[trojan divers] attrapés via msnRésolu/Fermé

Question

Bonjour,

Hier, sur msn, j'ai accepté un truc d'une amie qui contenait des virus, trojan et dropper.
Autant le dire tt de suite, je suis nulle en info et si vous pouvez m'aider, je vous remercie d'avance d'utiliser des termes et méthodes simples et explicites...!

Les infos que j'ai récolté via mon antivirus st:

- TR/Dldr.Agent.bca
- TR/crypt.F.Gen
- DR/Dyfuca.DB.1
- DR/Dyfuca.DB.2

Mon antivirus est antivir.

Est-ce que vous connaissez ces virus, peut-on réparer ? dois passer par mozilla ou internet explorer pour faire des analyses en ligne car je n'arrive à rien pour le moment!

Un gd merci d'avance
La cox

^^Marie^^ · Answer

Bonjour Cosquinelle


Fais ce qui suit pour voir ce que tu as dans ton pc



F -  Hijackthis - Outil de diagnostic et réparation 
lire démo 
http://pageperso.aol.fr/balltrap34/Hijenr.gif 
http://pageperso.aol.fr/balltrap34/demohijack.htm 
Télécharge version française ici 
http://telechargement.zebulon.fr/160-patch-francais-pour-hijackthis-1991.html 
Copie/colle le rapport 

Bon courage 

A++

^^Marie^^ · Answer

Salut

Fais ce qui suit
Regarde bien la marche à suivre



1°/ - Télécharge le logiciel SmitfraudFix ((crée par S!Ri &#61514;) 
http://siri.urz.free.fr/Fix/SmitfraudFix.zip et décompresse le. 


En image : 
http://siri.urz.free.fr/Fix/SmitfraudFix.php 

tu le décompresses tu doubles cliques sur smitfraudfix.cmd et tu choisi l option 1 
cela vas générer un rapport. 
Si tu vois des lignes avec PRESENT! Continue la manip qui suit. 

Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec) 

- Ouvre le dossier "SmitfraudFix" et double clic sur "Smitfraudfix.cmd", choisit l’option 2 et tu réponds oui à tout. 

Copie/colle le rapport sur le forum stp.

Refais un hitajackthis

A++

Ne prenez pas la mouche, restez muet comme une carpe, et  
caressez le chien dans le sens du poil !

Cosquinelle · Answer

salut Marie,

J'ai fait le rapport av smitfraufix, mais je ne vois pas de ligne avec pPrésent mais à un moment, il y a de noté "clés corrompues". je dois dc continuer ou pas la suite en faisant le mode ss échec?
je préfère attendre tes conseils n'y connaissant absolument rien...!

voila le copier coller de ce rapport:

SmitFraudFix v2.126

Rapport fait à 11:14:19,21, 01/12/2006
Executé à partir de C:\Documents and Settings\V‚ronique\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\V‚ronique


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\V‚ronique\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VRONIQ~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin


Voila! et merci encore

^^Marie^^ · Answer

Oui continue
Tu refais un Hitjackthis
on enlèvera le reste

A++

Cosquinelle · Answer

me revoili!

J'ai bien continué mais en fait, je n'ai pas eu la question concernant wininet à savoir si je veux corriger le fichier infecté. j'espere que ça ira.

Mon pc est super instable et j'ai cru ne jamais arriver à le rallumer. J'ai comme message \WINDOWS\SYSTEM32\CONFIG\SYSTEM est manquant ou endommagé, dc, il faut le réparer. J'ai déjà essayé une fois, mais dès la premiere question, av le disque de réinstalle de windouws, qd je fais R, je ne sais que répondre, dc, j'ai abandonné!
Je fais un Hitjackthis et le poste apres, 

A+

Cosquinelle · Answer

voila!

Logfile of HijackThis v1.99.1
Scan saved at 15:16:08, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Documents and Settings\Véronique\winstall.exe
C:\Program Files\Fichiers communs\{3B12EB40-0A77-1036-0211-030212120021}\Update.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NI.UERSV_0001_N91S2108] "C:\DOCUMENTS AND SETTINGS\VÉRONIQUE\BUREAU\ErrorSafeFrenchNewReleaseInstall.exe" -nag 
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Véronique\winstall.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PathOOOvirg] C:\Program Files\OpenOffice.org1.1.4\program\OOoVirgTray.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED80279D-1D21-46B3-8A01-102154A40B34}: NameServer = 86.64.145.141 84.103.237.141
O18 - Protocol: bw+0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe

Arggg, plus ça va, et plus j'ai des problemes pour allumer le pc, pourvu que les réparations soient efficacent!

A bientot Marie et merci

^^Marie^^ · Answer

Salut


Méthode à suivre dans l'ordre... 
---------------------------------------------------------------------------- 
Télécharger ces logiciels (sauf si tu les as)
A utiliser plus tard

A - ad-aware version 1.06 
 (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite 
voir demo 
http://pageperso.aol.fr/balltrap34/adwseflash.zip

B - spybot version 1.4 
 (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite 
voir demo d utilisation 
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
 
C -  Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..) 
Télécharge ici : 
https://www.ccleaner.com/ccleaner/download 
Tutorial ici: 
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php 

D - Ewido 
https://www.malekal.com/tutorial-et-guide-ewido-v4/ 
---------------------------------------------------------------------------- 
¤Affiche tous les fichiers et dossiers : 
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage 

Coche « afficher les fichiers et dossiers cachés » 

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décoche « masquer les extensions dont le type est connu » 
Puis fais «Ok» pour valider les changements. 

Et appliquer ! 
=================================
Relance HijackThis, choisis " do a scan only" coche la case devant les lignes ci-dessous et clique en bas sur "fix checked"

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
 	O4 - HKLM\..\Run: [NI.UERSV_0001_N91S2108] "C:\DOCUMENTS AND SETTINGS\VÉRONIQUE\BUREAU\ErrorSafeFrenchNewReleaseInstall.exe" -nag 
 	O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe" 
 	O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
 	O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\Véronique\winstall.exe 
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [PathOOOvirg] C:\Program Files\OpenOffice.org1.1.4\program\OOoVirgTray.exe
 	O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe 
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr 
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/ 
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - http://activex.matcash.com/speedtest2.dll
O18 - Protocol: bw+0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw+0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw-0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw-0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw00 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw00s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw10 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw10s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw20 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw20s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw30 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw30s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw40 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw40s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw50 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw50s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw60 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw60s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw70 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw70s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw80 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw80s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw90 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bw90s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwa0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwa0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwb0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwb0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwc0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwc0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwd0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwd0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwe0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwe0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwf0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwf0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll 
O18 - Protocol: bwg0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwg0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwh0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwh0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwi0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwi0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwj0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwj0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwk0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwk0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwl0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwl0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwm0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwm0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwn0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwn0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwo0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwo0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwp0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwp0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwq0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwq0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwr0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwr0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bws0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bws0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwt0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwt0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwu0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwu0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwv0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwv0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bww0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bww0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwx0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwx0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwy0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwy0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwz0 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: bwz0s - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll 
O18 - Protocol: offline-8876480 - {4E0F5081-83B8-4A25-A4BD-6FDED6AAA56C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll


============ ============================
¤Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5). 
---------------------------------------------------------------------------- 
¤Vide tes fichiers temps et temporary internet file: 

Maintenant tu lances 
A/	Ad-Aware	supprime quarantaine
B/	Spybot		Supprime quarantaine
C/	Ccleaner	Ewido   Copier/coller le rapport
D/
 ---------------------------------------------------------------------------- 
¤ Vide ta Corbeille. 
---------------------------------------------------------------------------- 
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum. 

Tiens nous au courant

A+

Cosquinelle · Answer

salut Marie!

Mes problèmes continuent!!! j'ai de la chance quand mon ordi s'allume et le reste assez longtemps... Pourvu que ça tienne.
Donc, si je ne donne pas de nvelles, c'est que je n'arrive pas à me connecter ou à faire tes réparations, mais je résiste!

Par contre, je n'arrive pas à allumer l'ordi en mode sans échec, je peux le selectionner, ça me demande ensuite quel système d'exploitation j'utile (windows dc), je lance et apres, j'ai un écran noir puis l'ordi s'éteint apres un long moment et redémarre av diverses écrans qui me font peur par leurs intitulés.

Je me suis arrétée hier à charger ad aware et les autres ..., normalement, je dois maintenant les lancer en mode ss échec, mais je n'y arrive pas. Ma question dc, puis-je le faire en mode normal???

Merci d'avance et bon début de we à toi

A+

^^Marie^^ · Answer

Coucou,

Si tu passes par là, essaie de refaire un Hijackthis
Bon courage

A++

Cosquinelle · Answer

bonsoir,

Voila le Hijackthis , mais je n'ai pas fait marcher ad aware et les autres, j'attends que tu me dises si je peux le faire en mode normal...?!


Logfile of HijackThis v1.99.1
Scan saved at 19:11:31, on 03/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED80279D-1D21-46B3-8A01-102154A40B34}: NameServer = 84.103.237.146 86.64.145.146
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe

Comme je n'y connais absolument rien, je préfère avoir ton avis avant de faire quoi que ce soit! Merci, tjs!
A+

^^Marie^^ · Answer

SAlut

Essaie de faire ce qui suit


C -  Ccleaner : ( nettoyeur de registre, cookies+temps+tempos+prefetch+historique+etc..) 
Télécharge ici : 
https://www.ccleaner.com/ccleaner/download 
Tutorial ici: 
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php 
et
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

D – Ewido – AVG 


AVG Anti-Spyware : 

https://www.avg.com/en-ww/free-antivirus-download 

Tu l'installes. 
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente! 

Lance AVG Anti-Spyware 
Clique sur le bouton Analyse (de la barre d'outils) 
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine. 
Reviens à l'onglet Analyse. Clique sur Analyse complète du système. 
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. 
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

Copie/colle le rapport






Rien de spécial dans ton log
Pour ad-aware tu ne risques rien. Tu peux mm le garder pour nettoyer de temps en temps

Installe un pare-feu correct
Ce sont des merdouilles que tu attrappes par msn...

A++

Cosquinelle · Answer

Salut Marie,

voila, j'ai fait ce que tu m'as dit auj.
J'avais téléchargé l'autre jour ad aware et Spybot, mais je ne les ai pas utilisé. Est ce que je dois le faire?

Voila le rapport d'AVG sinon:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	14:52:22 04/12/2006

 + Résultat de l'analyse:	



C:\Documents and Settings\Véronique\winstall.exe -> Adware.PurityScan : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Hijackthis Version Française\backups\backup-20061201-234146-965.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{E4C91730-A379-4C04-B966-7B3B33E9AFF0}\RP195\A0128789.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Véronique\ssh.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport

Peux-tu me conseiller un pare feu en particulier stp?


Bonne journée
A+

^^Marie^^ · Answer

Slt

Pour le pare-feu ==>

télécharger la version gratuite de Kerio  (avec Avast => moins de conflits)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html

Tuto => 
https://www.vulgarisation-informatique.com/kerio.php

Site de Kerio pour le comprendre et le paramétrer
https://kerio.probb.fr/


Pour des éléments complémentaires
https://sebsauvage.net/



AdAware tu peux le passer de temps en temps

Refait un scanne complet avec Ewido==> AVG  et supprime tout


 - Stp merci
A++

Cosquinelle · Answer

salut Marie,

Voila, j'ai repassé ad aware, j'ai mis le pare feu.
J'ai rallumé msn auj pour la 1ere fois depuis mon infection, ça a l'air de fonctionner et je n'ai pas envoyé mon virus à mes contacts comme lorsque je me le suis chopé, dc, je dois être guerris!

Par contre, j'ai l'impression que ça rame un peu qd je surfe, les pages mettent un bon moment avant de s'afficher.  A suivre.
Est ce que tu veux un quelconque rapport pour voir si tt est remis en place?

En tt cas, je tiens à te remercier pour tous tes conseils et le temps passé à me dépanner. C'est vraiment sympa à toi et tous ceux de ce site qui prennent du temps pour les autres. alors merci
A+

^^Marie^^ · Answer

Salut

Refait un scanne complet avec Ewido==> AVG et supprime tout 

et recolle un rapport Hitjackthis

Bon courage
A++

Cosquinelle · Answer

salut Marie,

Aujourd'hui, AVG a encore trouvé un trojan small. 

Voila le rapport av hitjackthis :

Logfile of HijackThis v1.99.1
Scan saved at 13:17:04, on 06/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wlancfg.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED80279D-1D21-46B3-8A01-102154A40B34}: NameServer = 84.103.237.141 86.64.145.141
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\WINDOWS\wlancfg.exe


Est-ce que j'en suis enfin débarrassée?

A+

^^Marie^^ · Answer

Salut



Aujourd'hui, AVG a encore trouvé un trojan small. 
Si c'est un cookies==> pas grave...





Fais un nettoyage régulièrement, et ça roule

Passe quand tu veux

A++

Cosquinelle · Answer

Soir,

Ok, je vais continuer à faire des analyses sérieuses maintenant que je sais comment faire.

Je te remercie pour tes conseils et de m'avoir sortie de ce problème.

A+

Véro

[trojan divers] attrapés via msn

18 réponses

Discussions similaires

Newsletters