Gros problèmes

zebb_17 · le 12 mai 2005

bonjour

je viens solliciter votre aide car je ne m'en sors pas avec mon pc et ca fait plusieurs semaines que ca dure...

g un adsl 1024 et qd je suis connecté ca rame a mort (pratikement comme si j'étais en 56k)

de plus, dès que je suis connectée, je ne peux rien ouvrir sur mon ordinateur (poste de travail, mes documents, etc...), je ne parviens plus a passer par internet explorer (ca c pas le pire, j'utilise firefox du coup)

j'ai tenté divers scan (spybote, adaware...)plusieurs antivirus mais rien n'y fait

je n'arrive meme pas a le restaurer

g un log de hijackthis que je viens de faire, je vous le copie si jamais il y a quelque chose dedans

merci d'avance

Logfile of HijackThis v1.99.1

Scan saved at 18:50:56, on 12/05/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\ATI-CPanel\atiptaxx.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe

C:\Program Files\Trend Micro\PC-cillin 9\PCCCLIENT.EXE

C:\Program Files\Trend Micro\PC-cillin 9\PCCGUIDE.EXE

C:\Program Files\Trend Micro\PC-cillin 9\WebTrap.EXE

C:\Program Files\Trend Micro\PC-cillin 9\POP3TRAP.EXE

C:\WINDOWS\explorer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\WINDOWS\system32\wuauclt.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Documents and Settings\Géraldine\Bureau\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.de/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = HTTP=proxy.club-internet.fr:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: FlashEnhancer Extender - {0AD937E7-2F37-4873-A05E-548A67EF1D0E} - c:\Program Files\Flen\flen.dll

O2 - BHO: CATLEvents Object - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\GRALDI~1\LOCALS~1\Temp\rbasab.dat (file missing)

O2 - BHO: CATLEvents Object - {3EC8E271-FAB9-418a-8A8E-65AEB4029E64} - C:\DOCUME~1\GRALDI~1\LOCALS~1\Temp\bewrc.dat (file missing)

O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet6_38.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\GRALDI~1\MESDOC~1\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: surfdog - {75B59F53-A75C-E676-281D-C23ACC956D3E} - C:\PROGRA~1\MAGSSI~1\Free name.dll (file missing)

O2 - BHO: CATLEvents Object - {BB54DE33-E539-4749-BFAC-CC49617E8F2A} - C:\DOCUME~1\GRALDI~1\LOCALS~1\Temp\sabrc.dat

O2 - BHO: CATLEvents Object - {FF4D5071-EE0E-4DCA-BC1C-D776B0F2276E} - C:\DOCUME~1\GRALDI~1\LOCALS~1\Temp\cpva.dat (file missing)

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: base settings math - {8961F1ED-27D2-624C-BD44-96DE7CB19649} - C:\PROGRA~1\MAGSSI~1\Free name.dll (file missing)

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [ADKQXE] C:\WINDOWS\ADKQXE.exe

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause

O4 - HKLM\..\Run: [Piolet] C:\Program Files\Piolet\Piolet.exe SILENT

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [crweb] C:\WINDOWS\repair\crweb.exe

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\NVC\BIN\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [*crweb] C:\WINDOWS\repair\crweb.exe

O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s

O4 - HKLM\..\Run: [*cinet] C:\WINDOWS\Registration\cinet.exe

O4 - HKLM\..\Run: [*winip] C:\WINDOWS\addins\winip.exe

O4 - HKLM\..\Run: [*javaap] C:\WINDOWS\Help\javaap.exe

O4 - HKLM\..\Run: [*wmp3] C:\WINDOWS\inf\wmp3.exe

O4 - HKLM\..\Run: [*utilw] C:\WINDOWS\inf\utilw.exe

O4 - HKLM\..\Run: [*odbcms] C:\WINDOWS\Config\odbcms.exe

O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE

O4 - HKLM\..\Run: [*runbin] C:\WINDOWS\AppPatch\runbin.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [DI2] C:\DOCUME~1\GRALDI~1\LOCALS~1\Temp\27.exe\27.exe

O4 - HKLM\..\Run: [bPT] "C:\Program Files\Bpt\bpt.exe"

O4 - HKLM\..\Run: [security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe

O4 - HKLM\..\Run: [spyFighterMonitor] "C:\Program Files\SpyFighter\SpyFighterScanner.exe" monitor

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe"

O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe"

O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe"

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [system Soap Pro] C:\Program Files\System Soap Pro\soap.exe min

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [yqjknbf] c:\windows\pjnkbog.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: hp psc 1000 series.lnk = ?

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm

O8 - Extra context menu item: Télécharger en utilisant FlashGet - C:\Program Files\FlashGet\jc_link.htm

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyside.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra button: Microsoft AntiSpyware helper - {1407E54F-8003-4522-8B70-685A80542E5F} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1407E54F-8003-4522-8B70-685A80542E5F} - (no file) (HKCU)

O10 - Hijacked Internet access by New.Net

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab

O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://encyclo.voila.fr/JS/tdserver.cab

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwe...etup1.0.0.8.exe

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/101bac1986d656...RdxIE601_fr.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} (WWWInstall Class) - http://go.securelive.com/speed/WebInstall.dll

O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/13536/CD/LeDortoir.exe

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28578.cab

O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AFFBB} - http://esb.alcena.com/ESBBundleInstaller2.ocx

O17 - HKLM\System\CCS\Services\Tcpip\..\{B38CF8D2-A862-4B36-90E6-262A406AF002}: NameServer = 194.117.200.10,194.117.200.15

O18 - Protocol: bw+0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {E214234B-8590-4D34-9AE3-6C8457E67E8D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - Winlogon Notify: crbas - C:\DOCUME~1\GRALDI~1\LOCALS~1\Temp\sabrc.dat

O21 - SSODL: NTDBGTOOL - {86551A31-0AAE-4F14-ACCE-A3F6BB93772A} - C:\WINDOWS\system32\kbdnslvr.dll (file missing)

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: FireDaemon Service: ecure (ecure) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)

O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\PCCPFW.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: FireDaemon Service: svchost1 (svchost1) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)

O23 - Service: FireDaemon Service: system (system) - Unknown owner - C:\WINDOWS\Temp\FireDaemon.EXE (file missing)

O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

le 12 mai 2005

Bonsoir zebb_17, bonsoir à tous. Il y a le parasite NewDoNet: O10 - Hijacked Internet access by New.Net

1/Télécharge cet outil de désinfection LSPFix

de Cexx.org

http://www.cexx.org/lspfix.htm

Ce programme tente de corriger les problèmes de connexion à Internet résultant de programmes Layered Service Provider (LSP) buggués ou improprement éliminées. Ce problème survient souvent par les adwares New.net (NewdotNet) et WebHancer, en bundle avec des freewares.

Quand vous lancez LSP-Fix, il lit la liste des modules LSP à partir de la base de registres de Windows et vérifie que chaque module existe. Si un module manque, il est placé dans la liste "Remove" pour être éliminé ; explications assiste.com.

Procédures:

1 Démarrer>Paramètres>Panneau de configuration>Ajout/suppression de programmes
Si il y a le programme NewDotNeT ou Newnet le désinstaller

(le désinstaller en mode sans échec si l’application est récalcitrante)

2 Explorateur Windows: suivre ce chemin :
C:\Program Files\NewDotNet ou C:\windows\

rechercher le fichier de désinstallation ressemblant à NDNuninstallX_XX.exe(x est la version)

Cliquer dessus,une fois la désinstallation terminée supprimer le dossier C:\Program Files\NewDotNet

3 Télécharger l'uninstallNewdonet http://www.new.net/support/uninstall6_38.exe
et le copier le sur une disquette ou CD.

Insérer la disquette ou CD.

Cliquer sur démarrer.

Cliquer sur exécuter.

Taper: X:\uninstall6_38.exe. (ou X représente le lecteur Disquette A ou ton lesteur CD D,E,F,..)

Cliquer sur OK .

Une fois la désinstallation terminée, redémarrer.

Si après la manip ci-dessous tu perds l’accès à internet :

Démarre LSPFix
Coche 'I know what I'm doing'

Clique sur 'Finish'.

Redémarre ton PC.

4 Télécharge, installe, mets à jour et exécute cet utilitaire

http://www.ewido.net/en/download/

A la fin de son analyse, tu colles son rapport ici, ainsi qu'un nouveau log Hijackthis

zebb_17 · le 12 mai 2005

ok, merci pour la reponse, rapide en plus

j'essaie de faire ca et je vous tiens au courant

a plus

zebb_17 · le 12 mai 2005

me revoila

j'ai fait ce qui été ecrit au dessus, j'ai suivi à la lettre la procédure et le problème est toujours présent

j'ai le log de ewido mais il n'est pas entier

ewido security suite - Rapport de scan

---------------------------------------------------------

+ Créé le: 23:06:57, 12/05/2005

+ Somme de contrôle: 60BBD8AC

+ Date des signatures: 12/05/2005

+ Version du moteur de recherche: v3.0

+ Temps: 19 min

+ Fichiers scannés: 42984

+ Vitesse: 36.97 Fichiers/Secondes

+ Fichers infectés: 11

+ Fichiers supprimés: 11

+ Fichiers mis en quarantaine: 11

+ Fichiers ne pouvant pas être ouverts: 0

+ Fichiers ne pouvant pas être nettoyés: 0

+ Liés: Oui

+ Cryptés: Oui

+ Archives: Oui

+ Elements scannés:

C:\

+ Résultats du scan:

C:\Documents and Settings\Géraldine\Cookies\géraldine@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder

C:\Documents and Settings\Géraldine\Cookies\géraldine@www.smartadserver[2].txt -> Spyware.Tracking-Cookie -> Nettoyer et sauvegarder

C:\Documents and Settings\Géraldine\Local Settings\Temp\bd3pm.dat -> TrojanSpy.Agent.ce -> Nettoyer et sauvegarder

C:\Documents and Settings\Géraldine\Local Settings\Temp\bdlru.dat -> TrojanSpy.Agent.ce -> Nettoyer et sauvegarder

C:\Documents and Settings\Géraldine\Local Settings\Temp\ssvpa.dat -> TrojanSpy.Agent.ce -> Nettoyer et sauvegarder

C:\Documents and Settings\Géraldine\Local Settings\Temp\tmp102.tmp -> TrojanDropper.Small.vn -> Nettoyer et sauvegarder

C:\Documents and Settings\Géraldine\Local Settings\Temp\tmp103.tmp -> TrojanDropper.Small.sa -> Nettoyer et sauvegarder

C:\Documents and Settings\Géraldine\Local Settings\Temp\tmpC2.tmp -> TrojanDownloader.Small.aql -> Nettoyer et sauvegarder

C:\Documents and Settings\Géraldine\Local Settings\Temp\tmpE4.tmp -> TrojanDownloader.Small.aql -> Nettoyer et sauvegarder

C:\Documents and Settings\Géraldine\Local Settings\Temp\tmpE6.tmp -> TrojanDownloader.Small.aql -> Nettoyer et sauvegarder

C:\Documents and Settings\Géraldine\Local Settings\Temp\tnofyek.dat -> TrojanSpy.Agent.ce -> Nettoyer et sauvegarder

::Fin du rapport

et voici le log de hijackthis

Logfile of HijackThis v1.99.1

Scan saved at 23:08:04, on 12/05/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\Program Files\ewido\security suite\ewidoguard.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Trend Micro\PC-cillin 9\Tmntsrv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ATI-CPanel\atiptaxx.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Trend Micro\PC-cillin 9\pccguide.exe

C:\Program Files\Trend Micro\PC-cillin 9\PCCClient.exe

C:\Program Files\Trend Micro\PC-cillin 9\Pop3trap.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Trend Micro\PC-cillin 9\WebTrap.EXE

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Outlook Express\msimn.exe