Cheval de Troie : De l'aide !!

Résolu
Claire -  
 mic -
Bonjour,
Pouvez vous m'aider ? Je suis perdue.
Je copie le rapport HijackThis.
Merci beaucoup d'avance.

Logfile of HijackThis v1.99.1
Scan saved at 19:42:48, on 27/09/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.exe
C:\WINNT\system32\msejavaupdt32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Softwin\BitDefender8\vsserv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\wunupdsr.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINNT\system32\dev.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\system32\internat.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Incredimail\bin\IncMail.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINNT\msagent\AgentSvr.exe
C:\Program Files\Hijackthis\hijackthis_199\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
F2 - REG:system.ini: Shell=Explorer.exe msejavaupdt32.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,msejavaupdt32.exe
O2 - BHO: DeskbarBHO - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - C:\Program Files\Deskbar\deskbar.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Connection Managers] wunupdsr.exe
O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKLM\..\Run: [Ms Java Update For Windows NT/XP] msejavaupdt32.exe
O4 - HKLM\..\Run: [BDMCon] C:\Program Files\Softwin\BitDefender8\\bdmcon.exe
O4 - HKLM\..\Run: [BDSwitchAgent] C:\Program Files\Softwin\BitDefender8\\bdswitch.exe
O4 - HKLM\..\Run: [BDNewsAgent] C:\Program Files\Softwin\BitDefender8\\bdnagent.exe
O4 - HKLM\..\Run: [Windows APCI Verifier] dev.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINNT\system32\explorer.exe
O4 - HKLM\..\RunServices: [Connection Managers] wunupdsr.exe
O4 - HKLM\..\RunServices: [Windows APCI Verifier] dev.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
O4 - HKCU\..\Run: [Ms Java Update For Windows NT/XP] msejavaupdt32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com
O18 - Protocol: bw+0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll sockspy.dll
O20 - Winlogon Notify: Run - C:\WINNT\system32\enj0l11m1.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe" /service (file missing)
O23 - Service: Microsoft Languages Service (Windows Languages Service) - Unknown owner - C:\WINNT\csrss.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Claire

50 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

L'analyse porte sur un log HijackThis et les éléments détectés sur Windows 2000 SP4, afin d'identifier des infections potentielles et des modifications du démarrage et des services système. Plusieurs éléments de réponse soulignent des signes d'infection: entrées Run et registres modifiés, AppInit_DLLs suspect, services inconnus et fichiers manquants, nécessitant un redémarrage en mode normal et un nouveau log HijackThis. Des conseils complémentaires évoquent la vérification des droits administratifs et la mise à jour des systèmes, ainsi que l'examen approfondi des processus et services listés (par exemple avast, BitDefender et des composants douteux).

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    slt,

    désinstale ceci (en gras):

    C:\Program Files\Deskbar

    ensuite :

    Scanne ton Pc avec ce log :

    ewido (gratuit même après la période d’essai)
    Téléchargement :
    http://perso.orange.fr/entraide-hijackthis/Ewido/
    Cliques sur « update » fais les mise à jour ensuite clique sur « scanner » puis sur « complete scan system ».
    Tuto pour la version 4 d’Ewido :
    https://www.malekal.com/tutorial-et-guide-ewido-v4/

    delete tout ce qu'il te trouve et copie/colle le rapport.

    A+
    0
  2. Claire
     
    Salut,

    merci d'avoir répondu

    mais ewido ne veut pas s'installer, le fenêtre se ferme à chaque fois, sans doute à cause du cheval de Troie. De plus toute fenêtre contenant le mot Trojan se ferme.
    La désintallation de deskbar ne se fait pas complétement, il reste des dossiers qui ne peuvent pas être supprimés.

    Que dois-je faire ?

    Le compte-rendu HijackThis ne paut pas d'aider ?
    0
  3. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Vire tout ce qui concerne Deskbar s'il le faut vire le en mode sans echec :

    Rappel :

    Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)

    seulement après remet un log Hijack.

    A+
    0
  4. Claire
     
    Bonjour,

    je vois que le dernier rmessage que je t'ai envoyé n'a pas marché.

    en fait j'ai réussi à enlever deskbar mais ça revient à chaque redémarrage de l'ordi.

    Je ne suis pas chez moi donc je te renverrai le log plus tard (d'ailleurs le HijackThis plante en faisant la première option).

    Merci de ton aide.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Ok remet moi un log Hijack dès que tu peux .

    A+
    0
  7. Claire
     
    Voici le log :

    Logfile of HijackThis v1.99.1
    Scan saved at 22:58:14, on 02/10/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.exe
    C:\WINNT\system32\msejavaupdt32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINNT\system32\dev.exe
    C:\WINNT\system32\logon.exe
    C:\WINNT\system32\wunupdsr.exe
    C:\exo32.exe
    C:\Program Files\Softwin\BitDefender8\bdnagent.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINNT\system32\msiexec.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe msejavaupdt32.exe
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,msejavaupdt32.exe
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
    O4 - HKLM\..\Run: [Ms Java Update For Windows NT/XP] msejavaupdt32.exe
    O4 - HKLM\..\Run: [Windows APCI Verifier] dev.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [newname] C:\\nwnmff_e20.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e20.exe
    O4 - HKLM\..\Run: [defender] C:\\dfndrff_e19.exe
    O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\system32\logon.exe
    O4 - HKLM\..\Run: [Connection Managers] wunupdsr.exe
    O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\exo32.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\RunServices: [Connection Managers] wunupdsr.exe
    O4 - HKLM\..\RunServices: [Windows APCI Verifier] dev.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
    O4 - HKCU\..\Run: [Ms Java Update For Windows NT/XP] msejavaupdt32.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com
    O18 - Protocol: bw+0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Microsoft Languages Service (Windows Languages Service) - Unknown owner - C:\WINNT\csrss.exe (file missing)

    Merci de ton aide
    0
  8. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Ensuite télécharges smitfraudfix :

    En image :
    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    tu le décompresses tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
    cela vas générer un rapport.
    Si tu vois des lignes avec PRESENT! Continue la manip qui suit.

    Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)

    - Ouvre le dossier "SmitfraudFix" et double clic sur "Smitfraudfix.cmd", choisit l’option 2 et tu réponds oui à tout.

    Copie/colle le rapport sur le forum stp.

    a+
    0
  9. Claire
     
    Bonjour,

    voici le rapport :

    SmitFraudFix v2.104

    Rapport fait à 19:33:49,28, mar. 03/10/2006
    Executé à partir de C:\Program Files\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Il y a aussi "Project1' qui se lance à chaque démarrage et qui ralentit le PC et nous sommes obligés de le supprimer dans le gestionnaire des tâches.

    On va finir par le formater si ça continue !

    Bonne soirée.

    Claire
    0
  10. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    du calme .. ;-)

    Redémarre en mode normal et remet un log Hijack STP

    A+
    0
  11. Claire
     
    Voici le log :

    Logfile of HijackThis v1.99.1
    Scan saved at 20:55:46, on 03/10/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\msejavaupdt32.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINNT\system32\dev.exe
    C:\WINNT\system32\logon.exe
    C:\WINNT\system32\wunupdsr.exe
    C:\exo32.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINNT\system32\drwtsn32.exe
    C:\WINNT\Explorer.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe msejavaupdt32.exe
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,msejavaupdt32.exe
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
    O4 - HKLM\..\Run: [Ms Java Update For Windows NT/XP] msejavaupdt32.exe
    O4 - HKLM\..\Run: [Windows APCI Verifier] dev.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\system32\logon.exe
    O4 - HKLM\..\Run: [Connection Managers] wunupdsr.exe
    O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\exo32.exe
    O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
    O4 - HKLM\..\Run: [newname] C:\\nwnmff_e21.exe
    O4 - HKLM\..\Run: [defender] C:\\dfndrff_e21.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e21.exe
    O4 - HKLM\..\RunServices: [Connection Managers] wunupdsr.exe
    O4 - HKLM\..\RunServices: [Windows APCI Verifier] dev.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
    O4 - HKCU\..\Run: [Ms Java Update For Windows NT/XP] msejavaupdt32.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com
    O18 - Protocol: bw+0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: Microsoft Languages Service (Windows Languages Service) - Unknown owner - C:\WINNT\csrss.exe (file missing)
    0
  12. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Ensuite télécharges smitfraudfix :

    En image :
    http://siri.urz.free.fr/Fix/SmitfraudFix.php

    tu le décompresses tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1
    cela vas générer un rapport.
    Si tu vois des lignes avec PRESENT! Continue la manip qui suit.

    Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)

    - Ouvre le dossier "SmitfraudFix" et double clic sur "Smitfraudfix.cmd", choisit l’option 2 et tu réponds oui à tout.

    Copie/colle le rapport sur le forum stp.

    a+
    0
  13. Claire
     
    je l'ai déjà fait comme tu me l'as demandé et le rapport se trouve un peu plus haut
    0
  14. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    désolé mais à force ... ;-)

    il faut que tu installe un parefeu avec Avast! car il n'en as pas et celui de Windows ne sert à rien donc :

    Kério (pare feu):
    www.01net.com
    lire le tuto: pour configurer et comprendre Kerio
    https://kerio.probb.fr/

    =============================================

    Ensuite :

    ¤Télécharge ces logiciels (si tu ne les as pas) mais que tu n‘utilises pas tout de suite:

    (Les mettre à jour avant de les lancer). Pour ça voir les démos.

    Antispywares et autres :

    1/ Ad-Aware (gratuit)
    Téléchargement :
    telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html
    Le patch en Français pour Ad-Aware (gratuit) :
    telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/25543.html
    Tuto :
    perso.orange.fr/entraide-hijackthis/AdAware/AdAware.htm

    2/ Spybot (gratuit) :
    voir demo d utilisation (merci Balltrap)
    pageperso.aol.fr/Balltrap34/demo%20spybot.htm
    Téléchargement :
    telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html

    3/ ewido (dowload)
    Téléchargement :
    www.ewido.net/en/download/
    Lorsqu'il est installer tu l'ouvres clique sur « update » fais les mise à jour
    Tuto pour la version 4 d’Ewido :
    www.malekal.com/tutorial_ewidoV4.html

    Nettoyeurs (de fichiers inutiles) et autres :

    4/ ccleaner (gratuit)
    Tutorial là :
    www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
    Téléchargement :
    www.01net.com

    *****************************************************
    Affiches tous les fichiers et dossiers :
    cliques sur démarrer/panneau de configuration (en affichage classique)/option des dossiers/affichage
    Cocher « afficher les dossiers et fichiers cachés »

    Décoches la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

    Décoches « masquer les extensions dont le type est connu »
    Puis fais «Ok» pour valider les changements.

    Et « appliquer »

    ****************************************************
    ¤Relance HijackThis cliques sur « scanner seulement » ou (« do a scan only »),
    coche les cases devant ces lignes et ensuite clique sur « fixer objets » (ou « fix checked »):

    R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
    F2 - REG:system.ini: Shell=Explorer.exe msejavaupdt32.exe
    F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,msejavaupdt32.exe

    O4 - HKLM\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
    O4 - HKLM\..\Run: [Ms Java Update For Windows NT/XP] msejavaupdt32.exe
    O4 - HKLM\..\Run: [Windows APCI Verifier] dev.exe
    O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\system32\logon.exe
    O4 - HKLM\..\Run: [Connection Managers] wunupdsr.exe
    O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\exo32.exe
    O4 - HKLM\..\Run: [newname] C:\\nwnmff_e21.exe
    O4 - HKLM\..\Run: [defender] C:\\dfndrff_e21.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e21.exe
    O4 - HKLM\..\RunServices: [Connection Managers] wunupdsr.exe
    O4 - HKLM\..\RunServices: [Windows APCI Verifier] dev.exe
    O4 - HKCU\..\Run: [Ms Update WinServices NT/XP] winservnt32.exe
    O4 - HKCU\..\Run: [Ms Java Update For Windows NT/XP] msejavaupdt32.exe

    O18 - Protocol: bw+0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {36A4CCE1-1C42-4153-A4B5-6FEA9FB00351} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

    O23 - Service: Microsoft Languages Service (Windows Languages Service) - Unknown owner - C:\WINNT\csrss.exe (file missing)


    ************************************************
    ¤Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec
    puis tape « entrée ».
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).

    **********************************************
    ¤Recherche et supprime ceci:
    attention seulement les fichiers (si présents).

    C:\WINNT\system32\logon.exe
    C:\exo32.exe
    C:\\nwnmff_e21.exe
    C:\\dfndrff_e21.exe
    C:\\kybrdff_e21.exe
    C:\WINNT\csrss.exe
    msejavaupdt32.exe
    winservnt32.exe
    dev.exe
    wunupdsr.exe

    ************************************************
    ¤ Lancer Ewido pour un scan complet (clique sur « scanner » puis sur « complete scan system ») « delete » tout ce qu’il te trouve
    et copie/colle le rapport en forum.
    ************************************************
    ¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
    ************************************************
    ¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
    ***********************************************
    ¤ Lance CCleaner.

    Suppression des fichiers temporaires

    Va dans la section "Options" situé dans la marge gauche. Va dans "Avancé" et décoche "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Retourne ensuite dans la section "Nettoyeur"
    Fais bien attention de cocher toutes les cases dans la marge gauche (Internet Explorer/Windows Explorer/Système/Avancé)
    • Clique sur Analyse
    • Patiente le temps du scan, qui peut prendre un peu de temps si c'est la première fois.
    • Une fois le scan terminé, clique sur Lancer le Nettoyage

    Suppression des incohérence du registre

    • Clique sur l'icône Erreurs situés dans la marge à gauche.
    • Puis clique sur Analyser les erreurs
    • Patiente pendant que CCleaner scan ton registre.
    • Une fois le scan terminé, coche toutes les entrèes qu'il t'aura trouvée.
    • Tu peux cliquer ensuite sur Corriger les erreurs.

    Si tu n'est pas sur de ce que tu fais, tu peux choisir de sauvegarder les entrées cochées pour les restaurer ultérieurement.

    *************************************************
    ¤ Vide ta Corbeille.
    *************************************************
    ¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.

    Dis moi ou en sont tes probs dans ta prochaine réponse.

    Je coupe.

    A+
    0
  15. Claire
     
    Bonsoir ou bonjour (selon l'heure),

    voici les rapports :

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 23:36:54 04/10/2006

    + Scan result:

    HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup (quarantined).
    HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup (quarantined).
    C:\WINNT\system32\TFTP4608 -> Backdoor.IRCBot.qu : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\LZM2AZMT\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrateur\Cookies\administrateur@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\Administrateur\Cookies\administrateur@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
    C:\Documents and Settings\Administrateur\Cookies\administrateur@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
    C:\Documents and Settings\Administrateur\Cookies\administrateur@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\Documents and Settings\Administrateur\Cookies\administrateur@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
    C:\Documents and Settings\Administrateur\Cookies\administrateur@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
    C:\Documents and Settings\Administrateur\Cookies\administrateur@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\Documents and Settings\Administrateur\Cookies\administrateur@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Cleaned.
    C:\Documents and Settings\Administrateur\Cookies\administrateur@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.

    ::Report end
    *******************************
    Logfile of HijackThis v1.99.1
    Scan saved at 00:03:00, on 05/10/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\RunServices: [Windows APCI Verifier] dev.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com
    O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Microsoft Languages Service (Windows Languages Service) - Unknown owner - C:\WINNT\csrss.exe (file missing)

    ***************************

    Il y a plein de choses en mieux :
    internet va plus vite
    plus de project 1 (enfin jusqu'à maintenant)
    des chevaux (de troie) en moins
    je peux maintenant installer spybot et je l'ai lancé

    mais encore un cheval de troie

    merci pour cette grande avancée

    peux tu nous aider à en finir complétement ?

    merci

    A bientôt

    Claire
    0
  16. Claire
     
    Encore un truc : les mises à jour ne marche pas,
    on arrive sur ça :

    [Numéro d'erreur : 0x8DDD0018]
    Le site ne peut pas continuer, car un ou plusieurs des services Windows suivants ne sont pas exécutés :

    Mises à jour automatiques (permet au site de rechercher, de télécharger et d'installer les mises à jour prioritaires destinées à votre ordinateur)
    Service de transfert intelligent en arrière-plan (BITS) (accélère le téléchargement et résout les problèmes liés aux éventuelles interruptions du processus)
    Journal des événements (conserve l'historique des opérations de mise à jour pour faciliter la résolution des problèmes le cas échéant)
    Pour vérifier que ces services sont exécutés :
    1. Cliquez sur Démarrer, puis sur Exécuter.
    2. Entrez services.msc, puis cliquez sur OK.
    3. Dans la liste de services, double-cliquez sur Mises à jour automatiques, puis cliquez sur Propriétés.
    4. Dans la liste Type de démarrage, sélectionnez Automatique et cliquez sur Appliquer.
    5. Vérifiez que l'état associé au service est Démarré. Si le service est arrêté, cliquez sur le bouton Démarrer.
    6. Dans la liste de services, double-cliquez sur Service de transfert intelligent en arrière-plan et cliquez sur Propriétés.
    7. Dans la liste Type de démarrage, sélectionnez Manuel et cliquez sur Appliquer.
    8. Vérifiez que l'état associé au service est Démarré. Si le service est arrêté, cliquez sur le bouton Démarrer.
    9. Dans la liste de services, double-cliquez sur Journal des événements et cliquez sur Propriétés.
    10. Dans la liste Type de démarrage, sélectionnez Automatique et cliquez sur Appliquer.
    11. Vérifiez que l'état du service est Démarré. Si le service est arrêté, cliquez sur le bouton Démarrer.

    Mais on ne trouve pas les services demandés dans la liste

    Merci encore de ton aide.

    Claire
    0
  17. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Fais un clic droit sur l'outil HijackThis! -> "Renommer", puis renomme-le en scan.exe

    Lance HijackThis! (double clique scan.exe) puis clique "Do a system scan and save a logfile", puis poste le rapport ici. STP

    a+

    0
  18. Claire
     
    Salut,

    voici le rapport
    là hijackthis ne plante plus

    Logfile of HijackThis v1.99.1
    Scan saved at 19:20:29, on 05/10/2006
    Platform: Windows 2000 SP4 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\system32\mobsync.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\INCRED~1\bin\IMApp.exe
    C:\WINNT\explorer.exe
    C:\WINNT\system32\msiexec.exe
    C:\PROGRA~1\INCRED~1\bin\IncMail.exe
    C:\Program Files\Hijackthis\scan.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\WINNT\system32\92861357.dll
    O2 - BHO: (no name) - {302429F1-62BC-40EE-9FC0-CD8D6EB743AD} - C:\WINNT\system32\gebyy.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {849B9523-785F-4014-9CAF-079FB4A74C61} - C:\WINNT\system32\msqgbcal.dll
    O2 - BHO: (no name) - {D12CF65C-9EF6-44F2-A475-B727085FD7CC} - C:\WINNT\system32\pmnlmjh.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\RunServices: [Windows APCI Verifier] dev.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com
    O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll
    O20 - Winlogon Notify: gebyy - C:\WINNT\system32\gebyy.dll
    O20 - Winlogon Notify: pmnlmjh - C:\WINNT\SYSTEM32\pmnlmjh.dll
    O20 - Winlogon Notify: Run - C:\WINNT\system32\enj0l11m1.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Microsoft Languages Service (Windows Languages Service) - Unknown owner - C:\WINNT\csrss.exe (file missing)

    Merci de ton aide

    une question : que nous recommandes-tu comme firewall ?

    Bonne soirée
    0
  19. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    On verra pour les question + tard si tu veux bien ....

    L'infection (Vundo) était bien cachée ! :)

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4
    Double-clique VundoFix.exe afin de le lancer.
    Coche Run VundoFix as a task.
    Un message t'avertira que l'outil va se fermer et s'ouvrir à nouveau : clique Ok
    Clique sur le bouton Scan for Vundo.
    Lorsque le scan est complété, clique sur le bouton Remove Vundo.
    Une invite te demandera si tu veux supprimer les fichiers, clique YES
    Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown") ; clique OK
    Démarre ton PC à nouveau.
    Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    a+
    0
  20. Claire
     
    Salut,
    un petit mot du boulot pour te dire qu'on ne te répondra pas ce we car nous ne sommes pas là.
    Nous ferons ce que tu as écris sans doute lundi soir.

    Bon we.

    A bientôt

    Claire
    0
  21. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Ok je serai encore là ! lol

    Bon we.

    A+
    0
  • 1
  • 2
  • 3