Rapport HijackThis - Des virus ont débarqués sur mon PC

MagicLink · Décembre 28, 2005, 10:53

Bonjour, voici le rapport:

Logfile of HijackThis v1.99.1
Scan saved at 10:42:32, on 28/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\ssdg.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\MsLS32.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\WINDOWS\System32\ntx32.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\GetRight\GetRight.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\…\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\…\Run: [winsync] C:\WINDOWS\System32\kwcycy.exe reg_run
O4 - HKLM\…\Run: [symwsc.exe] C:\ssdg.exe
O4 - HKLM\…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\…\Run: [ntx32] C:\WINDOWS\System32\ntx32.exe
O4 - HKCU\…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/…b?1135003426390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\…\{B54DF1C7-A01C-4B59-ADB6-99C01AECEAA8}: NameServer = 80.118.196.42 80.118.192.112
O18 - Protocol: bw+0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: sockspy.dll MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe

Merci de votre aide.

mike27 · Décembre 28, 2005, 1:51

Salut,

Tu peux soumettre ton rapport HJT à ce site :
http://hijackthis.de/index.php?langselect=french
C’est un programme d’analyse automatique de log’s HijackThis.

Mais tout n’est pas à prendre à la lettre car le programme ne connait pas tout et lorsqu’il ne connait pas, il marque ‘inconnu’. c’est donc à l’utilisateur de faire la part des choses .

Pour ton cas, une chose est sûre :
msl32.exe est un Cheval de Troie ( un trojan)
( j’ai fais: +msl32 +exe sous Google et bing … trojan)
Donc, cette ligne est à cocher
O23 - Service: MsLS32 - Unknown owner - C:\WINDOWS\MsLS32.exe

Les lignes O4 sont les clés de registre servant à lancer les programmes au démarrage de XP. Tu connais probablement ce qui est normal. Moi, j’ai un doute sur ntx32.exe ( le WEB ne dis pas grand-chose la-dessus)

La ligne O20 est très suspecte aussi - la cocher
O20 - AppInit_DLLs: sockspy.dll MsgPlusLoader.dll

Tu peux aussi te documenter à ce site pour l’interprétation des lignes du rapport HJT:
http://www.zebulon.fr/articles/HijackThis.php
Imprimer au besoin.

Désinfection:

lancer le PC en mode ‘Sans echec’
fermer toute fenetre Internet Explorer
lancer HJT - cocher les lignes à fixer
appuyer sur FIX Checked

Voilà - commence par ces quelques lignes et vois si c’est mieux. Sinon, on re-analysera un nouveau rapport HJT

MagicLink · Décembre 28, 2005, 3:43

Je te remercie, voici le nouveau rapport:

Logfile of HijackThis v1.99.1
Scan saved at 15:25:55, on 28/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ntx32.exe
C:\WINDOWS\System32\MSWSA32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\MSWSA32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\…\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\…\Run: [winsync] C:\WINDOWS\System32\kwcycy.exe reg_run
O4 - HKLM\…\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\…\Run: [ntx32] C:\WINDOWS\System32\ntx32.exe
O4 - HKLM\…\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\…\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\…\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\…\Run: [MS Windows System Alert] MSWSA32.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/…b?1135003426390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: bw+0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe

Donc j’ai éliminé les deux lignes que tu m’as dit, je me suis renseigné un peu, je te remercie encore.
Par contre, il y a des programmes louches qui s’installent dans mon dique dur comme dans C:\8p.exe et C:\win32-update.exe. Le 1er est apparu hier et le 2eme aujourd’hui. D’ailleurs, le 2eme correspond surement des mises a jours automatiques que j’ai fait ce matin mais qu’est ce qu’il fait là?

Ensuite, la ligne “O4 - HKLM\…\Run: [winsync] C:\WINDOWS\System32\kwcycy.exe reg_run”, j’avait mis en ligne un précédent rapport et on m’avait dit d’enlever “kwcycy.exe reg_run” mais apparement il est revenu…

Et mon gestionnaire de tâche déconne, j’appuie sur Ctrl+Alt+Suppr, l’icone apparait dans la barre des tâches mais impossible de l’avoir en plein écran…

Et j’ai des programmes au démarrage assez louche mais je te redirait ca plus tard

mike27 · Décembre 28, 2005, 4:10

ouh là, ça fait beaucoup de choses louches.

On ne réglera pas tout à coups de Hijackthis successifs sans un scan préalable avec des outils anti-spyware et anti-virus à jour .
Et surtout, est-ce que tu as mis un pare-feu, un anti-spyware en tâche de fond , un anti-virus en tâche de fond aussi … sinon les malwares s’installent et on ne s’en sort pas.

Quelques logiciels:

Anti-virus en ligne
> http://housecall.trendmicro.com/ ----- cliquer ‘scan now’
> http://www.secuser.com/outils/antivirus.htm

Analyse de Chevaux de Troie ( Trojans)
http://www.windowsecurity.com/trojanscan/trojanscan.asp ( à faire sous IE )
http://www.emsisoft.net/fr/

Analyse de spywares :
-> Spybot - Search & Destroy
http://www.clubic.com/telecharger-fiche109…ch-destroy.html
-> Ad-Aware SE Personal
http://www.clubic.com/telecharger-fiche127…e-personal.html
-> Microsoft Anti-spyware ( version beta) <- à laisser en tâche de fond
http://www.clubic.com/telecharger-fiche136…ti-spyware.html
-> Spy Sweeper
http://www.webroot.com/land/spysweeperb.php?rc=576

et pense à mettre le Service Pack 2 de XP s’il n’y est pas déjà.

Voilà ; je pense que la 1ère chose à faire est de rendre le PC clean et bien protégé. Cela dégrossira le travail . HJT aura ensuite la charge de débusquer les plus récalcitrants. Je ne sais pas ce que tu en penses, mais c’est ce que je ferais.

ps: C:\8p.exe et C:\win32-update.exe :
ce sont des noms effectivements hyper louches, surtout ceux qui ont des consonnances comme 32 , update etc

MagicLink · Décembre 29, 2005, 12:32

Je n’ai pas de pare-feu, je m’explique: je ne sais pas pour quels raisons mais je ne peux pas activer le pare-feu standard de XP (professionnel) donc je me suis renseigné et j’ai trouvé une astuce que j’ai mis en application mais malheureusement ca n’a pas marché alors j’ai commencé à télécharger la dernière version de kerio.

Comme anti-spyware, j’ai la derniére version de Ad-Aware et j’ai fait un scan complet: il ne m’a rien trouvé…

Comme anti-virus, j’ai Avast! Antivirus (home edition), je viens de le mettre à jour (comme d’habitude en fait) et j’ai fait un scan minutieux (le mieux dans avast) (+scan des archives), il m’a trouvé un trojan (je ne sais plus le nom) que j’ai pris soin de supprimer.

J’ai tout nettoyé avec Ccleaner et ClearProg…(cookies, fichiers temp sauf pour firefox).

J’ai Spybot-search & Destroy et la aussi, j’ai fait du ménage…

“win32-update.exe” était bien un trojan pourtant quand j’ai analysé le disque, il ne m’a rien trouvé…plus tard je l’ai analysé seul et il me l’a détecté donc effacé.Puis 8p.exe je l’ai viré

Voici mon nouveau rapport HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 00:31:48, on 29/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\TuneUp Utilities 2006\ProcessManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\WINDOWS\System32\MSWSA32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\…\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\…\Run: [MS Windows System Alert] MSWSA32.exe
O4 - HKLM\…\RunServices: [MS Windows System Alert] MSWSA32.exe
O4 - HKCU\…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/…b?1135003426390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\…\{B54DF1C7-A01C-4B59-ADB6-99C01AECEAA8}: NameServer = 80.118.192.111 80.118.196.41
O18 - Protocol: bw+0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

merci

darkryss · Décembre 29, 2005, 9:07

a part la dll manquante (018 - potocol: msnim…) je ne vois rin de choquant dans ce scan…

AdminOfPlaygroup · Décembre 29, 2005, 9:10

Est-ce que le service pare-feu est "Manuel" ou "Automatique" ?

mike27 · Décembre 29, 2005, 11:11

Salut, re

Tu avais des outils à ce que je vois . Par contre, régler ce probleme du pare-feu.

Dans la liste des process :

C:\WINDOWS\System32\MSWSA32.exe
… est un virus de la catégorie des RBOT.
Faire un Google sur ce mot: MSAW32.EXE pour controler

Donc, avec HJT :
localiser et cocher -en vue de les fixer- , les lignes comportant ce nom MSWSA32
et tiens-nous au courant

edit
il n’y était pas sur le 1er .log HJT . Le PC laisse passer trop de malwares

MagicLink · Décembre 29, 2005, 12:17

Entre temps, j’ai fait un scan manuel avec avast et il m’a détecté 4 nouveaux trojans dans le dossier “system32”, je les ai mis en quarantaine pour l’instant.Mais c’est bizarre, en faisant un scan complet, il ne m’avait rien détecté…

Sinon, j’ai regardé “MSAW32.EXE” dans google et effectivement c’est un trojan…
Bon ,voici mon nouveau rapport:

Logfile of HijackThis v1.99.1
Scan saved at 12:13:00, on 29/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\inetsrv\DavCData.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\…\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\…\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Ouvrir avec GetRight - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Télecharger avec GetRight - C:\Program Files\GetRight\GRdownload.htm
O16 - DPF: Interface Chat Wanadoo - http://chat10.x-echo.com/version6/Applet/wchatsign.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/…b?1135003426390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\…\{B54DF1C7-A01C-4B59-ADB6-99C01AECEAA8}: NameServer = 80.118.192.112 80.118.196.42
O18 - Protocol: bw+0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {0D04F9FE-2991-4C50-B77B-C4337C5A82BF} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Encore merci.

mike27 · Décembre 29, 2005, 1:08

Le rapport est correct.

Néanmoins, tu as 2 lignes dans les process actifs:
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe

C’est le service d’indexation des fichiers . Est-ce que ça prend de la ressource?
Voir dans le Gestionnaire des tâches ( clic droit Barre des tâches - Gestionnaire des tâches - processus ) .

MagicLink · Décembre 29, 2005, 5:53

OK mais je suis pas trés confiant. Bon j’ai enlevé les 4 saloperies de trojan mais j’ai encore passé le PC au peigne fin avec 2 anti-spywares, stinger et a-squarred et chacun m’a détecté 1 trojan !!!!
Même traitement pour les 2: l’éradication
Puis j’ai re-nettoyer le PC avec Tuneup utilities 2006.

J’ai regardé les 2 process actifs mais ils n’utilisent pas de ressources et leurs priorités sont basses.

Par contre, j’ai des problémes. La connexion internet , depuis quelques jours, a un peu de mal. Je veux dire que je suis sur le net et puis tout d’un coup, ca se déconnecte…

Puis justement pour le gestionnaire des tâches, quand j’appuyais sur Ctrl+Alt+suppr, l’icône en bas à gauche apparaissait mais impossible d’y avoir accés en cliquant dessus…j’ai partiellement remédier au probléme avec le programme de Tuneup utilities 2006 (qui est bien plus complet que le gestionnaire des tâches par défaut): il le remplace.

Ensuite quand je me déconnecte…du net bah je clique droit sur les 2 écrans en bas à droite et je mets “déconnecter”…mais il ne veut pas…et ca bug…et là c’est la totale :grrr: , je mets donc le gestionnaire des tâches de tuneup et là c’est le process “Generic Host Process For Win32 Services” qui bouffe je ne sais pas combien de ressources…

Je te remercie.

mike27 · Décembre 29, 2005, 7:18

Il reste des dégats ; ces dégats ne sont pas forcément très graves puisque tu arrive à te servir du PC , à surfer etc , mais le PC est fatalement un peu atteint .

Pour la connexion Internet qui bat de l’aile :
j’ai pensé un instant que ce pouvait être une des couches Winsock LSP ( les couches réseaux) qui avait été modifiée. Mais, il n’en est rien car HijackThis l’aurait vu et aurait signalé cela en ligne O10. Donc, ce n’est pas ça.

Je manque d’idées pour le coup.

Au sujet de Logitech - Desktop Messenger:
Tu en as vraiment besoin ? Est-ce désinstallable ? Quels services rend-il ?

MagicLink · Décembre 29, 2005, 10:23

Ca, tu peux le dire qu’il en reste des dégats:

=>2/3 nouveaux trojans sont apparus, je les ai virés.

=>Au démarrage, il y a 2 nouveaux (et identiques) processus du nom de “compacts service driver” ou “copypad32.exe” (j’ai beau les effacés, ils reviennent…)

=>HijackThis ne veut plus s’ouvrir (même problème qu’un certain iTunes…depuis quelques semaines).

=>Apparement, à chaque démarrage du PC, j’ai le droit à ca: “Powered by Freeprod.com:“Your content is loading, please wait…”” alors je regarde les processus et “mc-110-12-0000136.exe” et “mc-110-12-0000172.exe” apparaissent…Ils sont placés danc C:\.

=>Pour le Firewall windows, je vais dans le panneau de configuration et je clique dessus. Voici le message qu’il me dit:
“En raison d’un problème non identifié, Windows ne peut pas afficher les paramétres du pare-feu Windows.”

=>J’ai l’impression d’avoir des problèmes IP avec internet (par exemple avec MSN)

=>Justement, tu as une adresse hotmail ou autres?

=>J’en ai marre…

Merci et à+

Profgta · Décembre 29, 2005, 10:37

Ouuuh lala !! Eh béé ! Je pense que la seule solution est le formatage de ton DD ! Puisque tu as pleins de trucs qui déconnent !

J´avais le même problème avec iTunes, mais je l´ai remplacé par Anapod Explorer ( il est très bon comme logiciel )

mike27 · Décembre 29, 2005, 11:49

Tout vient de là à mon avis.
Plus tu règles un probleme de spyware, plus de nouveaux rentrent : on n’y arrivera jamais .

Il faut tout reprendre calmement et je crois que la meilleure solution est de formater après avoir sauvé les documents importants.

A l’installation, ne pas connecter physiquement le PC à Internet tant que XP et son Service Pack 2 n’est pas installé ( le télécharger et le graver au préalable)

Installer les programmes anti-virus , anti-spyware ( vérifier/activer leurs protections en tâche de fond) et seulement après, connecter physiquement le modem ( ADSL ,ou analogique) … et là, si les spywares essayent de rentrer, ils auront beaucoup plus de mal et s’en iront, dégoûtés.

Tu en auras peut-être un de temps en temps - et encore, ce n’est pas sûr- mais pas en rafale comme en ce moment.

Depuis 2001, je n’ai eu aucun virus, aucun spyware . Juste des petits trucs légers de type cookie , sans conséquence.

Il n’y a pas besoin de mettre des tonnes de logiciels, juste un pare-feu, un bon anti-virus et un bon anti-spyware . Pour plus de sécurité: FireFox en navigateur Internet.

MagicLink · Décembre 30, 2005, 2:59

:ane: :miam: :love: :sol:

euh pardon, c’était juste pour exprimer ma joie, ca va beaucoup mieux lol
Je me suis renseigné sur internet et j’ai trouvé un anti-virus (presque en ligne) qui s’appelle EWIDO et il m’a viré plein de trucs…ca fait du bien!!!
Bon il reste quelques trucs mais c’est déja cela de fait…
Je vous remet au courant avec un log d’hijackthis (eh oui ca remarche…mouahahahahaha !!!)
ciao

mike27 · Décembre 30, 2005, 9:21

Ah : enfin une bonne nouvelle.

Oui, Ewido est un excellent produit , pas assez connu . Je l’avais oublié .

MagicLink · Janvier 2, 2006, 7:46

Bon j’ai pas le temps de poster un nouveau rapport (j’ai repris les cours…) mais j’ai eu le temps d’ajouter un pare-feu, c’est zone alarm pro (je n’avait que ca sur un CD) qui trainait lol donc dés que la version d’évaluation sera terminée, je mettrai une version gratuite (zone alarm sûrement).
Donc ce week-end je pense, je devrais poster à nouveau des messages pour vous tenir au courant…
++

mike27 · Janvier 2, 2006, 8:09

Good
On va bien finir par y arriver

MagicLink · Janvier 7, 2006, 10:20

salut !
Bon ba j’ai refait des scans et apparement y’a pas trop de problémes !
Il manque plus qu’à faire un scan avec avast. A propos de Zone Alarm, c chiant, il faut toujours cliquer sur OK quand on surfe suer le net…alors j’appuie sur “don’t show this dialog again”, ca change rien?
Et aussi quand je veux télécharger un truc en cliquant sur un lien d’un site, bah ca marche pas, c’est a cause du firewall? Et comment faire pour pouvoir télécharger alors?
Merci