HELP? HELP??? trojan Résolu/Fermé

Question

bonjour a toutes et tous,

je suis debutant et je n'arrive pas a eliminer trojan avec avast4 home edition, quand j'allume mon pc j'ai une dixaine de virus, apres toute les quart heures la meme chose, j'ai aussi essayer spy doctor, mais quand je scan avec cellui ci mon pc s'eteind, qui peut m'aider svp, ci joint les virus, je vous remercie pour votre aide, marc 

C:\DOCUME~1\marc\LOCALS~1\Temp\8FBC.dmp
Win32:Small-FDP [Trj]
Trojaans Paard
000756-1, 13/07/2007

C:\DOCUME~1\marc\LOCALS~1\Temp\vx1dt1.game
Win32:Small-BLF [Trj]
Trojaans Paard

C:\DOCUME~1\marc\LOCALS~1\Temp\v4xd3.ga2me\[UPX]
Win32:Small-GWM [Trj]

C:\Documents and Settings\marc\Local Settings\Temporary Internet Files\Content.IE5\TS479HG9\2904[1].exe
in32:Downloader-gen [Trj]

C:\Documents and Settings\marc\Local Settings\Temporary Internet Files\Content.IE5\TS479HG9\zgame3[1]\[UPX]
Win32:Small-GWM [Trj]

:\WINDOWS\system32\vedxga1me4t1.exe
Win32:Downloader-gen [Trj

] C:\WINDOWS\system32\vedxga5me3.exe\[UPX]
Win32:Small-GWM [Trj]

C:\WINDOWS\system32\vedxga1me4t1.exe
Win32:Small-BLF [Trj]


C:\DOCUME~1\marc\LOCALS~1\Temp\botF9E7.tmp\[Upack]
Win32:Xorpix-AU [Trj]


:\DOCUME~1\marc\LOCALS~1\Temp\5FA74.dmp
Win32:Small-FDP [Trj]

C:\WINDOWS\system32\vdo_4894-7a87.sys
Win32:Tibs-AZX [Trj]

Séb08 · Answer

slt,

Regarde bien et applique ce qui est indiqué en gras  .

==================================

Télécharge et installe ce log :

*  AVG AS 

AVG anti spyware
avg antispyware
Met le a jour avant de lancer le scan.
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" : 

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

a+

Séb08 · Answer

Le rapport Hijack ?

marcde · Answer

re salut séb80
je suis encore toujour avec le meme prob..., j'ai aussi fait ce que j'ai su lire dans le blog a claude, le ccleaner et le superAntivirus, meme avec tout cela et le scan de hijackthis, rien???, et je n'arrive toujour pas a detruire ce rond rouge avec une croix blanche dedans, le rapport de hijackthis est celui ci,,, 

C:\WINDOWS\system32
tvdm.exe
C:\WINDOWS\TEMP\bot550D.tmp
C:\WINDOWS\system32\vedxg4am1et2.exe
C:\WINDOWS\system32\vedxga4m1et4.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1	oolbar.dll
O2 - BHO: H - {5E66C4A5-70BE-48a1-A1FB-6D430A539969} - mioed.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE	oolbar.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0	elemeter3.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernelwind32.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\system32\spoolsvv.exe
O4 - HKLM\..\Run: [WindowsHive] C:\WINDOWS\system32pcc.exe
O4 - HKLM\..\Run: [codecs] ialhfxvn.exe
O4 - HKLM\..\Run: [klibinst] C:\WINDOWS\system32\kbldoc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mplaut] C:\WINDOWS\system32\ldcdx.exe
O4 - HKLM\..\Run: [lsitdm] C:\WINDOWS\system32\mfsysnv.exe
O4 - HKLM\..\Run: [xpsysmt] C:\WINDOWS\system32\cliktvmr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\system32\vedxg6ame4.exe
O4 - HKCU\..\Run: [codecs] ialhfxvn.exe
O4 - HKCU\..\Run: [klibinst] C:\WINDOWS\system32\kbldoc.exe
O4 - HKCU\..\Run: [mplaut] C:\WINDOWS\system32\ldcdx.exe
O4 - HKCU\..\Run: [lsitdm] C:\WINDOWS\system32\mfsysnv.exe
O4 - HKCU\..\Run: [xpsysmt] C:\WINDOWS\system32\cliktvmr.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{2318929D-843A-4A23-8C78-8877E194ED9B}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E5BF933-0CA9-47C8-9BE5-3B08887F1B48}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O17 - HKLM\System\CS1\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: NameServer = 85.255.113.110,85.255.112.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.110 85.255.112.227
O18 - Protocol: bw+0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {4BCB43DF-3A2E-4A47-BD1A-FD4E7B950B88} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs:  
O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documenten\Settings\bot.dll
O21 - SSODL: DCOM Server 20509 - {2C1CD3D7-86AC-4068-93BC-A02304B20509} - C:\WINDOWS\system32\sbinv.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogoMedia TranslateDotNet Server - Unknown owner - C:\Program Files\Power Translator\LogoMedia TranslateDotNet Server.exe (file missing)
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmacv.exe (file missing)

est ce que ceci peut t'aider a trouver une solution,
je suis vraiment emer..., car je n'arrive plus a rien,
ce qui pour moi est diff...est que je ne coprend pas tout ces termes que l'on emploie sur pc,
 merci, merci, marc

Séb08 · Answer

Ton rapport hijack n'est pas complet ...

Il faut que tu fasses ça

Télécharges smitfraudfix:(merci a S!RI pour ce programme) 

En image : 
http://siri.urz.free.fr/Fix/SmitfraudFix.php 

tu le décompresses tu doubles cliques sur smitfraudfix.cmd et tu choisis l option 1 
cela vas générer un rapport,copie/colle le. 

Lis bien et execute .

Je ne peux pas trop me pencher sur CCM en ce moment, les vacances approchent . :-)

marcde · Answer

voila, j'ai je pense fait ce qu'il faut avec smitfraudfix j'ai 3 rapports 


SmitFraudFix v2.204

Rapport fait à 18:43:15,07, mer. 18/07/2007
Executé à partir de C:\Documents and Settings\marc\Bureaublad\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1       localhost
127.0.0.1 www.trendmicro.com
127.0.0.1 rads.mcafee.com
127.0.0.1 customer.symantec.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 updates.symantec.com
127.0.0.1 www.nai.com
127.0.0.1 secure.nai.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 mast.mcafee.com
127.0.0.1 ca.com
127.0.0.1 www.ca.com
127.0.0.1 networkassociates.com
127.0.0.1 www.networkassociates.com
127.0.0.1 avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 downloads4.kaspersky-labs.com
127.0.0.1 downloads3.kaspersky-labs.com
127.0.0.1 downloads2.kaspersky-labs.com
127.0.0.1 downloads1.kaspersky-labs.com
127.0.0.1 www.f-secure.com
127.0.0.1 viruslist.com
127.0.0.1 www.viruslist.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.mcafee.com
127.0.0.1 sophos.com
127.0.0.1 www.sophos.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 www.symantec.com
192.168.0.101  www.trendmicro.com 
192.168.0.101  trendmicro.com 
192.168.0.101  rads.mcafee.com 
192.168.0.101  customer.symantec.com 
192.168.0.101  liveupdate.symantec.com 
192.168.0.101  us.mcafee.com 
192.168.0.101  updates.symantec.com 
192.168.0.101  update.symantec.com 
192.168.0.101  www.nai.com 
192.168.0.101  nai.com 
192.168.0.101  secure.nai.com 
192.168.0.101  dispatch.mcafee.com 
192.168.0.101  download.mcafee.com 
192.168.0.101  www.my-etrust.com 
192.168.0.101  my-etrust.com 
192.168.0.101  mast.mcafee.com 
192.168.0.101  ca.com 
192.168.0.101  www.ca.com 
192.168.0.101  networkassociates.com 
192.168.0.101  www.networkassociates.com 
192.168.0.101  avp.com 
192.168.0.101  www.kaspersky.com 
192.168.0.101  www.avp.com 
192.168.0.101  kaspersky.com 
192.168.0.101  www.f-secure.com 
192.168.0.101  f-secure.com 
192.168.0.101  viruslist.com 
192.168.0.101  www.viruslist.com 
192.168.0.101  liveupdate.symantecliveupdate.com 
192.168.0.101  mcafee.com 
192.168.0.101  www.mcafee.com 
192.168.0.101  sophos.com 
192.168.0.101  www.sophos.com 
192.168.0.101  symantec.com 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\xpupdate.exe supprimé
C:\WINDOWS\Tasks\At?.job supprimé
C:\WINDOWS\Tasks\At??.job supprimé
C:\Documents and Settings\marc\Application Data\Install.dat supprimé

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Adapter - Pakketplanner-minipoort
DNS Server Search Order: 195.130.129.164
DNS Server Search Order: 195.130.130.164

HKLM\SYSTEM\CCS\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

SmitFraudFix v2.204

Rapport fait à 18:58:55,82, mer. 18/07/2007
Executé à partir de C:\Documents and Settings\marc\Bureaublad\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix

Description: NVIDIA nForce MCP Networking Adapter - Pakketplanner-minipoort
DNS Server Search Order: 195.130.129.164
DNS Server Search Order: 195.130.130.164

HKLM\SYSTEM\CCS\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164
HKLM\SYSTEM\CS1\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164

»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

Description: NVIDIA nForce MCP Networking Adapter - Pakketplanner-minipoort
DNS Server Search Order: 195.130.129.164
DNS Server Search Order: 195.130.130.164

HKLM\SYSTEM\CCS\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164





SmitFraudFix v2.204

Rapport fait à 19:00:57,53, mer. 18/07/2007
Executé à partir de C:\Documents and Settings\marc\Bureaublad\SmitfraudFix
OS: Microsoft Windows XP [versie 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\svchîst.exe
C:\Program Files\Telemeter 3.0	elemeter3.exe
C:\WINDOWS\system32\cliktvmr.exe
C:\WINDOWS\system32\clijtpva.exe
C:\WINDOWS\system32\cappudoy.exe
C:\WINDOWSetadpu27.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\marc


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\marc\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\marc\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Mijn huidige introductiepagina"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce MCP Networking Adapter - Pakketplanner-minipoort
DNS Server Search Order: 195.130.129.164
DNS Server Search Order: 195.130.130.164

HKLM\SYSTEM\CCS\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164
HKLM\SYSTEM\CS1\Services\Tcpip\..\{180BBEB0-A2FF-41EA-A986-3D6334F8522D}: DhcpNameServer=195.130.129.164 195.130.130.164


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

est ce que j'ai fait ce qu'il faut, merci marc

Séb08 · Answer

Bah pas trop mais apparemment le fix a viré pas mal de truc quaund même en mode normal . Tu as fait l'option 2 alors que je demandais l'option 1 (qui a été faite après...)

Lis bien ce qui était écrit ... Y'a rien de difficile suffit de suivre.

remet un log hijack 


a+

Séb08 · Answer

ecoute ... lis bien et applique .

Relance smitfraudfix

= > tu doubles cliques sur smitfraudfix.cmd et tu choisis l option 1 
cela vas générer un rapport,copie/colle le. 

a+

Séb08 · Answer

tu peux lancer AVG ?

Voir au <1> .

a+

Séb08 · Answer

C'est pas grave mais lis bien ce que j'écris , tu ne lis pas assez.

Laisse les log instalé (ccleaner et autres ..)

fais la manip citée ici

help help trojan#1

avec AVG.

Je dois m'absenter.

a+

Séb08 · Answer

Tu avais bien mis AVG à jour avant de le lancer ?

Remet un log hijack .

a+

marcde · Answer

bonjour séb,
 oui mais quand je clic sur mise a jour il dit qu'il n'y a pas eut de mise a jour,


Logfile of HijackThis v1.99.1
Scan saved at 6:57:40, on 19/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documenten\Settings\bot.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\mssrv32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Séb08 · Answer

ok

tu as fixé des lignes dans hijack (ex : 018) ?

Télécharge: Pocket Killbox ici 
http://www.downloads.subratam.org/KillBox.exe 

Démo d utilisation (merci a Balltrap34 pour cette réalisation) :: 
http://perso.orange.fr/rginformatique/section%20virus/killbox.htm


1-Double-clic sur KillBox.exe 
2- Selectionne "Delete on Reboot" 
3 - Dans "Full Path of File to Delete"  
copie et colle: 

C:\Documents and Settings\All Users\Documenten\Settings\bot.dll 


4- clic sur le rond rouge 
5- une fenetre va apparaitre pour confirmation clic sur OUI  
6- une seconde fenetre te demande si tu veux redemarrer clic sur OUI 

le pc va redemarrer

Si tu as un message: "pending file rename operations registry data has been removed by external process.", ignore-le, et redémarre ton PC manuellement.

ensuite remet un log hijack .

a+

Séb08 · Answer

ok 

Relance Hijack,choisi « do a scan only » ou « scanner seulement » coches ces lignes :

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized 

O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documenten\Settings\bot.dll (file missing) 


Ferme toutes les fenêtres actives autres que HijackThis!, navigateur inclus, puis clique « Fix checked » ou « fixer objet ». Ferme HijackThis!


Ou est ton antivirus ??

Installe en un

1/ Avast antivirus 
avast
=>Pour bénéficier des mises à jour, il faut s'inscrire gratuitement sur leur site :
https://www.avast.com/registration-free-antivirus

lire le tuto 
http://www.tutopat.com/viewtopic.php?t=1541
https://forums.cnetfrance.fr 

 et aussi un parefeu 

Kério (pare feu): 
kerio 
lire le tuto: pour configurer et comprendre Kerio 
https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6
https://www.vulgarisation-informatique.com/kerio.php
https://forums.cnetfrance.fr

A lire :
securite le parefeu de windows xp

explication d'un parefeu : 
firewall

===================

A lire :
prkoi proposer antivir au lieu d avast


C'est un choix personnel.
===================

OU en sont tes probs ?

a+

HELP? HELP??? trojan

13 réponses

Discussions similaires

Newsletters