur Execute pour que le fix fasse son boulot :-)

Attends que le message Complete script execution apparaîsse et clique sur OK.
Un rapport va s'afficher dans la fenetre du programme, copie et colle dans le bloc-notes, puis sauvegardes le, tu le posteras plus tard sur le forum.
Clique Exit pour fermer le programme BFU.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

Ensuite, lance Blacklight en double cliquant sur blbeta.exe et accepte la licence.
Clique sur Scan pour lancer l'analyse.
Une fois fait, selectionnes chaques fichiers trouvés et clic sur "RENAME"
Puis valide.
Réponds oui aux messages d'avertissements et te demandant si tu autorises le reboot du pc.

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-

Après le reboot du pc, les fichiers :

c:\WINDOWS\Prefetch\GRLOWJCID.EXE-0B7767AA.pf
c:\WINDOWS\system32\grlowjcid_nav.dat
c:\WINDOWS\system32\grlowjcid.dat
C:\windows\system32\grlowjcid.exe
c:\WINDOWS\system32\grlowjcid_navps.dat

devraient être visible et pouvoir être supprimés sans aucuns soucis.
Blacklight ne les supprimes pas, il les renommes simplement et il va falloir que tu les vires toi même:
Va dans C:\windows\system32\ et recherches et effaces:

grlowjcid_nav.dat.ren
grlowjcid.dat.ren
grlowjcid.exe.ren
grlowjcid_navps.dat.ren

Une fois fait, reposte un rapport hijackthis + le rapport de BFU que tu auras sauvegardé et un nouveau rapport de blacklight.

bon nettoyage et bon courage ;-)
0
Réponse 13 / 14
jml60 Messages postés 10 Statut Membre
 
Salut,

Enfin, grace à tes indications, les fenêtres intempestives et parfois pornos ont disparues.

Encore merci pour ton aide et à +

PS: Les rapports demandés :

-Logfile of HijackThis v1.99.1
Scan saved at 15:33:29, on 15/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Jean Marc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCS] "C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [grlowjcid] c:\windows\system32\grlowjcid.exe grlowjcid
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SpyBrowser] "C:\Program Files\SpyBro\SpyBro.exe" /autostart
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar4.dll/cmwordtrans.html
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar4.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar4.dll/cmsimilar.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar4.dll/cmsearch.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar4.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{126ECEB4-C64B-4F05-92C6-748F5638ADEA}: NameServer = 84.103.237.143 86.64.145.143
O20 - Winlogon Notify: SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)

-BFU v1.00.9
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 15:01:37, on 15/07/2006

Option Delete files to Recycle Bin: Yes
Failed: DllUnregister C:\WINDOWS\system32\MSWBM32.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MailSkinner\OESkinner.dll|1 (file not found)
Failed: FolderDelete C:\Program Files\dialpass (folder not found)
Failed: FolderDelete C:\Program Files\eghtmldialer (folder not found)
Failed: FolderDelete C:\Program Files\egroup (folder not found)
Failed: FolderDelete C:\Program Files\Instant Access (folder not found)
Failed: FolderDelete C:\Program Files\MailSkinner (folder not found)
Failed: DllUnregister C:\WINDOWS\mslagent\2_mslagent.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\navmpc\2_navmpc.dll|1 (file not found)
Failed: FolderDelete C:\WINDOWS\mslagent (folder not found)
Failed: FolderDelete C:\WINDOWS\navmpc (folder not found)
Failed: FileDelete C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\~DF7A02.tmp (operation failed)
Failed: FolderCreate C:\WINDOWS\system32\bfubackups (folder already exists)
Script completed.

- blacklight ne trouve rien.
0
Réponse 14 / 14
Regis59 Messages postés 21143 Date d'inscription   Statut Contributeur sécurité Dernière intervention   1 322
 
Salut

Tu peux fixer ceci dans HijackThis:
O4 - HKLM\..\Run: [grlowjcid] c:\windows\system32\grlowjcid.exe grlowjcid

Des questions?

A++
0

Discussions similaires

apparation intempestives de pub type site de rencontre et photo dans le même ton
Crokino -
Crokino -

6 réponses
Publicités : même son coupé, elles sont à fond
Leboss104 -
loisou17 -

5 réponses
Problème de son dans les pubs
SoleneH -
fanou10 -

3 réponses
Publicité s'ouvre toute seule ! ?
RRD91 -
Vinz -

52 réponses
Pubs sites de rencontre intempestives
ant44 -
Malekal_morte- -

11 réponses