Sujet Précédent Sujet Suivant

[TROJAN-SPY.HTML] hijackthis log à traiter

Résolu/Fermé
JPDA Messages postés 3 Date d'inscription samedi 14 mai 2005 Statut Membre Dernière intervention 14 mai 2005 - 14 mai 2005 à 10:35
 bernie61 - 19 juin 2005 à 15:24
Bonjour,

A l'ouverture d'une connexion dans Windows XP édition familiale, je reçois ce message:

Security warning
A fatal erroe in IE has occurred at 0028:C0011E36 in VXD VMM(01) + 00010E36.
Error was caused by Trojan-Spy.HTML.Smitfraud.c

* System can not function in normal mode.
Please check you security settings.

* Scan your PC with any available antivirus /spyware remover program to fix the problem

J'ai donc traité le pc avec un antivirus (NOD32) et un spyware (beta Microsoft antispyware). En apparence, tout semble Ok.
Sauf qu'à la connexion, j'ai toujours le message de securité.

Alors, j'ai appliqué hijackthis dont voici le log:

Logfile of HijackThis v1.99.1
Scan saved at 10:00:14, on 05/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Jean-Paul\Local Settings\Temporary Internet Files\Content.IE5\4LMR45AJ\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.qfind.net/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O3 - Toolbar: Virtual Maid - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL (file missing)
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] "C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE"
O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &RSDN Search - res://C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL/GoVM.dll.htm
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2005\spy.htm
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2005\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2005\spy.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {0B660284-3C9D-4F7B-A0DE-4F3BFA83BA74} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0B660284-3C9D-4F7B-A0DE-4F3BFA83BA74} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/deleon/1.1.62-deleon/GoogleNav.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://go.securelive.com/speed/uk/WebInstall.dll
O18 - Protocol: bw+0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: trevi - {080864F8-AFAD-11D2-BD71-00105A48D188} - (no file)
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Zope instance at C:\Program Files\Plone 2\Data (Zope_1884525689) - Unknown owner - C:\Program Files\Plone 2\Zope\bin\PythonService.exe

Qui peut m'indiquer quels sont les programmes à traiter par HijackThis ?

Merci d'avance,

JPDA
A voir également:

11 réponses

Réponse 1 / 11
Utilisateur anonyme
14 mai 2005 à 10:56
Salut

il est encore présent..

Déconnecte toi d'internet:

 Vide le cache d'Internet Explorer et supprime les cookies:

* Panneau de configuration >> Options internet >> Onglet "Général"
- Clic sur [supprimer les cookies]
- Clic sur [Supprimer les fichiers] et coche la case "Supprimer tout le contenu hors connexion"
Valide avec ok



Pour ne pas se retrouver avec des points de restauration systeme infectés il vaut mieux la désactiver:

 Désactive la restauration systéme.
Clic droit sur poste de travail > propriétés > onglet restauration système
puis cocher "désactiver la restauration système".
(accepte le redemarrage).

 Redémarre en mode sans échec
Laisse passer l'écran du bios, puis tapote sur la touche F8.
Choisis le mode sans échec dans les options et valide avec entrée.

 Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
Cocher " afficher les fichiers et dossiers cachés "
Décocher " masquer les extentions des fichiers dont le type est connu
Décocher " masquer les fichiers protégés du système"
Valide

---------------------------------------------

 Lance hijackthis et clic sur "do a system scan only"
cocher la case au début des lignes suivantes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.qfind.net/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/

F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe

O3 - Toolbar: Virtual Maid - {77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C} - C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL (file missing)

O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe

O8 - Extra context menu item: &RSDN Search - res://C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL/GoVM.dll.htm
O9 - Extra button: Microsoft AntiSpyware helper - {0B660284-3C9D-4F7B-A0DE-4F3BFA83BA74} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0B660284-3C9D-4F7B-A0DE-4F3BFA83BA74} - (no file) (HKCU)
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://go.securelive.com/speed/uk/WebInstall.dll

valider avec [fix checked]

----------------------------------------------

 Rechercher et supprimer si présent:

Dans le cas ou tu utiliserais la fonction Rechercher:
Assure toi que dans:
Tous les fichiers et tous les dossiers >> Options avancées
• Rechercher dans les dossiers systemes <- DOIT ETRE COCHE !
• Rechercher dans les fichiers et les dossiers cachés <- DOIT ETRE COCHE !
• Rechercher dans les sous-dossiers <- DOIT ETRE COCHE !

Supprime: (certains ne seront peut etre pas présent)

C:\wp.exe
C:\wp.bmp
C:\bws.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\System32\helper.exe
C:\WINDOWS\System32\intmon.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\System32\ole32vbs.exe
C:\Windows\system32\msole32.exe
C:\WINDOWS\System32\shnlog.exe


C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Program Files\Security IGuard

----------------------------------------------

Ensuite, tres important:

Supprimer les fichiers temporaires:

* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Temp
* C:\Windows\Temp
vider tout le contenu des dossiers en gras.

Le contenu du dossier prefetch:

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !

------------------------------------------------

Redemarre normalement et reposte un log hijack pour vérifier l'évolution

Ensuite, dis moi si tu as acces en faisant :
Panneau de config >> affichage aux onglets bureau, themes et apparence ?

Ne pas oublier après les manips de recocher" masquer les fichiers protégés du système" dans les options des dossiers

a+
0
JPDA Messages postés 3 Date d'inscription samedi 14 mai 2005 Statut Membre Dernière intervention 14 mai 2005
14 mai 2005 à 15:37
Rebonjour,


J'ai appliqué toutes tes recommandations: tout semble ok.
Merci, infiniment.

J'ai rencontré un tout petit problème: quand j'ai appuyé F8 au boot, j'ai déclenché une installation de Windows ... parce que (enfin, je crois) j'avais laissé le cd-rom de setup Windows dans le lecteur.

Je te communique le log de hijackthis après application des correctifs:

Logfile of HijackThis v1.99.1
Scan saved at 15:16:54, on 05/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Documents and Settings\Jean-Paul\Bureau\HijackThis.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfru07.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] "C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2005\spy.htm
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2005\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2005\spy.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/deleon/1.1.62-deleon/GoogleNav.cab
O18 - Protocol: bw+0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: trevi - {080864F8-AFAD-11D2-BD71-00105A48D188} - (no file)
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Zope instance at C:\Program Files\Plone 2\Data (Zope_1884525689) - Unknown owner - C:\Program Files\Plone 2\Zope\bin\PythonService.exe

Juste pour mon information personnelle, pourrais-tu m'indiquer
comment Windows arrive à détecter cette situation.

Encore merci pour toutes les infos, bon week-end,

JPDA
0
Réponse 2 / 11
Utilisateur anonyme
14 mai 2005 à 15:51
salut

reste celles ci a cocher et fixer avec hijackthis:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
O18 - Protocol: trevi - {080864F8-AFAD-11D2-BD71-00105A48D188} - (no file)

ensuite remet tes parametres web par defaut:
panneau de config >> options internet >> programmes
clic sur rétablir les parametres web

et reposte un rapport hijackthis

Qu'est ce que tu entend par :
comment Windows arrive à détecter cette situation

a+
0
Réponse 3 / 11
JPDA Messages postés 3 Date d'inscription samedi 14 mai 2005 Statut Membre Dernière intervention 14 mai 2005
14 mai 2005 à 21:50
Moé,

voici le log:

Logfile of HijackThis v1.99.1
Scan saved at 21:18:32, on 05/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\PROGRA~1\MI1933~1\Office\OUTLOOK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe
C:\Documents and Settings\Jean-Paul\Bureau\HijackThis.exe
C:\Program Files\Microsoft AntiSpyware\gcasServAlert.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CloseDNF] C:\WINDOWS\System32\Utility.exe \1008
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] "C:\Program Files\Creative\SBAudigy2ZS\Program\Startup Menu\ChkColor.EXE"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O8 - Extra context menu item: &Google Search - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Edit with Altova X&MLSpy - C:\Program Files\Altova\XMLSpy2005\spy.htm
O8 - Extra context menu item: Similar Pages - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\windows\downloaded program files\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2005\spy.htm
O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\XMLSpy2005\spy.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.msn.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/fr/deleon/1.1.62-deleon/GoogleNav.cab
O18 - Protocol: bw+0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {EB1FC7DA-7EC9-4DB6-9717-B9F9025716AE} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Zope instance at C:\Program Files\Plone 2\Data (Zope_1884525689) - Unknown owner - C:\Program Files\Plone 2\Zope\bin\PythonService.exe

------------------

Ce que j'entends par:
comment Windows arrive à détecter cette situation ?

Chaque fois que je ne connectais, j'avais sur le fond d'écran le message:

Security warning
A fatal erroe in IE has occurred at 0028:C0011E36 in VXD VMM(01) + 00010E36.
Error was caused by Trojan-Spy.HTML.Smitfraud.c

* System can not function in normal mode.
Please check you security settings.

* Scan your PC with any available antivirus /spyware remover program to fix the problem

Windows savait donc que le pc était contaminé et par qui.

Comment a-t-il pu déduire cela?

A+
JP
0
Réponse 4 / 11
Utilisateur anonyme
14 mai 2005 à 22:07
salut JPDA

En fait le fond d'écran est installé par le trojan et ce n'est pas windows qui t'avertis.
Sinon, je ne vois plus de trace du trojan dans hijackthis.

Est ce que tu peux changer de fond d'écran, et est ce que dans panneau de config >> affichage tu as accès aux onglets bureaux, theme et apparences

tu peux aussi remettre tes parametres web par défaut:
panneau de configuration >> options internet >> programmes
clic sur "rétablir les parametres web"

a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
oam
19 juin 2005 à 13:49
Bonjour a tous, j'ai le meme probleme, voici mon log:)

merci par avance.



Logfile of HijackThis v1.99.1
Scan saved at 13:28:02, on 19/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Real\Update_OB\realsched.exe
C:\WINDOWS\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\oam\Bureau\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\WINDOWS\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
0
bernie61
19 juin 2005 à 13:55
salut
lol, tu aurais pu faire ton propre message non? bon soit
ton log semble OK alors applique ceci

Installe ce nettoyeur CCLEANER http://www.ccleaner.com/ ensuite
Smitfraud
http://www.bleepingcomputer.com/files/reg/smitfraud.reg
à télécharger et lancer

et lances Ccleaner

dis nous quoi, a+
0
Réponse 6 / 11
oam
19 juin 2005 à 14:30
Salut pourquoi tu me dit que j aurrais pu faire mon propre mess?

tout d'abord merci, alors j ai intall cccleaner mais quand je clic sur ton deuxieme lien ça m'ouvre cela :


REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispAppearancePage"=-
"Wallpaper"=-
"WallpaperStyle"=-
"NoDispBackgroundPage"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktopChanges"=-

[HKEY_CURRENT_USER\Control Panel\Desktop]
"Wallpaper"=-
"WallpaperStyle"=-

[HKEY_CURRENT_USER\Control Panel\Colors]
"Background"="0 78 152"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"notepad.exe"=-
"notepad2.exe"=-
"winlogon.exe"=-
"paint.exe"=-

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}]

[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Currentversion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="Search Bar"="http://search.msn.com/intl/searchpane/en-au/prov2.htm"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
""="http://home.microsoft.com/access/autosearch.asp?p=%s"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://search.msn.com/spbasic.htm"
"Use Custom Search URL"= dword:00000000
"Use Search Asst"=-

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}]

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]

[-HKEY_CLASSES_ROOT\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}]

[-HKEY_CLASSES_ROOT\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]

[-HKEY_CLASSES_ROOT\CLSID\VMHomepage]

[-HKEY_CLASSES_ROOT\CLSID\VMHomepage.1]

[-HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D2-8D96-D7ACAC95951F}]

[-HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F}]

[-HKEY_CLASSES_ROOT\VMHomepage]

[-HKEY_CLASSES_ROOT\VMHomepage.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HTTP\Parameters\S]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HTTP\Parameters\S]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\r]



j'ai netoyé avec cccleaner, et ensuite j ai repasser hidjack, voici le log:

Logfile of HijackThis v1.99.1
Scan saved at 14:17:13, on 19/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\oam\Bureau\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\WINDOWS\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

j ai toujour le meme probleme, et je suis pas tres doué en informatique :\


merci
0
bernie61
19 juin 2005 à 14:34
resalut
en fait je disais d ouvrir un nouveau poste pour avoir plus facile à suivre, pas grave

pour le fichier .reg faut faire plusieurs essai avec IE car ne fonctionne pas sous Firefox ou Mozilla

donc rebelotte
Smitfraud
http://www.bleepingcomputer.com/files/reg/smitfraud.reg
à télécharger et lancer
a+
0
Réponse 7 / 11
bernie61
19 juin 2005 à 14:44
resalut oam
là en fait j'ai comme un doute, tu n'as pas beaucoup de process apparent alors cela voudrais dire que tu es sur compte utilisateur INVITE et non comme ADMINISTRATEUR
est-ce le cas ? si oui alors refait un Hijckthis sous compte administrateur
a+
0
Réponse 8 / 11
oam
19 juin 2005 à 14:50
j ai fait tout comme tu as dit, cela semble avoir disparue!! merci a toi, voici le log que j'ais dorenavant :

Logfile of HijackThis v1.99.1
Scan saved at 14:46:35, on 19/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Real\Update_OB\realsched.exe
C:\WINDOWS\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\oam\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\WINDOWS\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)





merci de m'avoir repondus si vite :)
0
Réponse 9 / 11
bernie61
19 juin 2005 à 15:09
resalut
ok pour le log, 'est tout bon
bon surf a+
0
Réponse 10 / 11
oam
19 juin 2005 à 15:20
Idem et encore merci :)
0
Réponse 11 / 11
bernie61
19 juin 2005 à 15:24
de rien, à le plus tard possible pour les pbm, lol
0

Discussions similaires

TI college plus (calculatrice probleme)
help39 -
Whismeril -

3 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
problème à l'ouverture de yahoomail
mouhot -
epicuroad -

17 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
C2201 western union : mon transfert d'argent est impossible
Daniel -
ZacheryDiaz -

17 réponses