[LOGICIEL] [Centralisation] .:::: Hijackthis ::::.

[clemclem]

Voilà :

Logfile of HijackThis v1.99.1

Scan saved at 11:40:49, on 13/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\windows\system\hpsysdrv.exe

C:\Program Files\USB Storage RW\shwicon.exe

C:\WINDOWS\system32\ps2.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

C:\PROGRA~1\Avast4\ashDisp.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Avast4\aswUpdSv.exe

C:\Program Files\Avast4\ashServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Avast4\ashMaiSv.exe

C:\Program Files\Avast4\ashWebSv.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr7.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-fr7.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://home.free.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - c:\Program Files\Microsoft Money\System\mnyside.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [KYE_Showicon] "C:\Program Files\USB Storage RW\shwicon.exe" -t"KYE\USB Storage RW"

O4 - HKLM\..\Run: [storageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [LcpaLite] "C:\Program Files\LCPA Lite\Lcpa Lite.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - Startup: UD Agent.lnk = C:\Program Files\United Devices\UD.EXE

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: Interface Chat Voila - http://chat10.x-echo.com/version5/Applet/vchatsign.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

O16 - DPF: {4B62C0F0-DCFF-11D2-91E2-004005195FF7} (EcritMath.EcritMathCtl) - file://C:\Documents and Settings\Propriétaire\Mes documents\télé\controleAID\EcritMath.CAB

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093186288982

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab

O16 - DPF: {DA6462AC-9024-11D2-8454-004005195FED} (GP0.GP0Ctl) - file://C:\Documents and Settings\Propriétaire\Mes documents\télé\controleAID\GP0.CAB

O16 - DPF: {E29016D7-8E99-11D2-8454-004005195FED} (GE0.GE0Ctl) - file://C:\Documents and Settings\Propriétaire\Mes documents\télé\controleAID\GE0.CAB

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab30149.cab

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe

Merci d'avance

[snooky]

@ clem-clem :

Rien d'infectieux dans ton rapport

@ H2_oO :

Fixe ces lignes :

O4 - HKLM\..\Run: [HGTXPEI] C:\WINDOWS\System32\FirstReboot.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe

O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE

O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [soundFusion] RunDll32 hercplgs.cpl,BootEntryPoint

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [AtiTrayTools] C:\Program Files\Radeon Omega Drivers\v2.6.61\ATI Tray Tools\atitray.exe

Passe A² Squared Free.

@ neo66 :

Rien d'infectieux dans ton rapport

... mais 2 firewall sur ton pc !

[clemclem]

Merci snooky

A plus

[F tek23]

Bonjour Snooky,je te poste mon rapport et merci d'avance.

Logfile of HijackThis v1.99.1

Scan saved at 21:25:28, on 13/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe

C:\Program Files\AVK InternetSecurity\AVK\AVKService.exe

C:\Program Files\AVK InternetSecurity\AVK\AVKWCtl.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\WINDOWS\system32\MGE\RunSC.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\MGE\PCtl.exe

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\system32\MGE\BIL.EXE

C:\WINDOWS\system32\MGE\CILUSB.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\AVK InternetSecurity\Firewall\GDFwSvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\nvraidservice.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\AVK InternetSecurity\AVKTray\AVKTray.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Asus\PC Probe II\Probe2.exe

C:\Program Files\a-squared\a2guard.exe

C:\WINDOWS\System32\wbem\unsecapp.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\AVK InternetSecurity\AVK\AVKBar.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\SEC\MagicTune3.5_Client\GammaTray.exe

C:\Program Files\AVK InternetSecurity\Firewall\GDFirewallTray.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe

C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe

C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe

C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: G DATA WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\AVK InternetSecurity\Webfilter\AvkWebIE.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O3 - Toolbar: G DATA WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\AVK InternetSecurity\Webfilter\AvkWebIE.dll

O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [AVKTray] "C:\Program Files\AVK InternetSecurity\AVKTray\AVKTray.exe"

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\Asus\PC Probe II\Probe2.exe" 1

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [AVKBar] "C:\Program Files\AVK InternetSecurity\AVK\AVKBar.exe"

O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O4 - Global Startup: Color Calibration.lnk = ?

O4 - Global Startup: G DATA Firewall Tray.lnk = ?

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: MagicTune3.5.lnk = ?

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131317851937

O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll

O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\WINDOWS\system32\iprepair.dll

O23 - Service: AVKProxy - G DATA Software AG - C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program Files\AVK InternetSecurity\AVK\AVKService.exe

O23 - Service: Gardien d'AVK (AVKWCtl) - Unknown owner - C:\Program Files\AVK InternetSecurity\AVK\AVKWCtl.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: Pare-feu personnel G DATA (GDFwSvc) - Unknown owner - C:\Program Files\AVK InternetSecurity\Firewall\GDFwSvc.exe

O23 - Service: MGE Service module - Unknown owner - C:\WINDOWS\system32\MGE\RunSC.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

[snooky]

@emmapuce210 :

Tu as vraiment du mal avec les firewall !

Passe A² Squared Free et Kaspersky en mode sans échec .

@ maxsims1 :

Les processus ehrecvr.exe et ehsched.exe sont des processus d'update de MCE .... que tu peux désactiver.

Vise Msconfig ( onglet Démarrage et Services ) pour les trouver.

@ djyosono :

Lignes à fixer :

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

C'est le messenger livré avec XP ( la version 4.5 ) il faut le désinstaller ... avec XP-Antispy , par exemple .

O4 - HKCU\..\Run: [instant Access] rundll32.exe EGDACCESS_1069.dll,InstantAccess

Désinstalle Instant access via le panneau de config

Passe Spysweeper.

[snooky]

@ F tek23 :

Tu n'es pas obligé de garder A² Squared et Spysweeper en résidant .

BHO Demon pour être certain que cette dll est clean :

O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)

A fixer avec Hijackthis :

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[djyosono]

merci DR. Juste un petit trucencore...spysweeper est dejainstallé sur la becanne et a expiré depuis....Est ce qu'on peut- le reactiver pour une nouvelle periode d'essai ?. J'ai essayé de virer ptt sa presence ds la base de registre mais ca le fait encore.

As tu une solution ? ou qq'un d'autre

[snooky]

Dans la base de registre , il faut rechercher Spysweeper ET Webroot.

[azerty_7_7]

Je poste deux rapports, ceux de mes deux PC pour être sûr qu'il n'y a aucun pb :

Logfile of HijackThis v1.99.1

Scan saved at 17:44:59, on 14/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

P:\Program Files\Sygate\SPF\smc.exe

C:\WINDOWS\system32\spoolsv.exe

P:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

P:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\nvsvc32.exe

P:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

C:\WINDOWS\System32\svchost.exe

P:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

P:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\KMaestro\Key_f.EXE

P:\Program Files\Trust\250S Series\lwbwheel.exe

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

P:\Program Files\Alwil Software\Avast4\ashWebSv.exe

P:\Program Files\Microsoft AntiSpyware\gcasServ.exe

C:\WINDOWS\system32\ctfmon.exe

P:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

P:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

P:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

P:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.exe

P:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN

P:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

P:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Program Files\Messenger\msmsgs.exe

P:\PROGRA~1\FIREFOX\FIREFOX.EXE

C:\Documents and Settings\Alexis\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.unika.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.unika.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.sygate.com/swat/support/spf50_reg.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\system32\ddayy.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [KeyMaestro] C:\KMaestro\KMaestro.exe

O4 - HKLM\..\Run: [smcService] P:\PROGRA~1\Sygate\SPF\smc.exe -startgui

O4 - HKLM\..\Run: [avast!] P:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [LWBMOUSE] P:\Program Files\Trust\250S Series\lwbwheel.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [sSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [gcasServ] "P:\Program Files\Microsoft AntiSpyware\gcasServ.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] P:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - Startup: Dragon NaturallySpeaking.lnk.disabled

O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe

O4 - Startup: Stardock ObjectDock.lnk = P:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: UberIcon.lnk = P:\WINDOWS\BricoPacks\Vista Inspirat\UberIcon\UberIcon Manager.exe

O4 - Startup: Y'z Shadow.lnk = P:\WINDOWS\BricoPacks\Vista Inspirat\YzShadow\YzShadow.exe

O4 - Startup: Y'z ToolBar.lnk = P:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: InterVideo WinCinema Manager.lnk = P:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk.disabled

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://P:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - P:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.unika.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1130936430390

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: ddayy - C:\WINDOWS\system32\ddayy.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - P:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - P:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - P:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - P:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - P:\Program Files\Sygate\SPF\smc.exe

O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - P:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Et le 2nd :

Logfile of HijackThis v1.99.1

Scan saved at 17:48:54, on 14/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

C:\Program Files\CA\eTrust Antivirus\InoRT.exe

C:\Program Files\CA\eTrust Antivirus\InoTask.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Softex\OmniPass\Omniserv.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

C:\Program Files\Softex\OmniPass\OPXPApp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\OSD.exe

C:\Program Files\Launch Manager\Wbutton.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\CA\ETRUST~1\realmon.exe

C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe

C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe

C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe

C:\Program Files\Softex\OmniPass\scureapp.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe

C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

G:\Portable\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"

O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"

O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"

O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe

O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Home Cinema\PowerCinema\PCMService.exe"

O4 - HKLM\..\Run: [instantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe /c "

O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.aldi.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128353582656

O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe

O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe

O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe

O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Program Files\Softex\OmniPass\Omniserv.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Voilà, merci pour votre aide

[adnan]

Logfile of HijackThis v1.99.1

Scan saved at 17:43:54, on 14/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe

C:\PROGRA~1\MESSAG~1\StartMessager.exe

C:\Program Files\Microsoft IntelliPoint\point32.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

c:\progra~1\intern~1\iexplore.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\PROGRA~1\Wanadoo\ALERTM~1.EXE

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://web.whdvtimadoqccjcs.com/rP8bVRASbF...d6/_LnTsqC.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.umtvdjwestmvyjmnijjutnvc.net/rP...yH5/0nwlH4.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {92EDE706-983A-EBEA-2908-37C858B16A33} - C:\DOCUME~1\PROXI\APPLIC~1\IDLETI~1\platformbend.exe

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM\..\Run: [rkkcwqyq] C:\WINDOWS\system32\xkwzhkj.exe

O4 - HKLM\..\Run: [OneClick] "C:\Program Files\oneclick\oneclick.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"

O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"

O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe

O4 - HKLM\..\Run: [Akclef] C:\Program Files\Luafc\Kejdotx.exe

O4 - HKLM\..\Run: [firewall_anti] C:\WINDOWS\firewall_anti.exe

O4 - HKLM\..\Run: [bagspopremoteidol] C:\Documents and Settings\All Users\Application Data\Soap Lies Bags Pop\Defydeaf.exe

O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [auto__hloader__key] C:\WINDOWS\system32\hloader_exe.exe

O4 - HKLM\..\Run: [auto__antiav__key] C:\WINDOWS\system32\antiav_exe.exe

O4 - HKLM\..\RunServices: [RealPlayer Ath Check] rnathchk.exe

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe

O4 - HKCU\..\Run: [RealPlayer Ath Check] rnathchk.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [ballthis] C:\DOCUME~1\PROXI\APPLIC~1\BATTHE~1\SettingsAudioBalm.exe

O4 - HKCU\..\Run: [key] C:\WINDOWS\system32\winxp.exe

O4 - HKCU\..\Run: [auto__hloader__key] C:\WINDOWS\system32\hloader_exe.exe

O4 - HKCU\..\Run: [auto__antiav__key] C:\WINDOWS\system32\antiav_exe.exe

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - Startup: Vade Retro pour Outlook Express.lnk = C:\Program Files\GOTO Software\Vade Retro\Vaderetro_oe.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe

O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O10 - Hijacked Internet access by New.Net

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab

O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://videohd.m6.fr.ipercast.net/installer-hidden.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab

O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://downloads.winwise.fr/Common/npwwg.cab

O16 - DPF: {08C818C3-2F1E-11D0-9223-00A0244D2920} (ChartFX IE Client Object) - http://www.finaccess.co.ma/download/cfxax.cab

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://210.80.76.119/object/Dldrv.ocx

O16 - DPF: {12E5E9D9-4366-45D9-BA41-D0BCD55AD8CF} (UDConnect Class) - http://17.sharedsource.org/html/NrsgroupUD_1.0.0.3ie.cab?

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://204.101.162.126:60002/kxhcm10.ocx

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...s/yinst0401.cab

O16 - DPF: {4BA12BBE-A1CD-4E13-85E4-A05E3FF6F658} (Pygmy Productions - Installer of Bluedot Game Object) - http://www.bluedotproject.com/BlueInstaller.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/043fd354897e7f...RdxIE601_fr.cab

O16 - DPF: {5B461C2E-763A-4F47-9809-55827667E821} (MGDomConnector Class) - http://195.115.164.109/Magic94Scripts/MGBCCOM9.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1111245076312

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://wanadoo.metaboli.fr/components/ExentCtl.ocx

O16 - DPF: {6F6E3A5E-4A75-45F0-BDDE-21B6C4496E2B} (LAInstaller Class) - http://www.cantoche.com/test/LAinstall.cab

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://193.138.213.174/activex/AMC.cab

O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://www.edipole.fr/kits/en/WebInstall.dll

O16 - DPF: {869518C3-FBA5-4D75-8A14-7047437E9498} (Jacques Class) - http://htmldialer.parisvoyeur.com/CABSPOLY.../Bernadette.cab

O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/11061/CD/Ejacs.exe

O16 - DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} (Bl_camera Control) - http://24.105.203.109:5000/bl_camera.cab

O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/aplicacion.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab30149.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.122.143.90/activex/AxisCamControl.cab

O16 - DPF: {92CA8ACC-4E99-4A2A-93F1-B2C5CADC8613} - http://a14.g.akamai.net/f/14/7141/144000s/...fr_4.1.14.0.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab27513.cab

O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedCon...n/bin/cabsa.cab

O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game15.zylom.servicesalacarte.wanad...zylomloader.cab

O16 - DPF: {DF4F4ED9-420B-4F40-AEE6-A620460306E7} (CantocheLivingActorInstaller2 Class) - http://ak.cdiscount.com/plug-ins/LivingActorInstaller2.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{38EF9F7E-0911-460E-821E-8CA8E2167A99}: NameServer = 80.10.246.130 80.10.246.3

O18 - Protocol: bw+0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O18 - Protocol: offline-8876480 - {80684006-40DD-4C29-AA74-D564A141972A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

[2cent20]

en reponse a Gailuron et Snooky, depuis mon PC

donc vu mes problemes je suis revenue en arrierre (point de retauration) et là tout rentre dans l'ordre

voici un nouveau rapport mais j'attend vos avis pour passer le truc de Gailuron.

pour info les 2 PCs sont branchés sur 1 routeur D-LINK 604 qui lui est branché sur la Free le tout en RJ

sans rien faire au niveau des PCs ont surf sur les 2 sans trop de probleme mais les PCs ne se voient pas.

ma revherche en ce moment c'est de trouver comment parametrer les PCs pour partager dossiers et imprimante via le routeur et affiner son parametrage.

Logfile of HijackThis v1.99.1

Scan saved at 18:07:43, on 14/11/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\WF2K.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\System32\svchost.exe

C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll

O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\System32\WF2K.EXE Initial

O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppD...sharingctrl.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

merci de votre aide a tous les 2

[gailuron66]

==> 2cent20

si tu laisse la restauration systeme activé pendant une désinfection, c'est comme si tu faisait rien

(tout ce qui t'infecte risque d'etre bien protégé dans les fichiers de restauration )

[ex-floodeur]

Bonjour Docteur !

Je vous soume tmon log :)

Logfile of HijackThis v1.99.1

Scan saved at 11:00:02, on 15/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

C:\servers\MySQL\bin\winmysqladmin.exe

C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe

C:\servers\Apache Group\Apache\Apache.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

C:\WINDOWS\system32\svchost.exe

C:\servers\Apache Group\Apache\Apache.exe

C:\Program Files\VisualCron\VisualCronService.exe

C:\servers\MySQL\bin\mysqld-nt.exe

C:\Program Files\Miranda IM\miranda32.exe

C:\Program Files\mIRC\mirc.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\PROGRA~1\MOZILL~2\FIREFOX.EXE

C:\Program Files\BitComet\BitComet.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

C:\servers\php\php.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://particuliers.edf.fr/article564.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.49.240.1

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll

O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - Startup: Miranda IM 0.4.0.1.lnk = C:\Program Files\Miranda IM\miranda32.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe

O4 - Startup: WinMySQLadmin.lnk = C:\servers\MySQL\bin\winmysqladmin.exe

O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe

O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O23 - Service: Apache - Unknown owner - C:\servers\Apache Group\Apache\Apache.exe" --ntservice (file missing)

O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe

O23 - Service: MySql - Unknown owner - C:/servers/MySQL/bin/mysqld-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

O23 - Service: VisualCron Service (VisualCronService) - neteject.com - C:\Program Files\VisualCron\VisualCronService.exe

Merci !

[snooky]

@ ex-floodeur :

Rapport clean

@ 2cent20 :

Rapport clean

Fait tes test en ayant désactivé et désinstallé Zone Alarm .

Derrière une freebox et un routeur , tu ne risques rien .

@ adnan :

Fixe toutes les lignes de ton rapport , SAUF la ligne 017 !

Redémarre ton pc .

Passe ceci : http://www.new.net/support/uninstall6_90.exe

Tape MRT dans Exécuter.

Redémarre ton pc .

Passe Ccleaner et supprime tout ce qu'il trouve.

Passe A² squared Free et passe le en mode sans échec ( touche F8 au boot )

Installe un firewall zone Alarm , par exemple.

Installe Kaspersky 5 personal et scan ( vise ma signature )

Poste un nouveau rapport après avoir fait tout ceci .

@ Azerty 7 7 :

Scan ce fichier C:\Program Files\Realtek\InstallShield\AzMixerSel.exe ici :

http://virusscan.jotti.org/

Puis colle le résultat ici .

[azerty_7_7]

@ Azerty 7 7 :

Scan ce fichier C:\Program Files\Realtek\InstallShield\AzMixerSel.exe ici :

http://virusscan.jotti.org/

Puis colle le résultat ici .

Euh ça va poser un pb dans le sens où le-dit PC n'a pas accés à internet. Mais je crois que je vais finir par le faire.

Sinon, normalement, c'ets un truc pour la carte son du PC. VOilà, mais si je le met sur net ce sera pas avt vendredi soir ou samedi parce que je pars deux jours...

[snooky]

Tes rapports sont clean , alors

[lolotte35]

Salut snooky

Après tes conseils sur le site de kaspersky, j'ai téléchargé hijackthis et voici mon rapport :

Logfile of HijackThis v1.99.1

Scan saved at 18:12:52, on 15/11/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\atiptaxx.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

C:\WINDOWS\system32\carpserv.exe

C:\Program Files\Classic PhoneTools\CapFax.EXE

C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe

O4 - HKLM\..\Run: [CARPService] carpserv.exe

O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updater] C:\Program Files\Carpe Diem\Fillesnoires[1]\CDUpdater.exe CD_UPDATER

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: updater.lnk = C:\RECYCLER\NPROTECT\00049097.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://E:\content\include\XPPatchInstaller.CAB

O16 - DPF: {8B1BC605-C593-4865-8F5B-05517F0CD0BB} (MSSecurityAdvisorCD Class) - file://E:\Content\include\msSecUcd.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B1AD81E7-278F-43D7-AA64-15C408959897}: NameServer = 194.117.200.10 194.117.200.15

O20 - Winlogon Notify: TGBBOB - C:\WINDOWS\SYSTEM32\TGBBOBNotif.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: TGB::BOB! Starter - Unknown owner - C:\WINDOWS\System32\tgbstarter.exe (file missing)

O23 - Service: TGB::BOB! (TGBBOB) - Unknown owner - C:\Program Files\SISTECH\TGBBOB\TGBBOB.exe (file missing)

J'espère que tu pourras me dire comment faire pour désactiver The Green Bow Bob (TGB::BOB) parce que j'ai tout essayé et à chaque redémarrage et essaie d'installation du nouveau kaspersky je fais choux blanc, il me dit que TGB est toujours installé.

Et je commence à

@+

[azerty_7_7]

Tes rapports sont clean , alors

Merci

[snooky]

@ lolotte35 :

Va dans Services de Outils d'Administration du panneau de gonfiguration pour arrêter et désactiver ces 2 services :

O23 - Service: TGB::BOB! Starter - Unknown owner - C:\WINDOWS\System32\tgbstarter.exe (file missing)

O23 - Service: TGB::BOB! (TGBBOB) - Unknown owner - C:\Program Files\SISTECH\TGBBOB\TGBBOB.exe (file missing)

Désinstalle via Ajout / supp des programmes.

Supprime ensuite le dossier de ce firewall dans le program files.

Passe Ccleaner et supprime tout ce qu'il trouve.

Fixe ces lignes avec Hijackthis :

O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updater] C:\Program Files\Carpe Diem\Fillesnoires[1]\CDUpdater.exe CD_UPDATER

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe

O4 - Global Startup: updater.lnk = C:\RECYCLER\NPROTECT\00049097.exe

O20 - Winlogon Notify: TGBBOB - C:\WINDOWS\SYSTEM32\TGBBOBNotif.dll

O23 - Service: TGB::BOB! Starter - Unknown owner - C:\WINDOWS\System32\tgbstarter.exe (file missing)

O23 - Service: TGB::BOB! (TGBBOB) - Unknown owner - C:\Program Files\SISTECH\TGBBOB\TGBBOB.exe (file missing)

Désinstalle NORTON !

[lolotte35]

Pour norton c'est prévu au programme mais comme je vais pas mal sur le net je l'installe et le désinstalle à longueur de temps en attendant de pouvoir installer kaspersky.

Pour le reste je m'exécute tout de suite et te tiens au courant.

@+

[adnan]

@ adnan :

Fixe toutes les lignes de ton rapport , SAUF la ligne 017 !

Redémarre ton pc .

Passe ceci : http://www.new.net/support/uninstall6_90.exe

Tape MRT dans Exécuter.

Redémarre ton pc .

Passe Ccleaner et supprime tout ce qu'il trouve.

Passe A² squared Free et passe le en mode sans échec ( touche F8 au boot )

Installe un firewall zone Alarm , par exemple.

Installe Kaspersky 5 personal et scan ( vise ma signature )

Poste un nouveau rapport après avoir fait tout ceci .

......................................................................................

voila je voudrait savoir pourqoi faut fixer tout les ligne et y a des truc comme sa C:\WINDOWS\system32\rundll32.exe qui on dirait sont importante pour le systéme

car lordi ou j ai fait se scan est a mon pére

il ma demande de le réparé car il rame tro au démarage et des pub sans arrét

j atend ta réponse pour commencer tous sa et esque je doit désactiver la restauration sys

[snooky]

... comment dire ... ... ce pc est infecté comme c'est pas permit !

[lolotte35]

... comment dire ... ... ce pc est infecté comme c'est pas permit !

Tu parles du mien

J'ai pas le logiciel a² est-ce qu'ad-aware est équivalent ?

Je continue mon nettoyage

Désinstalle via Ajout / supp des programmes. (il ne veux pas me le supprimer)

Supprime ensuite le dossier de ce firewall dans le program files." C'est pas possible je n'ai pas le fichier dans program files

Et la ligne 20 faut-il que je la fixe aussi moi je pense pas car c'est encore du TGB...

Au fait j'ai acheté kaspersky personal security suite

Y a du boulot

[snooky]

Non , lolotte , je parlais à adnan.

A²Squared = anti-trojan

Ad Aware = anti-spyware

Je ne t'ai jamais demandé de passer A² squared et Ad-Aware !

Avant ceci :

Désinstalle via Ajout / supp des programmes. (il ne veux pas me le supprimer)

Il faut terminer les processus du firewall dans le gestionnaire de tâches ( Ctrl+Alt+suppr )

[F tek23]

Merci Snooky pour ta reponse