log hijack

6 réponses

hug

08/05/2006 à 21:12

bonsoir,
je viens demander de l'aide après avoir déjà nettoyer plusieurs trojans et
spyware chez mon neveu (à 700 km de moi) par analyse et recherche de son
premier log hijackthis.
je vous soumets son 2° log dans lequel j'ai bien vu qu'il restait ceci que
je lui avais dit de fixer :
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitial
Setup1.0.0.8-2.cab

a-t-il oublié ou est-ce revenu tout seul ?

voici le log , merci de nous aider ,
il est sous win XP sp2 avec Avast et le pare-feu d'XP :

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876480.exe
C:\jeux\counter-strike\steam.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.cegetel.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Liens
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:\WINDOWS\nem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {080DBF4B-8F89-439A-A20E-E8ABE22DA19F} -
C:\WINDOWS\system32\msnetocj.dll (file missing)
O2 - BHO: (no name) - {4B02AB1D-36D2-2F55-FB1C-EAC9FA35C974} -
C:\DOCUME~1\UTILIS~1\APPLIC~1\BASEME~1\Admintitle.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {616CBF45-E7EB-2B77-91C1-4A3975E83EE1} -
C:\DOCUME~1\UTILIS~1\APPLIC~1\BASEME~1\flawcamp.exe (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} -
C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:\WINDOWS\wsem303.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD
Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus!
3\MsgPlus.exe"
O4 - HKLM\..\Run: [Cool Win Long Bits] C:\Documents and Settings\All
Users\Application Data\bleh iso cool win\first junk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Name of App] C:\Program Files\SAMSUNG\FW
LiveUpdate\Liveupdate.exe
O4 - HKLM\..\Run: [BIN ENC BODY TRANS] C:\Documents and Settings\All
Users\Application Data\Bike 32 Bin Enc\atomuser.exe
O4 - HKLM\..\Run: [Swvuhx] C:\Program Files\Aanwhgt\Pbfbb.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Trickler] "c:\documents and settings\utilisateur\local
settings\temp\gain_trickler_3202.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run: [List info]
C:\DOCUME~1\UTILIS~1\APPLIC~1\LIESFO~1\settings 4 grim.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program
Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Steam] "c:\jeux\counter-strike\steam.exe" -silent
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st
800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program
Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program
Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais -
res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program
Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Traduire cette page -
C:\WINDOWS\WEB\powertoy.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet
Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123699967750
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{2C61D5B7-168E-40AE-B608-54CE96FFA5DD}:
NameServer = 217.19.192.132 217.19.192.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program
Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program
Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program
Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers
communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe

cordialement, merci et à plus tard (sans doute demain)

6 réponses

Sweety

08/05/2006 à 21:18

Dans le message news:,
hug écrivait :

bonsoir,
je viens demander de l'aide après avoir déjà nettoyer plusieurs
trojans et spyware chez mon neveu (à 700 km de moi) par analyse et
recherche de son premier log hijackthis.
je vous soumets son 2° log dans lequel j'ai bien vu qu'il restait
ceci que je lui avais dit de fixer :
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitial
Setup1.0.0.8-2.cab

a-t-il oublié ou est-ce revenu tout seul ?

voici le log , merci de nous aider ,
il est sous win XP sp2 avec Avast et le pare-feu d'XP :

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAvast4aswUpdSv.exe
C:Program FilesAvast4ashServ.exe
C:Program FilesFichiers communsLightScribeLSSrvc.exe
C:Program FilesFichiers communsMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAvast4ashMaiSv.exe
C:Program FilesAvast4ashWebSv.exe
C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesMessengerPlus! 3MsgPlus.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:PROGRA~1Avast4ashDisp.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesLogitechDesktop
Messenger8876480ProgramBackWeb-8876480.exe
C:jeuxcounter-strikesteam.exe
C:Program FilesSAGEMSAGEM 800-840dslmon.exe
C:Program FilesLogitechSetPointKEM.exe
C:Program FilesLogitechSetPointKHALMNPR.EXE
C:Program FilesLogitechVideoFxSvr2.exe
C:WINDOWSsystem32wuauclt.exe
C:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page >> http://www.google.fr/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext >> http://www.cegetel.net/
R0 - HKCUSoftwareMicrosoftInternet
ExplorerToolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:WINDOWSnem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program
FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {080DBF4B-8F89-439A-A20E-E8ABE22DA19F} -
C:WINDOWSsystem32msnetocj.dll (file missing)
O2 - BHO: (no name) - {4B02AB1D-36D2-2F55-FB1C-EAC9FA35C974} -
C:DOCUME~1UTILIS~1APPLIC~1BASEME~1Admintitle.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {616CBF45-E7EB-2B77-91C1-4A3975E83EE1} -
C:DOCUME~1UTILIS~1APPLIC~1BASEME~1flawcamp.exe (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} -
C:PROGRA~1eoRezoEoAdvEOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no
file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:WINDOWSwsem303.dll (file missing)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program
filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLink DVD
SolutionPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [adiras] adiras.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [MessengerPlus3] "C:Program FilesMessengerPlus!
3MsgPlus.exe"
O4 - HKLM..Run: [Cool Win Long Bits] C:Documents and SettingsAll
UsersApplication Datableh iso cool winfirst junk.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechVideoRepair] C:Program
FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program
FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Name of App] C:Program FilesSAMSUNGFW
LiveUpdateLiveupdate.exe
O4 - HKLM..Run: [BIN ENC BODY TRANS] C:Documents and SettingsAll
UsersApplication DataBike 32 Bin Encatomuser.exe
O4 - HKLM..Run: [Swvuhx] C:Program FilesAanwhgtPbfbb.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1Avast4ashDisp.exe
O4 - HKLM..Run: [Trickler] "c:documents and
settingsutilisateurlocal settingstempgain_trickler_3202.exe"
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN
MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [List info]
C:DOCUME~1UTILIS~1APPLIC~1LIESFO~1settings 4 grim.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop
Messenger8876480ProgramBackWeb-8876480.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "C:Program
FilesLogitechVideoManifestEngine.exe" boot
O4 - HKCU..Run: [Steam] "c:jeuxcounter-strikesteam.exe" -silent
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM
800-840dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program
FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointKEM.exe
O8 - Extra context menu item: &eBay Search - res://C:Program
FileseBayeBay Toolbar2eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Traduire cette page -
C:WINDOWSWEBpowertoy.htm
O8 - Extra context menu item: Version de la page actuelle disponible
dans le cache Google - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmcache.html O9 - Extra button: (no
name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Recherche -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet
ExplorerPluginsNPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live
Safety Center Base Module) -
http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl
Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123699967750
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan
Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
- http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object)
- http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 -
HKLMSystemCCSServicesTcpip..{2C61D5B7-168E-40AE-B608-54CE96FFA5DD}:
NameServer = 217.19.192.132 217.19.192.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown
owner - C:Program FilesAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program
FilesAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program
FilesAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program
FilesAvast4ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:Program
FilesFichiers communsLightScribeLSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:WINDOWSsystem32nvsvc32.exe

cordialement, merci et à plus tard (sans doute demain)

Fais un copier/coller de ton log ici :
http://www.hijackthis.de

--

Michel H. (Sweety) [Microsoft MVP] - Windows Shell/User
Toutes les réponses à vos questions sur le Portail de Sweety :
http://sweety.mvps.org/

Dans le message news:OwWJvNtcGHA.4576@TK2MSFTNGP05.phx.gbl,
hug <hugkettyBIDON@SPAMtele2.fr> écrivait :

bonsoir,
je viens demander de l'aide après avoir déjà nettoyer plusieurs
trojans et spyware chez mon neveu (à 700 km de moi) par analyse et
recherche de son premier log hijackthis.
je vous soumets son 2° log dans lequel j'ai bien vu qu'il restait
ceci que je lui avais dit de fixer :
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitial
Setup1.0.0.8-2.cab

a-t-il oublié ou est-ce revenu tout seul ?

voici le log , merci de nous aider ,
il est sous win XP sp2 avec Avast et le pare-feu d'XP :

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAvast4aswUpdSv.exe
C:Program FilesAvast4ashServ.exe
C:Program FilesFichiers communsLightScribeLSSrvc.exe
C:Program FilesFichiers communsMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAvast4ashMaiSv.exe
C:Program FilesAvast4ashWebSv.exe
C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesMessengerPlus! 3MsgPlus.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:PROGRA~1Avast4ashDisp.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesLogitechDesktop
Messenger8876480ProgramBackWeb-8876480.exe
C:jeuxcounter-strikesteam.exe
C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
C:Program FilesLogitechSetPointKEM.exe
C:Program FilesLogitechSetPointKHALMNPR.EXE
C:Program FilesLogitechVideoFxSvr2.exe
C:WINDOWSsystem32wuauclt.exe
C:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page >> http://www.google.fr/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext >> http://www.cegetel.net/
R0 - HKCUSoftwareMicrosoftInternet
ExplorerToolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:WINDOWSnem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program
FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {080DBF4B-8F89-439A-A20E-E8ABE22DA19F} -
C:WINDOWSsystem32msnetocj.dll (file missing)
O2 - BHO: (no name) - {4B02AB1D-36D2-2F55-FB1C-EAC9FA35C974} -
C:DOCUME~1UTILIS~1APPLIC~1BASEME~1Admintitle.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {616CBF45-E7EB-2B77-91C1-4A3975E83EE1} -
C:DOCUME~1UTILIS~1APPLIC~1BASEME~1flawcamp.exe (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} -
C:PROGRA~1eoRezoEoAdvEOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no
file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:WINDOWSwsem303.dll (file missing)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program
filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLink DVD
SolutionPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [adiras] adiras.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [MessengerPlus3] "C:Program FilesMessengerPlus!
3MsgPlus.exe"
O4 - HKLM..Run: [Cool Win Long Bits] C:Documents and SettingsAll
UsersApplication Datableh iso cool winfirst junk.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechVideoRepair] C:Program
FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program
FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Name of App] C:Program FilesSAMSUNGFW
LiveUpdateLiveupdate.exe
O4 - HKLM..Run: [BIN ENC BODY TRANS] C:Documents and SettingsAll
UsersApplication DataBike 32 Bin Encatomuser.exe
O4 - HKLM..Run: [Swvuhx] C:Program FilesAanwhgtPbfbb.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1Avast4ashDisp.exe
O4 - HKLM..Run: [Trickler] "c:documents and
settingsutilisateurlocal settingstempgain_trickler_3202.exe"
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN
MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [List info]
C:DOCUME~1UTILIS~1APPLIC~1LIESFO~1settings 4 grim.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop
Messenger8876480ProgramBackWeb-8876480.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "C:Program
FilesLogitechVideoManifestEngine.exe" boot
O4 - HKCU..Run: [Steam] "c:jeuxcounter-strikesteam.exe" -silent
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st
800-840dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program
FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointKEM.exe
O8 - Extra context menu item: &eBay Search - res://C:Program
FileseBayeBay Toolbar2eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Traduire cette page -
C:WINDOWSWEBpowertoy.htm
O8 - Extra context menu item: Version de la page actuelle disponible
dans le cache Google - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmcache.html O9 - Extra button: (no
name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Recherche -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet
ExplorerPluginsNPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live
Safety Center Base Module) -
http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl
Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123699967750
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan
Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
- http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object)
- http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 -
HKLMSystemCCSServicesTcpip..{2C61D5B7-168E-40AE-B608-54CE96FFA5DD}:
NameServer = 217.19.192.132 217.19.192.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown
owner - C:Program FilesAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program
FilesAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program
FilesAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program
FilesAvast4ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:Program
FilesFichiers communsLightScribeLSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:WINDOWSsystem32nvsvc32.exe

cordialement, merci et à plus tard (sans doute demain)

Vous avez filtré cet utilisateur ! Consultez son message

Dans le message news:,
hug écrivait :

bonsoir,
je viens demander de l'aide après avoir déjà nettoyer plusieurs
trojans et spyware chez mon neveu (à 700 km de moi) par analyse et
recherche de son premier log hijackthis.
je vous soumets son 2° log dans lequel j'ai bien vu qu'il restait
ceci que je lui avais dit de fixer :
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitial
Setup1.0.0.8-2.cab

a-t-il oublié ou est-ce revenu tout seul ?

voici le log , merci de nous aider ,
il est sous win XP sp2 avec Avast et le pare-feu d'XP :

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAvast4aswUpdSv.exe
C:Program FilesAvast4ashServ.exe
C:Program FilesFichiers communsLightScribeLSSrvc.exe
C:Program FilesFichiers communsMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAvast4ashMaiSv.exe
C:Program FilesAvast4ashWebSv.exe
C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesMessengerPlus! 3MsgPlus.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:PROGRA~1Avast4ashDisp.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesLogitechDesktop
Messenger8876480ProgramBackWeb-8876480.exe
C:jeuxcounter-strikesteam.exe
C:Program FilesSAGEMSAGEM 800-840dslmon.exe
C:Program FilesLogitechSetPointKEM.exe
C:Program FilesLogitechSetPointKHALMNPR.EXE
C:Program FilesLogitechVideoFxSvr2.exe
C:WINDOWSsystem32wuauclt.exe
C:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page >> http://www.google.fr/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext >> http://www.cegetel.net/
R0 - HKCUSoftwareMicrosoftInternet
ExplorerToolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:WINDOWSnem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program
FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {080DBF4B-8F89-439A-A20E-E8ABE22DA19F} -
C:WINDOWSsystem32msnetocj.dll (file missing)
O2 - BHO: (no name) - {4B02AB1D-36D2-2F55-FB1C-EAC9FA35C974} -
C:DOCUME~1UTILIS~1APPLIC~1BASEME~1Admintitle.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {616CBF45-E7EB-2B77-91C1-4A3975E83EE1} -
C:DOCUME~1UTILIS~1APPLIC~1BASEME~1flawcamp.exe (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} -
C:PROGRA~1eoRezoEoAdvEOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no
file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:WINDOWSwsem303.dll (file missing)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program
filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLink DVD
SolutionPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [adiras] adiras.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [MessengerPlus3] "C:Program FilesMessengerPlus!
3MsgPlus.exe"
O4 - HKLM..Run: [Cool Win Long Bits] C:Documents and SettingsAll
UsersApplication Datableh iso cool winfirst junk.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechVideoRepair] C:Program
FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program
FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Name of App] C:Program FilesSAMSUNGFW
LiveUpdateLiveupdate.exe
O4 - HKLM..Run: [BIN ENC BODY TRANS] C:Documents and SettingsAll
UsersApplication DataBike 32 Bin Encatomuser.exe
O4 - HKLM..Run: [Swvuhx] C:Program FilesAanwhgtPbfbb.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1Avast4ashDisp.exe
O4 - HKLM..Run: [Trickler] "c:documents and
settingsutilisateurlocal settingstempgain_trickler_3202.exe"
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN
MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [List info]
C:DOCUME~1UTILIS~1APPLIC~1LIESFO~1settings 4 grim.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop
Messenger8876480ProgramBackWeb-8876480.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "C:Program
FilesLogitechVideoManifestEngine.exe" boot
O4 - HKCU..Run: [Steam] "c:jeuxcounter-strikesteam.exe" -silent
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM
800-840dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program
FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointKEM.exe
O8 - Extra context menu item: &eBay Search - res://C:Program
FileseBayeBay Toolbar2eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Traduire cette page -
C:WINDOWSWEBpowertoy.htm
O8 - Extra context menu item: Version de la page actuelle disponible
dans le cache Google - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmcache.html O9 - Extra button: (no
name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Recherche -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet
ExplorerPluginsNPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live
Safety Center Base Module) -
http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl
Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123699967750
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan
Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class)
- http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object)
- http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 -
HKLMSystemCCSServicesTcpip..{2C61D5B7-168E-40AE-B608-54CE96FFA5DD}:
NameServer = 217.19.192.132 217.19.192.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown
owner - C:Program FilesAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program
FilesAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program
FilesAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program
FilesAvast4ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:Program
FilesFichiers communsLightScribeLSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:WINDOWSsystem32nvsvc32.exe

cordialement, merci et à plus tard (sans doute demain)

hug

08/05/2006 à 22:47

analyse du premier et deuxième log sur ce site déja fait
et recherche sur chaque ligne douteuse à l'aide de google !
donc déja fixé 12 lignes en mode sans échec avant de refaire ce deuxième
log.

il reste des lignes douteuses pour lesquelles je n'ai pas trouvé
d'information sur le web.

Remarque : auparavent j'ai demandé à la personne infectée de faire un scan
en ligne sur secuser.
puis de passer stinger puisque cela n'avait pas suffit.

mais il reste des choses douteuses puisque son pc rame sur internet,
mon neveu dit (en conversation sur msnmessenger avec moi, ce qui excuse un
peu l'orthographe !) :
" dès que je me connecte Avast me bloque des mails ki tente de sortir et g
de la bande passante ki est bouffée.
Mon internet tourne tjs entre 10% et 50% sans rien faire "

voilà le problème.
Merci de votre aide.

Jacquouille la Fripouille

08/05/2006 à 23:42

"hug" a écrit dans le message de
news:

analyse du premier et deuxième log sur ce site déja fait
et recherche sur chaque ligne douteuse à l'aide de google !
donc déja fixé 12 lignes en mode sans échec avant de refaire ce deuxième
log.

Bonsoir hug,

Le site http://www.hijackthis.de donne des réponses standard robotisées et
est bien pour élaguer le plus gros.
Pour les analyses des logs HiJackhis, il y a un forum où il faut s'inscrire
(gratuitement) qui donne des analyses de log personnalisées :
http://assiste.forum.free.fr/viewforum.php?fp&sidc56ee5fa18485566a6a0b02b4e5fdb
--
Jacquouille la Fripouille

tonton68

09/05/2006 à 19:56

"hug" apparemment votre personne a Avast d'installé comme antivirus,
demandez lui de baisser la sensibilité de Avast.
De mon côté j'ai éliminé le pare feu de d'XP et ai installé Z. Alarm.
Normalement ses problème devraient se résoudre ou tout au moins diminuer. Là
dessus qu'elle installe POP Peeper et Spamihilator, après quelque jours elle
ne recevra plus les message incongrus.

--
" un sourire ne coûte rien à celui qui l'offre mais apporte beaucoup à celui
qui le reçois "
"hug" a écrit dans le message de news:

bonsoir,
je viens demander de l'aide après avoir déjà nettoyer plusieurs trojans et
spyware chez mon neveu (à 700 km de moi) par analyse et recherche de son
premier log hijackthis.
je vous soumets son 2° log dans lequel j'ai bien vu qu'il restait ceci que
je lui avais dit de fixer :
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitial
Setup1.0.0.8-2.cab

a-t-il oublié ou est-ce revenu tout seul ?

voici le log , merci de nous aider ,
il est sous win XP sp2 avec Avast et le pare-feu d'XP :

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAvast4aswUpdSv.exe
C:Program FilesAvast4ashServ.exe
C:Program FilesFichiers communsLightScribeLSSrvc.exe
C:Program FilesFichiers communsMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAvast4ashMaiSv.exe
C:Program FilesAvast4ashWebSv.exe
C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesMessengerPlus! 3MsgPlus.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:PROGRA~1Avast4ashDisp.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesLogitechDesktop
Messenger8876480ProgramBackWeb-8876480.exe
C:jeuxcounter-strikesteam.exe
C:Program FilesSAGEMSAGEM 800-840dslmon.exe
C:Program FilesLogitechSetPointKEM.exe
C:Program FilesLogitechSetPointKHALMNPR.EXE
C:Program FilesLogitechVideoFxSvr2.exe
C:WINDOWSsystem32wuauclt.exe
C:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.google.fr/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext =
http://www.cegetel.net/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:WINDOWSnem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {080DBF4B-8F89-439A-A20E-E8ABE22DA19F} -
C:WINDOWSsystem32msnetocj.dll (file missing)
O2 - BHO: (no name) - {4B02AB1D-36D2-2F55-FB1C-EAC9FA35C974} -
C:DOCUME~1UTILIS~1APPLIC~1BASEME~1Admintitle.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {616CBF45-E7EB-2B77-91C1-4A3975E83EE1} -
C:DOCUME~1UTILIS~1APPLIC~1BASEME~1flawcamp.exe (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} -
C:PROGRA~1eoRezoEoAdvEOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:WINDOWSwsem303.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLink DVD
SolutionPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [adiras] adiras.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [MessengerPlus3] "C:Program FilesMessengerPlus!
3MsgPlus.exe"
O4 - HKLM..Run: [Cool Win Long Bits] C:Documents and SettingsAll
UsersApplication Datableh iso cool winfirst junk.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechVideoRepair] C:Program
FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program
FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Name of App] C:Program FilesSAMSUNGFW
LiveUpdateLiveupdate.exe
O4 - HKLM..Run: [BIN ENC BODY TRANS] C:Documents and SettingsAll
UsersApplication DataBike 32 Bin Encatomuser.exe
O4 - HKLM..Run: [Swvuhx] C:Program FilesAanwhgtPbfbb.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1Avast4ashDisp.exe
O4 - HKLM..Run: [Trickler] "c:documents and settingsutilisateurlocal
settingstempgain_trickler_3202.exe"
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe"
/background
O4 - HKCU..Run: [List info]
C:DOCUME~1UTILIS~1APPLIC~1LIESFO~1settings 4 grim.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop
Messenger8876480ProgramBackWeb-8876480.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "C:Program
FilesLogitechVideoManifestEngine.exe" boot
O4 - HKCU..Run: [Steam] "c:jeuxcounter-strikesteam.exe" -silent
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM
800-840dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program
FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointKEM.exe
O8 - Extra context menu item: &eBay Search - res://C:Program
FileseBayeBay Toolbar2eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Traduire cette page -
C:WINDOWSWEBpowertoy.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans
le cache Google - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet
ExplorerPluginsNPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123699967750
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 -
HKLMSystemCCSServicesTcpip..{2C61D5B7-168E-40AE-B608-54CE96FFA5DD}:
NameServer = 217.19.192.132 217.19.192.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:Program FilesAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program
FilesAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program
FilesAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program
FilesAvast4ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:Program FilesFichiers
communsLightScribeLSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:WINDOWSsystem32nvsvc32.exe

cordialement, merci et à plus tard (sans doute demain)

bonsoir,
je viens demander de l'aide après avoir déjà nettoyer plusieurs trojans et
spyware chez mon neveu (à 700 km de moi) par analyse et recherche de son
premier log hijackthis.
je vous soumets son 2° log dans lequel j'ai bien vu qu'il restait ceci que
je lui avais dit de fixer :
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitial
Setup1.0.0.8-2.cab

a-t-il oublié ou est-ce revenu tout seul ?

voici le log , merci de nous aider ,
il est sous win XP sp2 avec Avast et le pare-feu d'XP :

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAvast4aswUpdSv.exe
C:Program FilesAvast4ashServ.exe
C:Program FilesFichiers communsLightScribeLSSrvc.exe
C:Program FilesFichiers communsMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAvast4ashMaiSv.exe
C:Program FilesAvast4ashWebSv.exe
C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesMessengerPlus! 3MsgPlus.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:PROGRA~1Avast4ashDisp.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesLogitechDesktop
Messenger8876480ProgramBackWeb-8876480.exe
C:jeuxcounter-strikesteam.exe
C:Program FilesSAGEMSAGEM F@st 800-840dslmon.exe
C:Program FilesLogitechSetPointKEM.exe
C:Program FilesLogitechSetPointKHALMNPR.EXE
C:Program FilesLogitechVideoFxSvr2.exe
C:WINDOWSsystem32wuauclt.exe
C:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.google.fr/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext =
http://www.cegetel.net/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:WINDOWSnem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {080DBF4B-8F89-439A-A20E-E8ABE22DA19F} -
C:WINDOWSsystem32msnetocj.dll (file missing)
O2 - BHO: (no name) - {4B02AB1D-36D2-2F55-FB1C-EAC9FA35C974} -
C:DOCUME~1UTILIS~1APPLIC~1BASEME~1Admintitle.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {616CBF45-E7EB-2B77-91C1-4A3975E83EE1} -
C:DOCUME~1UTILIS~1APPLIC~1BASEME~1flawcamp.exe (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} -
C:PROGRA~1eoRezoEoAdvEOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:WINDOWSwsem303.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLink DVD
SolutionPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [adiras] adiras.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [MessengerPlus3] "C:Program FilesMessengerPlus!
3MsgPlus.exe"
O4 - HKLM..Run: [Cool Win Long Bits] C:Documents and SettingsAll
UsersApplication Datableh iso cool winfirst junk.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechVideoRepair] C:Program
FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program
FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Name of App] C:Program FilesSAMSUNGFW
LiveUpdateLiveupdate.exe
O4 - HKLM..Run: [BIN ENC BODY TRANS] C:Documents and SettingsAll
UsersApplication DataBike 32 Bin Encatomuser.exe
O4 - HKLM..Run: [Swvuhx] C:Program FilesAanwhgtPbfbb.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1Avast4ashDisp.exe
O4 - HKLM..Run: [Trickler] "c:documents and settingsutilisateurlocal
settingstempgain_trickler_3202.exe"
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe"
/background
O4 - HKCU..Run: [List info]
C:DOCUME~1UTILIS~1APPLIC~1LIESFO~1settings 4 grim.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop
Messenger8876480ProgramBackWeb-8876480.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "C:Program
FilesLogitechVideoManifestEngine.exe" boot
O4 - HKCU..Run: [Steam] "c:jeuxcounter-strikesteam.exe" -silent
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM F@st
800-840dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program
FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointKEM.exe
O8 - Extra context menu item: &eBay Search - res://C:Program
FileseBayeBay Toolbar2eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Traduire cette page -
C:WINDOWSWEBpowertoy.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans
le cache Google - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet
ExplorerPluginsNPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123699967750
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 -
HKLMSystemCCSServicesTcpip..{2C61D5B7-168E-40AE-B608-54CE96FFA5DD}:
NameServer = 217.19.192.132 217.19.192.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:Program FilesAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program
FilesAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program
FilesAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program
FilesAvast4ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:Program FilesFichiers
communsLightScribeLSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:WINDOWSsystem32nvsvc32.exe

cordialement, merci et à plus tard (sans doute demain)

Vous avez filtré cet utilisateur ! Consultez son message

bonsoir,
je viens demander de l'aide après avoir déjà nettoyer plusieurs trojans et
spyware chez mon neveu (à 700 km de moi) par analyse et recherche de son
premier log hijackthis.
je vous soumets son 2° log dans lequel j'ai bien vu qu'il restait ceci que
je lui avais dit de fixer :
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitial
Setup1.0.0.8-2.cab

a-t-il oublié ou est-ce revenu tout seul ?

voici le log , merci de nous aider ,
il est sous win XP sp2 avec Avast et le pare-feu d'XP :

Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:Program FilesAvast4aswUpdSv.exe
C:Program FilesAvast4ashServ.exe
C:Program FilesFichiers communsLightScribeLSSrvc.exe
C:Program FilesFichiers communsMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesAvast4ashMaiSv.exe
C:Program FilesAvast4ashWebSv.exe
C:Program FilesCyberLink DVD SolutionPowerDVDPDVDServ.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:Program FilesMessengerPlus! 3MsgPlus.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:PROGRA~1Avast4ashDisp.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesMessengermsmsgs.exe
C:Program FilesMSN MessengerMsnMsgr.Exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesLogitechDesktop
Messenger8876480ProgramBackWeb-8876480.exe
C:jeuxcounter-strikesteam.exe
C:Program FilesSAGEMSAGEM 800-840dslmon.exe
C:Program FilesLogitechSetPointKEM.exe
C:Program FilesLogitechSetPointKHALMNPR.EXE
C:Program FilesLogitechVideoFxSvr2.exe
C:WINDOWSsystem32wuauclt.exe
C:hijackthisHijackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.google.fr/
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext =
http://www.cegetel.net/
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
R3 - Default URLSearchHook is missing
O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} -
C:WINDOWSnem220.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {080DBF4B-8F89-439A-A20E-E8ABE22DA19F} -
C:WINDOWSsystem32msnetocj.dll (file missing)
O2 - BHO: (no name) - {4B02AB1D-36D2-2F55-FB1C-EAC9FA35C974} -
C:DOCUME~1UTILIS~1APPLIC~1BASEME~1Admintitle.exe (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: (no name) - {616CBF45-E7EB-2B77-91C1-4A3975E83EE1} -
C:DOCUME~1UTILIS~1APPLIC~1BASEME~1flawcamp.exe (file missing)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} -
C:PROGRA~1eoRezoEoAdvEOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -
C:WINDOWSwsem303.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:program filesgooglegoogletoolbar1.dll
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [RemoteControl] "C:Program FilesCyberLink DVD
SolutionPowerDVDPDVDServ.exe"
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [adiras] adiras.exe
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [MessengerPlus3] "C:Program FilesMessengerPlus!
3MsgPlus.exe"
O4 - HKLM..Run: [Cool Win Long Bits] C:Documents and SettingsAll
UsersApplication Datableh iso cool winfirst junk.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program
FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 - HKLM..Run: [LogitechVideoRepair] C:Program
FilesLogitechVideoISStart.exe
O4 - HKLM..Run: [LogitechVideoTray] C:Program
FilesLogitechVideoLogiTray.exe
O4 - HKLM..Run: [NvMediaCenter] RUNDLL32.EXE
C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [Name of App] C:Program FilesSAMSUNGFW
LiveUpdateLiveupdate.exe
O4 - HKLM..Run: [BIN ENC BODY TRANS] C:Documents and SettingsAll
UsersApplication DataBike 32 Bin Encatomuser.exe
O4 - HKLM..Run: [Swvuhx] C:Program FilesAanwhgtPbfbb.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1Avast4ashDisp.exe
O4 - HKLM..Run: [Trickler] "c:documents and settingsutilisateurlocal
settingstempgain_trickler_3202.exe"
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe"
/background
O4 - HKCU..Run: [List info]
C:DOCUME~1UTILIS~1APPLIC~1LIESFO~1settings 4 grim.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [LDM] C:Program FilesLogitechDesktop
Messenger8876480ProgramBackWeb-8876480.exe
O4 - HKCU..Run: [LogitechSoftwareUpdate] "C:Program
FilesLogitechVideoManifestEngine.exe" boot
O4 - HKCU..Run: [Steam] "c:jeuxcounter-strikesteam.exe" -silent
O4 - Global Startup: DSLMON.lnk = C:Program FilesSAGEMSAGEM
800-840dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:Program
FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointKEM.exe
O8 - Extra context menu item: &eBay Search - res://C:Program
FileseBayeBay Toolbar2eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Traduire à partir de l'anglais -
res://C:Program FilesGoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Traduire cette page -
C:WINDOWSWEBpowertoy.htm
O8 - Extra context menu item: Version de la page actuelle disponible dans
le cache Google - res://C:Program
FilesGoogleGoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O12 - Plugin for .spop: C:Program FilesInternet
ExplorerPluginsNPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
http://scan.safety.live.com/resource/download/scanner/en-us/wlscbase7617.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123699967750
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader
Class) -
http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 -
HKLMSystemCCSServicesTcpip..{2C61D5B7-168E-40AE-B608-54CE96FFA5DD}:
NameServer = 217.19.192.132 217.19.192.131
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner -
C:Program FilesAvast4aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:Program
FilesAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:Program
FilesAvast4ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:Program
FilesAvast4ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service
(LightScribeService) - Hewlett-Packard Company - C:Program FilesFichiers
communsLightScribeLSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:WINDOWSsystem32nvsvc32.exe

cordialement, merci et à plus tard (sans doute demain)

hug

10/05/2006 à 12:14

merci !
je me suis inscrite sur http://assiste.forum.free.fr
j'ai posté le log et eu une réponse détaillée. Je l'ai transmise à mon neveu
et j'attends la suite.
Bonne journée et encore merci.

Jacquouille la Fripouille

10/05/2006 à 14:23

"hug" a écrit dans le message de
news:%

merci !
je me suis inscrite sur http://assiste.forum.free.fr
j'ai posté le log et eu une réponse détaillée. Je l'ai transmise à mon
neveu

et j'attends la suite.
Bonne journée et encore merci.

OK.

Affaire à suivre.
--
Jacquouille la Fripouille

log hijack

6 réponses

Veuillez sélectionner un problème