Virus firstadsolution - help

Logiciel & apps Logiciel Général
1

voila j’ai depuis quelques temps des fenetres qui s’ouvrent lorsque je vais sur internet,surtout a cose de adfirstassolution, pourtant j’utilise mozilla firefox…voila mon log HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 10:50:46, on 17/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
D:\Trend Micro\Internet security\Tmntsrv.exe
D:\Trend Micro\Internet security\PccPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\fxredir.exe
D:\Trend Micro\Internet security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Trend Micro\Internet security\pccguide.exe
D:\Program Files\messengerplus!3\MsgPlus.exe
D:\Trend Micro\Internet security\PCClient.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\VIA\RAID\raid_tool.exe
c:\progra~1\intern~1\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eliz’\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.plptsdnebyejniaq.com/977Jivb1QC…kzueS4OPpy.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zbcuymbtypx.us/977Jivb1QCuOls8J…MqgGvGWKqc.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {D25335A9-685E-4620-4F6D-AD50966CBAF6} - C:\DOCUME~1\Eliz’\APPLIC~1\ARMYLI~1\BATSPAM.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\…\Run: [VTTimer] VTTimer.exe
O4 - HKLM\…\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\…\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\…\Run: [TM Outbreak Agent] “D:\Trend Micro\Internet security\TMOAgent.exe” /run
O4 - HKLM\…\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\…\Run: [pccguide.exe] “D:\Trend Micro\Internet security\pccguide.exe”
O4 - HKLM\…\Run: [MessengerPlus3] “D:\Program Files\messengerplus!3\MsgPlus.exe”
O4 - HKLM\…\Run: [PCClient.exe] “D:\Trend Micro\Internet security\PCClient.exe”
O4 - HKLM\…\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe I
O4 - HKLM\…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\…\Run: [defy owns joy body] C:\Documents and Settings\All Users\Application Data\traybeepdefyowns\SITE VIEW.exe
O4 - HKLM\…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU\…\Run: [first the] C:\DOCUME~1\Eliz’\APPLIC~1\Shimeq\Morewindowdvd.exe
O4 - HKCU\…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: &Every Toolbar Search - res://C:\DOCUME~1\Eliz’\Bureau\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\…\{680FE91D-2A4F-43DE-B175-EDCF02255F06}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CCS\Services\Tcpip\…\{E28D4036-97A3-46A7-AB22-F51B5798E38D}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: bw+0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O18 - Protocol: offline-8876480 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - D:\Trend Micro\Internet security\PccPfw.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - D:\Trend Micro\Internet security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - D:\Trend Micro\Internet security\tmproxy.exe

merci d’avance :slight_smile:

2

salut lisou_29
supprime les lignes suivantes dans hijackthis:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.plptsdnebyejniaq.com/977Jivb1QC…kzueS4OPpy.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zbcuymbtypx.us/977Jivb1QCuOls8J…MqgGvGWKqc.html
O2 - BHO: (no name) - {D25335A9-685E-4620-4F6D-AD50966CBAF6} - C:\DOCUME~1\Eliz’\APPLIC~1\ARMYLI~1\BATSPAM.exe
O4 - HKLM\…\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\…\Run: [defy owns joy body] C:\Documents and Settings\All Users\Application Data\traybeepdefyowns\SITE VIEW.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

J’avais oublié cette ligne:
O8 - Extra context menu item: &Every Toolbar Search - res://C:\DOCUME~1\Eliz’\Bureau\EVERYT~1.1\everycom.dll/GoRSDN.dll.htm

3

-Lancer ensuite un scan antispyware (penser à faire une mise-à-jour)
http://www.clubic.com/telecharger-fiche127…e-personal.html
http://www.clubic.com/telecharger-fiche109…ch-destroy.html

-télécharger et installer ewido
http://download.ewido.net/ewido-setup.exe

  • A l’installation, décocher les cases “Install background guard (required for automatic updates)” et “Install scan via context menu”.
  • lancer Ewido et le mettre à jour
  • Redémarrer en mode sans échec, (en tapotant F8 au démarrage).
  • Lancer ewido
  • cliquer sur “Complete System Scan”
    (Attention, pendant le scan, ne pas ouvrir de dossier ou le panneau de configuration )
    Une fois le scan est terminé, cliquer sur “Save Report” et localiser le rapport
    -Redémarrer le pc puis coller le rapport d’ewido.
4

ewido anti-malware - Rapport de scan

  • Créé le: 13:17:10, 17/06/2006

  • Somme de contrôle: 52D29B90

  • Résultats du scan:

    C:\Documents and Settings\Eliz’\Cookies\eliz’@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyer et sauvegarder
    C:\Documents and Settings\Eliz’\Cookies\eliz’@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyer et sauvegarder

::Fin du rapport

voila, je croi que les fenetres s’ouvrent moins souvent mais ca continue toujourds…

5

Normalement en désinstallant messenger plus tous devrait rentré dans l’ordre.Et si tu veux le réinstaller installe le sans les sponsors.

6

toujours pareil…

7

repost un log hijackthis

8

Logfile of HijackThis v1.99.1
Scan saved at 17:38:42, on 17/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
D:\Trend Micro\Internet security\Tmntsrv.exe
D:\Trend Micro\Internet security\tmproxy.exe
D:\Trend Micro\Internet security\PccPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\fxredir.exe
D:\Trend Micro\Internet security\TMOAgent.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\Trend Micro\Internet security\pccguide.exe
D:\Trend Micro\Internet security\PCClient.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Eliz’\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ygqdcxwgjfsumnggcbou.com/977Jiv…kzueS4OPpy.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\…\Run: [VTTimer] VTTimer.exe
O4 - HKLM\…\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\…\Run: [TM Outbreak Agent] “D:\Trend Micro\Internet security\TMOAgent.exe” /run
O4 - HKLM\…\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\…\Run: [pccguide.exe] “D:\Trend Micro\Internet security\pccguide.exe”
O4 - HKLM\…\Run: [PCClient.exe] “D:\Trend Micro\Internet security\PCClient.exe”
O4 - HKLM\…\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe I
O4 - HKLM\…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU\…\Run: [first the] C:\DOCUME~1\Eliz’\APPLIC~1\Shimeq\Morewindowdvd.exe
O4 - HKCU\…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\…\{680FE91D-2A4F-43DE-B175-EDCF02255F06}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CCS\Services\Tcpip\…\{E28D4036-97A3-46A7-AB22-F51B5798E38D}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: bw+0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O18 - Protocol: offline-8876480 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - D:\Trend Micro\Internet security\PccPfw.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - D:\Trend Micro\Internet security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - D:\Trend Micro\Internet security\tmproxy.exe

9

supprime les lignes suivantes:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ygqdcxwgjfsumnggcbou.com/977Jiv…kzueS4OPpy.html
O4 - HKCU\…\Run: [first the] C:\DOCUME~1\Eliz’\APPLIC~1\Shimeq\Morewindowdvd.exe
vérifie ce chemin s’il existe si c’est le cas supprime le dossier:
D:\Program Files\messengerplus!3\

Télécharge CWShredder
http://www.intermute.com/spysubtract/cwshr…r_download.html

Fermez toutes vos instances d’Internet Explorer
Fermez toutes vos instances de Windows Explorer
Fermez toutes vos instances de Notepad
Fermez toutes vos instances de MediaPlayer
Exécutez CWShredder et commencez par faire une mise à jour en cliquant sur le bouton “Check for update” (ce programme est mis à jour très très très souvent).
Cliquez sur le bouton “fix”

édite: chez quel FAI est tu: AOL ou Alice et pourquoi as tu 2 pare feu( internet security et kerio)

10

on va voir si ca marche…
je suis chez alice et j’ai 2 pare feu car il y en a un sur mon antrivirus et le frere dune copine m’en a installé un ki etait soidisant mieux

11

donc supprime alors cette ligne:
O17 - HKLM\System\CCS\Services\Tcpip\…\{E28D4036-97A3-46A7-AB22-F51B5798E38D}: NameServer = 193.252.19.3,193.252.19.4 adresse wanadoo et non celle de aol

par contre il faut que tu supprime un des deux pare feu car il n’est pas bon d’en avoir deux.Soit tu gardes internet security et tu supprime kerio, ou tu désactive la fonction pare feu d’internet security pour utiliser kerio.

12

adfirstadsolution souvre tjr… je desespere lol

13

éssaye ça:
telecharge smitfraudfix
http://www.zebulon.fr/articles/SmitfraudFix.php
tu le decompresse tu double clik dessus comme l’indique la procédure et tu choisi l option 1
cela vas generer un rapport poste le ici

14

SmitFraudFix v2.61

Rapport fait à 20:08:05,59, 17/06/2006
Executé à partir de C:\Documents and Settings\Eliz’\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Eliz’\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Eliz’\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
“Source”=“About:Home”
“SubscribedURL”=“About:Home”
“FriendlyName”=“Ma page d’accueil”

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler’s .dll

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

15

Bon je coince,
repasse un coup de ewido et poste le rapport
repost un log hijackthis
as tu bien désinstallé messenger plus et bien supprimer le dossier car normalement
adfirstadsolution est un sponsor installé par MSN plus

Edite: Télécharge CCleaner et effectue un nettoyage
http://www.clubic.com/telecharger-fiche144…ap-cleaner.html
Note: Lors de l’installation, sur l’écran “Options d’installation”, décocher la case située devant “Ajouter la barre d’outils Yahoo! CCleaner”

16

Logfile of HijackThis v1.99.1
Scan saved at 20:21:37, on 17/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\fxredir.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Canon\MultiPASS4\monitr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\ntvdm.exe
D:\Program Files\Emule\emule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\Cleanmgr.exe
D:\Trend Micro\Internet security\tmproxy.exe
D:\Trend Micro\Internet security\PccPfw.exe
D:\Trend Micro\Internet security\Tmntsrv.exe
D:\Trend Micro\Internet security\PCClient.EXE
D:\Trend Micro\Internet security\PCCGUIDE.EXE
D:\Trend Micro\Internet security\TMOAgent.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Documents and Settings\Eliz’\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yblelqpkmdqhqfffjkdoum.uk/977Ji…jkzueS4OPpy.jpg
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\…\Run: [VTTimer] VTTimer.exe
O4 - HKLM\…\Run: [fxredir] C:\WINDOWS\System32\fxredir.exe
O4 - HKLM\…\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\…\Run: [TM Outbreak Agent] “D:\Trend Micro\Internet security\TMOAgent.exe” /run
O4 - HKLM\…\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\…\Run: [pccguide.exe] “D:\Trend Micro\Internet security\pccguide.exe”
O4 - HKLM\…\Run: [PCClient.exe] “D:\Trend Micro\Internet security\PCClient.exe”
O4 - HKLM\…\Run: [monitr32] C:\Program Files\Canon\MultiPASS4\monitr32.exe I
O4 - HKLM\…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM\…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKCU\…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\…\Run: [first the] C:\DOCUME~1\Eliz’\APPLIC~1\Shimeq\Morewindowdvd.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.com/activex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\…\{680FE91D-2A4F-43DE-B175-EDCF02255F06}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O18 - Protocol: offline-8876480 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - D:\Trend Micro\Internet security\PccPfw.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - D:\Trend Micro\Internet security\Tmntsrv.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - D:\Trend Micro\Internet security\tmproxy.exe

17

tu n’as pas supprimer ces lignes comme je te l’avais demander:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yblelqpkmdqhqfffjkdoum.uk/977Ji…jkzueS4OPpy.jpg
O4 - HKCU\…\Run: [first the] C:\DOCUME~1\Eliz’\APPLIC~1\Shimeq\Morewindowdvd.exe

18

si si je les avais bien suprimé mai je viens de me rendre compte ke a chaque fois que je supprime
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yblelqpkmdqhqfffjkdoum.uk/977Ji…jkzueS4OPpy.jpg
il reapparait plus tard…

19

:hello: @ toutes zé tous

Démarrer > Exécuter : tape : regedit et valide

Déploie à l’aide des http://img84.imageshack.us/img84/2888/regedit8ml.jpg

http://img84.imageshack.us/img84/2888/regedit8ml.jpg HKCU\( = HKEY CURRENT USER) <-- départ
http://img84.imageshack.us/img84/2888/regedit8ml.jpg Software
http://img84.imageshack.us/img84/2888/regedit8ml.jpg Microsoft
http://img84.imageshack.us/img84/2888/regedit8ml.jpg Internet Explorer
http://img84.imageshack.us/img84/2888/regedit8ml.jpg Main --> Search Bar <-- clic.droit> supprimer l’adresse et modifier (= entrer une nouvelle adresse et valider) <- voir photo ci-dessous

http://img144.imageshack.us/img144/2685/clubic2bg.th.jpg

Relance Hijacthis et recoche les lignes si nécessaire

et enlève ce BackWeb de ton démarrage :pfff:
O4 - HKCU\…\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
(démarrer>exécuter : taper : msconfig< onglet >> démarrage << décocher la case)

qui génère 1 centaine de ça
O18 - Protocol: bw+0 - {02485B75-6ECB-4BD1-AF82-DB42E9E02E2A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

Sauf : O4 - VTTimer.exe - pccguide.exe - PCClient.exe - SAGEM F@st 800-840 - tu peux aussi décocher le reste

20

voila c fait, le pb est un peu moins imortant mais adfirstadsolution souvre tjr…