infection win32 trojan gen
Dernière réponse : dans Sécurité
bonjour,
je suis depuis quelques jours infesté par ce ver win32 trojan gen
j'ai donc procédé à une analyse en mode ss echec, (avast pro)
j'ai supprimer les fichiers infectés mais il reviennent systématiquement! je ne trouve pas la source réelle de l'infection.
je ne suis pas un pro dans ce domaine!
j'ai télécharger HJT mais je comprends pas trop
(j'ai aussi AVG, Spyblaster;spyware doctor,clean,smithfraudfx,registerclean) mais pas assez de compétences!!
help me please
Merci d'avance
je suis depuis quelques jours infesté par ce ver win32 trojan gen
j'ai donc procédé à une analyse en mode ss echec, (avast pro)
j'ai supprimer les fichiers infectés mais il reviennent systématiquement! je ne trouve pas la source réelle de l'infection.
je ne suis pas un pro dans ce domaine!
j'ai télécharger HJT mais je comprends pas trop
(j'ai aussi AVG, Spyblaster;spyware doctor,clean,smithfraudfx,registerclean) mais pas assez de compétences!!
help me please
Merci d'avance
Autres pages sur : infection win32 trojan gen
Lassé par la pub ? Créez un compte
Bonjour,
Quel est son emplacement ?
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
AIDE : Tuto en vidéo sur Hijackthis
Quel est son emplacement ?
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application (Hijackthis.exe) :
- Choisis l'option "Do a system scan and save a logfile"
- Le Bloc-Notes s'ouvre, poste son contenu :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
AIDE : Tuto en vidéo sur Hijackthis
bonsoir
merci angel de m'aider
voici le HJT:
Logfile of HijackThis v1.99.1
Scan saved at 22:47:56, on 11/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\csrss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Winamp\winampa.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINNT\Mixer.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\Program Files\DAEMON Tools\daemon.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINNT\system32\ctfmon.exe
E:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\WINNT\System32\nvsvc32.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Chacha\Mes documents\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "E:\WINNT\system32\lqbniany.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] E:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [userinit.exe] E:\WINNT\userinit.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = E:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\System32\nvsvc32.exe
merci angel de m'aider
voici le HJT:
Logfile of HijackThis v1.99.1
Scan saved at 22:47:56, on 11/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\csrss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Winamp\winampa.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINNT\Mixer.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\Program Files\DAEMON Tools\daemon.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINNT\system32\ctfmon.exe
E:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\WINNT\System32\nvsvc32.exe
E:\WINNT\System32\svchost.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Chacha\Mes documents\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "E:\WINNT\system32\lqbniany.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] E:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [userinit.exe] E:\WINNT\userinit.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = E:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\System32\nvsvc32.exe
pour ta première question voici le log d'avast
11/04/2007 08:00:41 Chacha 400 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\system32\vxtnav.dll" file.
11/04/2007 08:02:04 Chacha 400 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\DOCUME~1\Chacha\LOCALS~1\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 08:02:09 Chacha 400 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\DOCUME~1\Chacha\LOCALS~1\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 08:02:13 Chacha 400 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\DOCUME~1\Chacha\LOCALS~1\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 16:47:04 Chacha 596 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\system32\vxtnav.dll" file.
11/04/2007 16:50:10 Chacha 596 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\SYSTEM32\VXTNAV.DLL" file.
11/04/2007 16:50:29 Chacha 596 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\Documents and Settings\Chacha\Local Settings\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 16:50:32 Chacha 596 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\DOCUME~1\Chacha\LOCALS~1\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 20:34:53 Administrateur 1040 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
11/04/2007 21:18:21 Administrateur 1240 Sign of "Win32:Banker-APP [Trj]" has been found in "E:\WINNT\system32\__delete_on_reboot__r_a_m_v_x_t_._s_y_s_" file.
11/04/2007 21:54:53 Chacha 1888 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\DOCUME~1\Chacha\LOCALS~1\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 21:55:41 Chacha 1888 Sign of "Win32:VBStat-C [Trj]" has been found in "E:\DOCUME~1\Chacha\LOCALS~1\Temp\kiijsaha.dll" file.
11/04/2007 22:01:21 Chacha 396 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\system32\vxtnav.dll" file.
11/04/2007 22:01:37 Chacha 396 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\SYSTEM32\VXTNAV.DLL" file.
11/04/2007 22:01:57 Chacha 396 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\Documents and Settings\Chacha\Local Settings\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 22:09:04 Chacha 396 Sign of "Win32:Banker-APP [Trj]" has been found in "E:\WINNT\system32\ramvxt.sys" file.
11/04/2007 22:32:52 Chacha 508 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\system32\vxtnav.dll" file.
11/04/2007 22:33:38 Chacha 508 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\SYSTEM32\VXTNAV.DLL" file.
11/04/2007 22:56:50 Chacha 1168 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\Documents and Settings\Chacha\Local Settings\Temp\__delete_on_reboot__{_e_a_6_1_c_e_2_0_-_8_6_0_c_-_1_1_d_3_-_a_0_5_d_-_0_0_1_0_4_b_6_9_0_9_d_0_}_._e_x_e_" file.
ce n'est pas super en ordre dsl
11/04/2007 08:00:41 Chacha 400 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\system32\vxtnav.dll" file.
11/04/2007 08:02:04 Chacha 400 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\DOCUME~1\Chacha\LOCALS~1\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 08:02:09 Chacha 400 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\DOCUME~1\Chacha\LOCALS~1\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 08:02:13 Chacha 400 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\DOCUME~1\Chacha\LOCALS~1\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 16:47:04 Chacha 596 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\system32\vxtnav.dll" file.
11/04/2007 16:50:10 Chacha 596 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\SYSTEM32\VXTNAV.DLL" file.
11/04/2007 16:50:29 Chacha 596 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\Documents and Settings\Chacha\Local Settings\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 16:50:32 Chacha 596 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\DOCUME~1\Chacha\LOCALS~1\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 20:34:53 Administrateur 1040 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
11/04/2007 21:18:21 Administrateur 1240 Sign of "Win32:Banker-APP [Trj]" has been found in "E:\WINNT\system32\__delete_on_reboot__r_a_m_v_x_t_._s_y_s_" file.
11/04/2007 21:54:53 Chacha 1888 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\DOCUME~1\Chacha\LOCALS~1\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 21:55:41 Chacha 1888 Sign of "Win32:VBStat-C [Trj]" has been found in "E:\DOCUME~1\Chacha\LOCALS~1\Temp\kiijsaha.dll" file.
11/04/2007 22:01:21 Chacha 396 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\system32\vxtnav.dll" file.
11/04/2007 22:01:37 Chacha 396 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\SYSTEM32\VXTNAV.DLL" file.
11/04/2007 22:01:57 Chacha 396 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\Documents and Settings\Chacha\Local Settings\Temp\{ea61ce20-860c-11d3-a05d-00104b6909d0}.exe" file.
11/04/2007 22:09:04 Chacha 396 Sign of "Win32:Banker-APP [Trj]" has been found in "E:\WINNT\system32\ramvxt.sys" file.
11/04/2007 22:32:52 Chacha 508 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\system32\vxtnav.dll" file.
11/04/2007 22:33:38 Chacha 508 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\WINNT\SYSTEM32\VXTNAV.DLL" file.
11/04/2007 22:56:50 Chacha 1168 Sign of "Win32:Trojan-gen. {Other}" has been found in "E:\Documents and Settings\Chacha\Local Settings\Temp\__delete_on_reboot__{_e_a_6_1_c_e_2_0_-_8_6_0_c_-_1_1_d_3_-_a_0_5_d_-_0_0_1_0_4_b_6_9_0_9_d_0_}_._e_x_e_" file.
ce n'est pas super en ordre dsl
Il y a du Vundo.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
Et voilà!
Merci
Logfile of HijackThis v1.99.1
Scan saved at 18:29:27, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Winamp\winampa.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINNT\Mixer.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\Program Files\DAEMON Tools\daemon.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINNT\system32\ctfmon.exe
E:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\WINNT\System32\nvsvc32.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\msiexec.exe
E:\WINNT\system32\wuauclt.exe
D:\UTILITAIRES\telecharge divers\portable\utilitaires\antispyware-\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D6C9F7F-ED17-45A7-9947-2EB04C22C065} - E:\WINNT\system32\pmkjg.dll (file missing)
O2 - BHO: (no name) - {376719F4-5FB2-4B1D-9859-B3864A1648A9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - E:\WINNT\system32\nulnxpox.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {B64CFB95-AE2D-4EC5-B421-F433611475D3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {CC49785F-80A9-49CC-AB3C-ED3270452188} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "E:\WINNT\system32\lqbniany.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] E:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [userinit.exe] E:\WINNT\userinit.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = E:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: efccdda - efccdda.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\System32\nvsvc32.exe
Merci
Logfile of HijackThis v1.99.1
Scan saved at 18:29:27, on 12/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\Explorer.EXE
E:\Program Files\Winamp\winampa.exe
E:\Program Files\QuickTime\qttask.exe
E:\WINNT\Mixer.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\Program Files\DAEMON Tools\daemon.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
E:\WINNT\system32\ctfmon.exe
E:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
E:\WINNT\System32\nvsvc32.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\msiexec.exe
E:\WINNT\system32\wuauclt.exe
D:\UTILITAIRES\telecharge divers\portable\utilitaires\antispyware-\hijackthis\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0D6C9F7F-ED17-45A7-9947-2EB04C22C065} - E:\WINNT\system32\pmkjg.dll (file missing)
O2 - BHO: (no name) - {376719F4-5FB2-4B1D-9859-B3864A1648A9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - E:\WINNT\system32\nulnxpox.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {B64CFB95-AE2D-4EC5-B421-F433611475D3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {CC49785F-80A9-49CC-AB3C-ED3270452188} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "E:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrintDrive] rundll32.exe "E:\WINNT\system32\lqbniany.dll",setvm
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINNT\system32\ctfmon.exe
O4 - HKCU\..\Run: [Configuration de la C-BOX] E:\Program Files\Cegetel\C-BOX\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [userinit.exe] E:\WINNT\userinit.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = E:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: efccdda - efccdda.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - E:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - E:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\System32\nvsvc32.exe
Avant de continuer.
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 12/04/2007 a 18:59:00,60
*** Recherche de fichiers sur E:
*** Recherche des fichiers dans E:\WINNT\
E:\WINNT\userinit.exe FOUND
*** Recherche des fichiers dans E:\WINNT\system32
*** Fin du rapport !
Option 1, executee le 12/04/2007 a 18:59:00,60
*** Recherche de fichiers sur E:
*** Recherche des fichiers dans E:\WINNT\
E:\WINNT\userinit.exe FOUND
*** Recherche des fichiers dans E:\WINNT\system32
*** Fin du rapport !
Re,
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
O2 - BHO: (no name) - {0D6C9F7F-ED17-45A7-9947-2EB04C22C065} - E:\WINNT\system32\pmkjg.dll (file missing)
O2 - BHO: (no name) - {376719F4-5FB2-4B1D-9859-B3864A1648A9} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - E:\WINNT\system32\nulnxpox.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {B64CFB95-AE2D-4EC5-B421-F433611475D3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {CC49785F-80A9-49CC-AB3C-ED3270452188} - (no file)
O4 - HKCU\..\Run: [userinit.exe] E:\WINNT\userinit.exe
O20 - Winlogon Notify: efccdda - efccdda.dll (file missing)
Clique sur Fix checked (en bas à gauche)
Redémarre en mode sans échec
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.
Redémarre normalement
Poste le rapport clean : C:\rapport_clean.txt
- Lance Hijackthis ->Do a system scan only
->Coche les lignes ci-dessous :
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\windows\system32\blank.htm
O2 - BHO: (no name) - {0D6C9F7F-ED17-45A7-9947-2EB04C22C065} - E:\WINNT\system32\pmkjg.dll (file missing)
O2 - BHO: (no name) - {376719F4-5FB2-4B1D-9859-B3864A1648A9} - (no file)
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - E:\WINNT\system32\nulnxpox.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {B64CFB95-AE2D-4EC5-B421-F433611475D3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: (no name) - {CC49785F-80A9-49CC-AB3C-ED3270452188} - (no file)
O4 - HKCU\..\Run: [userinit.exe] E:\WINNT\userinit.exe
O20 - Winlogon Notify: efccdda - efccdda.dll (file missing)
Clique sur Fix checked (en bas à gauche)
Redémarre en mode sans échec
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.
Redémarre normalement
Poste le rapport clean : C:\rapport_clean.txt
?!
re,
voici le dernier HJT :
Logfile of HijackThis v1.99.1
Scan saved at 18:02:04, on 13/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\Explorer.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\VIA\RAID\raid_tool.exe
E:\WINNT\Mixer.exe
E:\WINNT\system32\ctfmon.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINNT\System32\nvsvc32.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINNT\system32\wuauclt.exe
E:\WINNT\system32\msiexec.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINNT\system32\wuauclt.exe
D:\UTILITAIRES\telecharge divers\portable\utilitaires\antispyware-\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RaidTool] E:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - E:\WINNT\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\System32\nvsvc32.exe
voici le dernier HJT :
Logfile of HijackThis v1.99.1
Scan saved at 18:02:04, on 13/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINNT\System32\smss.exe
E:\WINNT\system32\winlogon.exe
E:\WINNT\system32\services.exe
E:\WINNT\system32\lsass.exe
E:\WINNT\system32\svchost.exe
E:\WINNT\System32\svchost.exe
E:\WINNT\system32\spoolsv.exe
E:\WINNT\Explorer.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINNT\system32\RUNDLL32.EXE
E:\Program Files\QuickTime\qttask.exe
E:\Program Files\Winamp\winampa.exe
E:\Program Files\VIA\RAID\raid_tool.exe
E:\WINNT\Mixer.exe
E:\WINNT\system32\ctfmon.exe
E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINNT\System32\nvsvc32.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINNT\system32\wuauclt.exe
E:\WINNT\system32\msiexec.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINNT\system32\wuauclt.exe
D:\UTILITAIRES\telecharge divers\portable\utilitaires\antispyware-\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] E:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [RaidTool] E:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINNT\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: WgaLogon - E:\WINNT\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINNT\System32\nvsvc32.exe
Bonjour tout le monde, ![:hello:]( ":hello:")
Je étais infecté avec le virus win32:Trojan-gen{other} et après avoir mis en quarantaine je l'ai éfacé car à chaque scan Avast le retrouvé à nouveau! Cela risque t'il de ralentir mon pc ou pas?![:(]( ":(")
Et j'ai preske le meme souci pour le virus win32:Adware-gen! la seul différence est que après avoir mis en quarantaine et supprimé les fichiers infectés Avast me trouve toujours les 3 fichiers infectées!!!
j'ai telechargé HijackThis pour faire une analise et je vous envoi le raport si vous pouvez m'aider s'il vous plaït.
Logfile of HijackThis v1.99.1
Scan saved at 12:38:35, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\72630.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\VIRTUA~1\VDJP.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\rmsx.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Helder\Mes documents\Mes telechargements\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\72630.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\Documents and Settings\Helder\Mes documents\Mes telechargements\setup_fr.exe"
O4 - HKLM\..\Run: [mobiswing] C:\PROGRA~1\VIRTUA~1\VDJP.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MicrosoftUpdate] C:\WINDOWS\system32\rmsx.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f896a180d1d516f1.spaces.live.com/PhotoUpload...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-w...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C49F7EC8-28DD-4D68-B102-463C58134C4A}: NameServer = 212.27.32.5,212.27.32.176
O17 - HKLM\System\CCS\Services\Tcpip\..\{D02D97CC-12C0-4D62-A376-2A83FF0CAFE5}: NameServer = 212.27.32.5,212.27.32.176
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Je étais infecté avec le virus win32:Trojan-gen{other} et après avoir mis en quarantaine je l'ai éfacé car à chaque scan Avast le retrouvé à nouveau! Cela risque t'il de ralentir mon pc ou pas?
Et j'ai preske le meme souci pour le virus win32:Adware-gen! la seul différence est que après avoir mis en quarantaine et supprimé les fichiers infectés Avast me trouve toujours les 3 fichiers infectées!!!
j'ai telechargé HijackThis pour faire une analise et je vous envoi le raport si vous pouvez m'aider s'il vous plaït.
Logfile of HijackThis v1.99.1
Scan saved at 12:38:35, on 25/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\72630.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\VIRTUA~1\VDJP.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\rmsx.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Helder\Mes documents\Mes telechargements\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\72630.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\Documents and Settings\Helder\Mes documents\Mes telechargements\setup_fr.exe"
O4 - HKLM\..\Run: [mobiswing] C:\PROGRA~1\VIRTUA~1\VDJP.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MicrosoftUpdate] C:\WINDOWS\system32\rmsx.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-f896a180d1d516f1.spaces.live.com/PhotoUpload...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-w...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C49F7EC8-28DD-4D68-B102-463C58134C4A}: NameServer = 212.27.32.5,212.27.32.176
O17 - HKLM\System\CCS\Services\Tcpip\..\{D02D97CC-12C0-4D62-A376-2A83FF0CAFE5}: NameServer = 212.27.32.5,212.27.32.176
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Lassé par la pub ? Créez un compte
- Contenus similaires :
