virus : W32.Sinnaka.A@mm + ecran de fond
Forum Sécurité - Virus : virus : W32.Sinnaka.A@mm + ecran de fond
voila, depuis cette nuit je suis infecté par ce virus : spam + messages d'alerte au niveau de l'horloge. Ma page d'acceuil est modifié et m'envoi directement sur un message d'alerte pour le virus W32.Sinnaka.A@mm.
De plus mon fond d'ecran a ete modifier (warning...) et impossible de le remodifier (seul ecran de veille et parametre son dispo quand ke clicke sur parametre).
Comme vous le demandez généralement, j'ai effectuer un scan. Voici le resultat :
Logfile of HijackThis v1.99.1
Scan saved at 11:44:15, on 29/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\shnlog.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\intmonp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\intmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\popuper.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ordi\Bureau\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O2 - BHO: HP Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA} - C:\WINDOWS\system32\hpAD28.tmp
O3 - Toolbar: (no name) - {339BB23F-A864-48C0-A59F-29EA915965EC} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eDonkey2000] C:\Program Files\eDonkey2000\eDonkey2000.exe -t
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Program Files\Microsoft AntiSpyware\gcASCleaner.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc
O4 - HKCU\..\Run: [LDM] \Program\
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn. [...] ngctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F849FE5-8382-4AC8-B20A-501F7101AAAC}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: bw+0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {8644139D-2E42-4D6B-A1CC-69D8B9083B4D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: style2 - C:\WINDOWS\q109957203.dll
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe" -run bl -n PersonalPro -v 5.0.0.0 -ttsr 10000000 (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
Bonjour,
1/ Télécharge SmitfraudFix
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix.cmd
Choisis l'option 1 (Recherche)
Poste le rapport ici
2/ Redémarre en mode sans échec (Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Relance SmitfraudFix et choisis cette fois l’option 2 et réponds oui à chaque question
Sauvegarde le rapport.
3/ Redémarre normalement et poste le 2ème rapport de SmitfraudFix et un nouveau rapport de HJT.
voila le premier rapport avant le reboot en mse:
SmitFraudFix v1.85
Rapport fait à 12:24:26,42 le 29/09/2005
Executé à partir de C:\Documents and Settings\ordi\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS
C:\WINDOWS\popuper.exe PRESENT !
C:\WINDOWS\sites.ini PRESENT !
C:\WINDOWS\uninstIU.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32
C:\WINDOWS\system32\hhk.dll PRESENT !
C:\WINDOWS\system32\hp????.tmp PRESENT !
C:\WINDOWS\system32\intmon.exe PRESENT !
C:\WINDOWS\system32\intmonp.exe PRESENT !
C:\WINDOWS\system32\msole32.exe PRESENT !
C:\WINDOWS\system32\ole32vbs.exe PRESENT !
C:\WINDOWS\system32\oleext.dll PRESENT !
C:\WINDOWS\system32\shnlog.exe PRESENT !
C:\WINDOWS\system32\wppp.html PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\ordi\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\ordi\Bureau
C:\Documents and Settings\ordi\Application Data\PSGuard.com PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de la clé HKLM\SOFTWARE\SHUDDERLTD
HKLM\SOFTWARE\SHUDDERLTD non trouvé.
C:\WINDOWS\system32\wininet.dll infecté !
»»»»»»»»»»»»»»»»»»»»»»»» Recherche wininet.dll de remplacement
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 2C88-727C
R‚pertoire de C:\WINDOWS\$hf_mig$\KB834707\SP2QFE
29/09/2004 20:47 660ÿ992 wininet.dll
1 fichier(s) 660ÿ992 octets
R‚pertoire de C:\WINDOWS\$hf_mig$\KB867282\SP2QFE
27/01/2005 19:12 662ÿ016 wininet.dll
1 fichier(s) 662ÿ016 octets
R‚pertoire de C:\WINDOWS\$hf_mig$\KB883939\SP2QFE
02/05/2005 22:58 663ÿ040 wininet.dll
1 fichier(s) 663ÿ040 octets
R‚pertoire de C:\WINDOWS\$hf_mig$\KB890923\SP2QFE
10/03/2005 09:48 662ÿ016 wininet.dll
1 fichier(s) 662ÿ016 octets
R‚pertoire de C:\WINDOWS\$NtServicePackUninstall$
07/09/2002 02:00 603ÿ136 wininet.dll
1 fichier(s) 603ÿ136 octets
R‚pertoire de C:\WINDOWS\$NtUninstallKB834707$
04/08/2004 01:54 660ÿ480 wininet.dll
1 fichier(s) 660ÿ480 octets
R‚pertoire de C:\WINDOWS\$NtUninstallKB867282$
29/09/2004 20:49 660ÿ992 wininet.dll
1 fichier(s) 660ÿ992 octets
R‚pertoire de C:\WINDOWS\$NtUninstallKB883939$
10/03/2005 10:04 660ÿ992 wininet.dll
1 fichier(s) 660ÿ992 octets
R‚pertoire de C:\WINDOWS\$NtUninstallKB890923$
27/01/2005 19:14 660ÿ992 wininet.dll
1 fichier(s) 660ÿ992 octets
R‚pertoire de C:\WINDOWS\ServicePackFiles\i386
04/08/2004 01:54 660ÿ480 wininet.dll
1 fichier(s) 660ÿ480 octets
R‚pertoire de C:\WINDOWS\system32
02/05/2005 22:57 662ÿ016 wininet.dll
1 fichier(s) 662ÿ016 octets
»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
impossible de redemarrer en mode sans echec. l'explorer ne veut pas se lancer , un message derreur (avec des chiffres ^^) me bloque l'acces. Meme en faisant nouvelle tache ==> explorer
UP ! je galère vraiment la 
Fais CTRL Maj Echap
puis termine les processus :
shnlog.exe
intmonp.exe
intmon.exe
popuper.exe
Lance SmitfraudFix et choisis l’option 2
Réponds oui à chaque question
Sauvegarde et poste le rapport.
imposible de les fermer , ils revienne automatiquement , je fais quand meme letape 2 ?
Merci esteban54, j'ai eu ce probleme hier apres midi et tout mes anti spyware s'affolait et m'envoyais sur la même page que RooTss. Pour ma part ça a tres bien fonctionner.
Merci encore (je me suis même crée un compte pour venir te remercier)
merci a toi esteban,j ai eu le meme prob,et ta manip a fonctionner nikel chez moi.
merci encore
Il y a 327 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
