probleme trojan, rapport hijakthis pret ,
Forum Sécurité - Virus : probleme trojan, rapport hijakthis pret ,
Bonjour à tous.
JE suis débutante et complètement nul en informatique, mais j'ai quand meme lu les post.
Ci quelqu'un pouvai m'aider j'ai des trojan sur mon ordi, ca fait une semaine que je cherche sur les forum.
J'ai donc téléchargé avast!
Mais comme une abruti je crois que j'ai éffacé de fichiers systeme !
Donc d'après ce que j'ai compris, j'ai téléchargé hijakthis et voici le rapport.
Merci pour la personne qui me répondra.
Et surtout pour la réponse, prendre en compte que je suis une femme novice dans l'informatique ! la preuve je voulais mettre un smiles et j'y arrive pas ! lol
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ACTNSTA.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\AEIWLSTA.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashChest.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\unika\Bureau\HiJackThis\HijackThis.exe
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ACTNSTA.EXE] ACTNSTA.EXE START
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AUDIO MULTI THIS COOL] C:\Documents and Settings\All Users\Application Data\SOAP BROWSE AUDIO MULTI\Ace Dumb.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [fastdale] C:\DOCUME~1\unika\APPLIC~1\FINDAN~1\sixth ball loud.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?bb921d7a5be41c9b2c7bba283603ff2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?bb921d7a5be41c9b2c7bba283603ff2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 4468123781
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fich [...] b?version=
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1 [...] 586-jc.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://webcam.st-malo.com/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03F0B187-70E6-4CC4-83BD-43689DFB1165}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{03F0B187-70E6-4CC4-83BD-43689DFB1165}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{03F0B187-70E6-4CC4-83BD-43689DFB1165}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 10010 bytes
Bonjour,
Télécharge Lop S&D.zip.
Dézippe-le sur ton Bureau uniquement.
Ouvre le dossier Lop S&D puis double-clique sur Scan.bat. Tape sur "R" puis valide en appuyant sur "Entrée".
Un rapport sera généré, poste son contenu ici.
Répondre à Angeldark
Merci de vous occuper de moi !
Donc voici le rapport
Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
Lancé depuis : "C:\Documents and Settings\unika\Bureau\LopSD\Lop S&D"
Rapport créé Le 28/10/2007 à 21:03:22,62 PC : NOM-F0D4QMIEUZ0
! Faire analyser le rapport par un Helper avant intervention !
-------------[ Listing des Dossiers dans Application Data ]-------------
C:\Documents and settings\All Users\Application Data\SOAP BROWSE AUDIO MULTI
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\OD2
C:\Documents and settings\All Users\Application Data\Google
C:\Documents and settings\All Users\Application Data\ArcSoft
C:\Documents and settings\All Users\Application Data\Motive
C:\Documents and settings\All Users\Application Data\QuickTime
C:\Documents and settings\All Users\Application Data\Ulead Systems
C:\Documents and settings\All Users\Application Data\hpzinstall.log
C:\Documents and settings\All Users\Application Data\Hewlett-Packard
C:\Documents and settings\All Users\Application Data\MSN6
C:\Documents and settings\All Users\Application Data\desktop.ini
C:\Documents and settings\Default User\Application Data\Microsoft
C:\Documents and settings\Default User\Application Data\Help
C:\Documents and settings\Default User\Application Data\Identities
C:\Documents and settings\Default User\Application Data\desktop.ini
C:\Documents and settings\Intel Retail Demo\Application Data\MSN6
C:\Documents and settings\Intel Retail Demo\Application Data\Microsoft
C:\Documents and settings\Intel Retail Demo\Application Data\Help
C:\Documents and settings\Intel Retail Demo\Application Data\Identities
C:\Documents and settings\Intel Retail Demo\Application Data\desktop.ini
C:\Documents and settings\LocalService\Application Data\Help
C:\Documents and settings\LocalService\Application Data\Macromedia
C:\Documents and settings\LocalService\Application Data\Microsoft
C:\Documents and settings\NetworkService\Application Data\Microsoft
C:\Documents and settings\unika\Application Data\findantimulti
C:\Documents and settings\unika\Application Data\AdobeUM
C:\Documents and settings\unika\Application Data\Real
C:\Documents and settings\unika\Application Data\1&1
C:\Documents and settings\unika\Application Data\dvdcss
C:\Documents and settings\unika\Application Data\MSN6
C:\Documents and settings\unika\Application Data\Microsoft
C:\Documents and settings\unika\Application Data\InstallShield
C:\Documents and settings\unika\Application Data\Musicmatch
C:\Documents and settings\unika\Application Data\DivX
C:\Documents and settings\unika\Application Data\Mozilla
C:\Documents and settings\unika\Application Data\Macromedia
C:\Documents and settings\unika\Application Data\Google
C:\Documents and settings\unika\Application Data\Motive
C:\Documents and settings\unika\Application Data\OD2
C:\Documents and settings\unika\Application Data\Adobe
C:\Documents and settings\unika\Application Data\Lavasoft
C:\Documents and settings\unika\Application Data\Sun
C:\Documents and settings\unika\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and settings\unika\Application Data\FotoWire
C:\Documents and settings\unika\Application Data\FaxCtr
C:\Documents and settings\unika\Application Data\Help
C:\Documents and settings\unika\Application Data\ArcSoft
C:\Documents and settings\unika\Application Data\InterVideo
C:\Documents and settings\unika\Application Data\Identities
C:\Documents and settings\unika\Application Data\desktop.ini
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
C:\WINDOWS\tasks\desktop.ini
C:\WINDOWS\tasks\SA.DAT
---------------[ Listing des dossiers dans Program Files ]--------------
Le rapport n'est pas complet.
Répondre à Angeldark
Désolée, j'en avais oublié la moitié !
------------------------------[ Lop S&D 1.5 ]----------------------------
Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
Lancé depuis : "C:\Documents and Settings\unika\Bureau\LopSD\Lop S&D"
Rapport créé Le 28/10/2007 à 21:03:22,62 PC : NOM-F0D4QMIEUZ0
! Faire analyser le rapport par un Helper avant intervention !
-------------[ Listing des Dossiers dans Application Data ]-------------
C:\Documents and settings\All Users\Application Data\SOAP BROWSE AUDIO MULTI
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\OD2
C:\Documents and settings\All Users\Application Data\Google
C:\Documents and settings\All Users\Application Data\ArcSoft
C:\Documents and settings\All Users\Application Data\Motive
C:\Documents and settings\All Users\Application Data\QuickTime
C:\Documents and settings\All Users\Application Data\Ulead Systems
C:\Documents and settings\All Users\Application Data\hpzinstall.log
C:\Documents and settings\All Users\Application Data\Hewlett-Packard
C:\Documents and settings\All Users\Application Data\MSN6
C:\Documents and settings\All Users\Application Data\desktop.ini
C:\Documents and settings\Default User\Application Data\Microsoft
C:\Documents and settings\Default User\Application Data\Help
C:\Documents and settings\Default User\Application Data\Identities
C:\Documents and settings\Default User\Application Data\desktop.ini
C:\Documents and settings\Intel Retail Demo\Application Data\MSN6
C:\Documents and settings\Intel Retail Demo\Application Data\Microsoft
C:\Documents and settings\Intel Retail Demo\Application Data\Help
C:\Documents and settings\Intel Retail Demo\Application Data\Identities
C:\Documents and settings\Intel Retail Demo\Application Data\desktop.ini
C:\Documents and settings\LocalService\Application Data\Help
C:\Documents and settings\LocalService\Application Data\Macromedia
C:\Documents and settings\LocalService\Application Data\Microsoft
C:\Documents and settings\NetworkService\Application Data\Microsoft
C:\Documents and settings\unika\Application Data\findantimulti
C:\Documents and settings\unika\Application Data\AdobeUM
C:\Documents and settings\unika\Application Data\Real
C:\Documents and settings\unika\Application Data\1&1
C:\Documents and settings\unika\Application Data\dvdcss
C:\Documents and settings\unika\Application Data\MSN6
C:\Documents and settings\unika\Application Data\Microsoft
C:\Documents and settings\unika\Application Data\InstallShield
C:\Documents and settings\unika\Application Data\Musicmatch
C:\Documents and settings\unika\Application Data\DivX
C:\Documents and settings\unika\Application Data\Mozilla
C:\Documents and settings\unika\Application Data\Macromedia
C:\Documents and settings\unika\Application Data\Google
C:\Documents and settings\unika\Application Data\Motive
C:\Documents and settings\unika\Application Data\OD2
C:\Documents and settings\unika\Application Data\Adobe
C:\Documents and settings\unika\Application Data\Lavasoft
C:\Documents and settings\unika\Application Data\Sun
C:\Documents and settings\unika\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and settings\unika\Application Data\FotoWire
C:\Documents and settings\unika\Application Data\FaxCtr
C:\Documents and settings\unika\Application Data\Help
C:\Documents and settings\unika\Application Data\ArcSoft
C:\Documents and settings\unika\Application Data\InterVideo
C:\Documents and settings\unika\Application Data\Identities
C:\Documents and settings\unika\Application Data\desktop.ini
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
C:\WINDOWS\tasks\desktop.ini
C:\WINDOWS\tasks\SA.DAT
---------------[ Listing des dossiers dans Program Files ]--------------
C:\Program Files\Adobe
C:\Program Files\Ahead
C:\Program Files\Alwil Software
C:\Program Files\ArcSoft
C:\Program Files\ATI Technologies
C:\Program Files\BroadJump
C:\Program Files\Club-Internet
C:\Program Files\Common files
C:\Program Files\DivX
C:\Program Files\EZFace
C:\Program Files\Fichiers communs
C:\Program Files\findantimulti
C:\Program Files\Google
C:\Program Files\HardwareDetection
C:\Program Files\Hercules
C:\Program Files\Hewlett-Packard
C:\Program Files\HP
C:\Program Files\Internet Explorer
C:\Program Files\Java
C:\Program Files\Logitech
C:\Program Files\Messenger
C:\Program Files\Microsoft CAPICOM 2.1.0.2
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft IntelliPoint
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MSN
C:\Program Files\MSN Apps
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MyWay
C:\Program Files\NetMeeting
C:\Program Files\Outlook Express
C:\Program Files\Player Tool
C:\Program Files\Pure Motion
C:\Program Files\Real
C:\Program Files\Realtek AC97
C:\Program Files\Rencontre-Messenger
C:\Program Files\Services en ligne
C:\Program Files\SiS7012
C:\Program Files\SiSLan
C:\Program Files\Sonic Foundry
C:\Program Files\Talkway
C:\Program Files\Ulead Systems
C:\Program Files\VideoLAN
C:\Program Files\Windows Defender
C:\Program Files\Windows Live Favorites
C:\Program Files\Windows Live Toolbar
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\xerox
C:\Program Files\Yahoo!
------[ Listing des dossiers dans Program Files\Fichiers Communs ]------
C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Ahead
C:\program files\fichiers communs\Designer
C:\program files\fichiers communs\FDEUnInstaller.exe
C:\program files\fichiers communs\FotoWire
C:\program files\fichiers communs\Hewlett-Packard
C:\program files\fichiers communs\HP
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\Logitech
C:\program files\fichiers communs\Macromedia
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\Motive
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\Real
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\Softwin
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\System
C:\program files\fichiers communs\Talkway
C:\program files\fichiers communs\Ulead Systems
C:\program files\fichiers communs\Vbox
----------------------[ Recherche dans le Registre ]----------------------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AUDIO MULTI THIS COOL"="C:\\Documents and Settings\\All Users\\Application Data\\SOAP BROWSE AUDIO MULTI\\Ace Dumb.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"fastdale"="C:\\DOCUME~1\\unika\\APPLIC~1\\FINDAN~1\\sixth ball loud.exe"
-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------
C:\Documents and settings\All Users\Application Data\SOAP BROWSE AUDIO MULTI
C:\Documents and settings\unika\Application Data\FINDAN~1
C:\Program Files\FINDAN~1
--------------------[ Vérification du fichier Hosts ]---------------------
Fichier Hosts : MODIFIE
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD
--------------[ Recherche de fichiers cachés avec Catchme ]---------------
catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 21:03:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
D:\Autorun.inf
--------------------[ Fin du rapport à 21:04:34,98 ]----------------------
Re,
Ouvre le dossier Lop S&D puis double-clique sur Scan.bat. Tape sur "S" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Répondre à Angeldark
J'ai vu qu'en 5 minutes tu avais répondu a 5 pot. chapeau ! lol
Merci pour ton temps et ton energie...
Voici donc le rapport :
------------------------------[ Lop S&D 1.5 ]----------------------------
Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]
Lancé depuis : "C:\Documents and Settings\unika\Bureau\LopSD\Lop S&D"
Rapport créé Le 28/10/2007 à 21:27:07,59 PC : NOM-F0D4QMIEUZ0
! Faire analyser le rapport par un Helper avant intervention !
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ///////////////////////////////
Supprimé - C:\Program Files\FINDAN~1
Supprimé - C:\Documents and settings\All Users\Application Data\SOAP BROWSE AUDIO MULTI
Supprimé - C:\Documents and settings\unika\Application Data\FINDAN~1
Restauré - Fichier Hosts
Présent! - D:\autorun.inf
\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////
Présent! - D:\autorun.inf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Copié ! - [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
Copié ! - [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
Supprimé - HKLM\Software\Microsoft\Windows\CurrentVersion\Run | AUDIO MULTI THIS COOL
Supprimé - HKCU\Software\Microsoft\Windows\CurrentVersion\Run | fastdale
//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
-------------[ Listing des Dossiers dans Application Data ]-------------
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\OD2
C:\Documents and settings\All Users\Application Data\Google
C:\Documents and settings\All Users\Application Data\ArcSoft
C:\Documents and settings\All Users\Application Data\Motive
C:\Documents and settings\All Users\Application Data\QuickTime
C:\Documents and settings\All Users\Application Data\Ulead Systems
C:\Documents and settings\All Users\Application Data\hpzinstall.log
C:\Documents and settings\All Users\Application Data\Hewlett-Packard
C:\Documents and settings\All Users\Application Data\MSN6
C:\Documents and settings\All Users\Application Data\desktop.ini
C:\Documents and settings\Default User\Application Data\Microsoft
C:\Documents and settings\Default User\Application Data\Help
C:\Documents and settings\Default User\Application Data\Identities
C:\Documents and settings\Default User\Application Data\desktop.ini
C:\Documents and settings\Intel Retail Demo\Application Data\MSN6
C:\Documents and settings\Intel Retail Demo\Application Data\Microsoft
C:\Documents and settings\Intel Retail Demo\Application Data\Help
C:\Documents and settings\Intel Retail Demo\Application Data\Identities
C:\Documents and settings\Intel Retail Demo\Application Data\desktop.ini
C:\Documents and settings\LocalService\Application Data\Help
C:\Documents and settings\LocalService\Application Data\Macromedia
C:\Documents and settings\LocalService\Application Data\Microsoft
C:\Documents and settings\NetworkService\Application Data\Microsoft
C:\Documents and settings\unika\Application Data\AdobeUM
C:\Documents and settings\unika\Application Data\Real
C:\Documents and settings\unika\Application Data\1&1
C:\Documents and settings\unika\Application Data\dvdcss
C:\Documents and settings\unika\Application Data\MSN6
C:\Documents and settings\unika\Application Data\Microsoft
C:\Documents and settings\unika\Application Data\InstallShield
C:\Documents and settings\unika\Application Data\Musicmatch
C:\Documents and settings\unika\Application Data\DivX
C:\Documents and settings\unika\Application Data\Mozilla
C:\Documents and settings\unika\Application Data\Macromedia
C:\Documents and settings\unika\Application Data\Google
C:\Documents and settings\unika\Application Data\Motive
C:\Documents and settings\unika\Application Data\OD2
C:\Documents and settings\unika\Application Data\Adobe
C:\Documents and settings\unika\Application Data\Lavasoft
C:\Documents and settings\unika\Application Data\Sun
C:\Documents and settings\unika\Application Data\GDIPFONTCACHEV1.DAT
C:\Documents and settings\unika\Application Data\FotoWire
C:\Documents and settings\unika\Application Data\FaxCtr
C:\Documents and settings\unika\Application Data\Help
C:\Documents and settings\unika\Application Data\ArcSoft
C:\Documents and settings\unika\Application Data\InterVideo
C:\Documents and settings\unika\Application Data\Identities
C:\Documents and settings\unika\Application Data\desktop.ini
----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
C:\WINDOWS\tasks\desktop.ini
C:\WINDOWS\tasks\SA.DAT
---------------[ Listing des dossiers dans Program Files ]--------------
C:\Program Files\Adobe
C:\Program Files\Ahead
C:\Program Files\Alwil Software
C:\Program Files\ArcSoft
C:\Program Files\ATI Technologies
C:\Program Files\BroadJump
C:\Program Files\Club-Internet
C:\Program Files\Common files
C:\Program Files\DivX
C:\Program Files\EZFace
C:\Program Files\Fichiers communs
C:\Program Files\Google
C:\Program Files\HardwareDetection
C:\Program Files\Hercules
C:\Program Files\Hewlett-Packard
C:\Program Files\HP
C:\Program Files\Internet Explorer
C:\Program Files\Java
C:\Program Files\Logitech
C:\Program Files\Messenger
C:\Program Files\Microsoft CAPICOM 2.1.0.2
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft IntelliPoint
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MSN
C:\Program Files\MSN Apps
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MyWay
C:\Program Files\NetMeeting
C:\Program Files\Outlook Express
C:\Program Files\Player Tool
C:\Program Files\Pure Motion
C:\Program Files\Real
C:\Program Files\Realtek AC97
C:\Program Files\Rencontre-Messenger
C:\Program Files\Services en ligne
C:\Program Files\SiS7012
C:\Program Files\SiSLan
C:\Program Files\Sonic Foundry
C:\Program Files\Talkway
C:\Program Files\Ulead Systems
C:\Program Files\VideoLAN
C:\Program Files\Windows Defender
C:\Program Files\Windows Live Favorites
C:\Program Files\Windows Live Toolbar
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\xerox
C:\Program Files\Yahoo!
------[ Listing des dossiers dans Program Files\Fichiers Communs ]------
C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Ahead
C:\program files\fichiers communs\Designer
C:\program files\fichiers communs\FDEUnInstaller.exe
C:\program files\fichiers communs\FotoWire
C:\program files\fichiers communs\Hewlett-Packard
C:\program files\fichiers communs\HP
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\Logitech
C:\program files\fichiers communs\Macromedia
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\Motive
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\Real
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\Softwin
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\System
C:\program files\fichiers communs\Talkway
C:\program files\fichiers communs\Ulead Systems
C:\program files\fichiers communs\Vbox
----------------------[ Recherche dans le Registre ]----------------------
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------
Aucun dossier Lop trouvé !
--------------------[ Vérification du fichier Hosts ]---------------------
Fichier Hosts : Propre
--------------[ Recherche de fichiers cachés avec Catchme ]---------------
catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 21:27:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
scanning hidden files ...
scan completed successfully
hidden files: 0
--------------------[ Recherche d'autres infections ]---------------------
D:\Autorun.inf
--------------------[ Fin du rapport à 21:28:25,00 ]----------------------
Re,
- Télécharge combofix.exe (par sUBs) sur ton Bureau.
- Double clique combofix.exe.
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Répondre à Angeldark
voilà ,
ComboFix 07-10-28.2 - unika 2007-10-28 21:48:47.1 - NTFSx86
Running from: C:\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-28 to 2007-10-28 ))))))))))))))))))))))))))))))))))))
.
2007-10-28 21:46 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 21:44 1,529,595 --a------ C:\ComboFix.exe
2007-10-28 20:59 139,775 --a------ C:\LopSD.zip
2007-10-28 15:47 318,369 --a------ C:\HiJackThis.zip
2007-10-28 15:03 25,088 --a------ C:\wsock32.dll
2007-10-28 15:03 2,864 --a------ C:\winsock.dll
2007-10-28 15:02 1,049,600 --a------ C:\kernel32.dll
2007-10-27 21:05 <REP> d-------- C:\Program Files\Alwil Software
2007-10-27 21:05 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-10-27 21:05 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-10-27 21:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-27 21:05 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-27 21:05 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-27 21:05 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-27 21:05 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-27 21:02 17,521,856 --a------ C:\avast4.exe
2007-10-10 17:18 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-28 19:19 --------- d-----w C:\Program Files\Java
2007-10-27 19:36 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-10-27 19:36 --------- d-----w C:\Program Files\Ahead
2007-10-26 08:13 --------- d-----w C:\Documents and Settings\unika\Application Data\AdobeUM
2007-10-25 11:32 14 ----a-w C:\Documents and Settings\unika\getfile.dat
2007-10-25 08:05 --------- d-----w C:\Program Files\MSN Messenger
2007-09-19 19:04 --------- d-----w C:\Program Files\Club-Internet
2007-09-19 18:42 --------- d-----w C:\Program Files\Rencontre-Messenger
2007-09-19 18:42 --------- d-----w C:\Program Files\Fichiers communs\Real
2007-09-19 18:41 --------- d-----w C:\Program Files\VideoLAN
2007-08-21 06:17 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-07-30 17:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 17:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 17:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 17:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 17:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 17:19 271,224 ----a-w C:\WINDOWS\system32\mucltui.dll
2007-07-30 17:19 207,736 ----a-w C:\WINDOWS\system32\muweb.dll
2007-07-30 17:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 17:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 17:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-18 10:39 278,528 -c--a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2005-05-17 16:04 25,360 -c--a-w C:\Documents and Settings\unika\Application Data\GDIPFONTCACHEV1.DAT
2005-11-01 20:00:02 56 --sh--r C:\WINDOWS\system32\D5DE1490EC.sys
2005-11-01 20:00:02 1,682 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 09:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-02-13 21:00]
"PCTVOICE"="pctspk.exe" [2003-01-06 01:00 C:\WINDOWS\system32\pctspk.exe]
"ACTNSTA.EXE"="ACTNSTA.exe" [2002-08-04 09:47 C:\WINDOWS\system32\ACTNSTA.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-03-31 06:54 C:\WINDOWS\AGRSMMSG.exe]
"AEIWLSTA.EXE"="AEIWLSTA.exe" [2002-07-26 10:50 C:\WINDOWS\system32\AEIWLSTA.exe]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2003-05-16 00:41]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15]
"Logitech Utility"="Logi_MwX.Exe" []
"Ulead Memory Card Detector"="C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe" [2002-09-11 15:00]
"vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 16:21]
"SoundMan"="SOUNDMAN.EXE" [2006-08-03 05:12 C:\WINDOWS\soundman.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 16:20]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe [2007-04-17 10:25:51]
R2 Fswsclds;F-Secure Windows Security Center Legacy Detection Service;C:\Program Files\Securitoo\av_fw\fswsclds.exe
R3 LCcfltr;Logitech USB Filter Driver;C:\WINDOWS\system32\Drivers\LCcFltr.Sys
R3 WBFIRDMA;Winbond Infrared Device Driver;C:\WINDOWS\system32\DRIVERS\wbfirdma.sys
S3 ACTN;Accton 11Mbps Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\ACTNNDS.sys
S3 AEIWL;Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\AEIWLNDS.sys
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys
S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;C:\WINDOWS\system32\DRIVERS\RTL8180.SYS
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
S3 SiS7012;Service for AC'97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys
S3 SNPP106;PC CAMERA DATA SOURCE(6029)1.0(32-32);C:\WINDOWS\system32\DRIVERS\snpp106.sys
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-28 13:54:39 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-28 19:55:09 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************
catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 21:51:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-28 21:52:14
.
--- E O F ---
Re,
Pour supprimer cette infection, suis cette procédure.
Répondre à Angeldark
j'ai beau essayé depuis une heure impossible d'ouvrir flash_desinfector
je l'ai désinstallé et ré installé , mais rien à faire quand je double click dessus et que je clik sur executer il ne se passe rien.
Que dois je faire ?
Reposte un rapport Hijackthis.
Répondre à Angeldark
voilà,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:59, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\ACTNSTA.EXE
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\AEIWLSTA.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\unika\Bureau\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ACTNSTA.EXE] ACTNSTA.EXE START
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?bb921d7a5be41c9b2c7bba283603ff2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?bb921d7a5be41c9b2c7bba283603ff2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 4468123781
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fich [...] b?version=
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://webcam.st-malo.com/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03F0B187-70E6-4CC4-83BD-43689DFB1165}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{03F0B187-70E6-4CC4-83BD-43689DFB1165}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{03F0B187-70E6-4CC4-83BD-43689DFB1165}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 9227 bytes
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
Répondre à Angeldark
antivir rapport :
AntiVir PersonalEdition Classic
Report file date: lundi 29 octobre 2007 15:00
Scanning for 907624 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: NOM-F0D4QMIEUZ0
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 13:58:37
ANTIVIR3.VDF : 7.0.0.147 49664 Bytes 29/10/2007 13:58:37
AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 29/10/2007 13:58:38
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 29 octobre 2007 15:00
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'lanceur.exe' - '1' Module(s) have been scanned
Scan process 'WiFiStation.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'fswsclds.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'CFD.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'vmtalk.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'iTouch.exe' - '1' Module(s) have been scanned
Scan process 'point32.exe' - '1' Module(s) have been scanned
Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'AEIWLSTA.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'ACTNSTA.exe' - '1' Module(s) have been scanned
Scan process 'pctspk.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
46 processes with 46 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\' <DATA>
End of the scan: lundi 29 octobre 2007 15:59
Used time: 59:48 min
The scan has been done completely.
3727 Scanning directories
280186 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
280186 Files not concerned
6738 Archives were scanned
1 Warnings
7 Notes
Reposte un rapport Hijackthis.
Répondre à Angeldark
voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:45:19, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ACTNSTA.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\AEIWLSTA.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\notepad.exe
C:\Documents and Settings\unika\Bureau\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ACTNSTA.EXE] ACTNSTA.EXE START
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?bb921d7a5be41c9b2c7bba283603ff2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?bb921d7a5be41c9b2c7bba283603ff2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 4468123781
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fich [...] b?version=
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://webcam.st-malo.com/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03F0B187-70E6-4CC4-83BD-43689DFB1165}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{03F0B187-70E6-4CC4-83BD-43689DFB1165}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{03F0B187-70E6-4CC4-83BD-43689DFB1165}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 9227 bytes
Re,
Fix les lignes en italique ci-dessous avec Hijackthis : AIDE EN IMAGES
O2 - BHO: (no name) - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
Répondre à Angeldark
ca y est, veux tu que je refasse une analyse ?
Oui.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:39:42, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\ACTNSTA.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\AEIWLSTA.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Securitoo\av_fw\fswsclds.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Documents and Settings\unika\Bureau\HiJackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [ACTNSTA.EXE] ACTNSTA.EXE START
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AEIWLSTA.EXE] AEIWLSTA.EXE START
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?bb921d7a5be41c9b2c7bba283603ff2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?bb921d7a5be41c9b2c7bba283603ff2
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 4468123781
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fich [...] b?version=
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://webcam.st-malo.com/activex/AxisCamControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{03F0B187-70E6-4CC4-83BD-43689DFB1165}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{03F0B187-70E6-4CC4-83BD-43689DFB1165}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{03F0B187-70E6-4CC4-83BD-43689DFB1165}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\fswsclds.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--
End of file - 8930 bytes
Encore des problèmes ?
Répondre à Angeldark
Ben , je crois pas...
Tout est ok ?
Je pense que oui 
Répondre à Angeldark
Bon je crois que tu as raison, par contre je trouve qu'il rame toujours autant!
Pour les logiciels que j'ai téléchargé, je dois les garder ? combofix etc...
En tout cas, je te remercie beaucoup de ton aide ;-)
Garde uniquement AntiVir.
Entre pc qui ram et infection, il n'y a rien à voir.
Répondre à Angeldark
merci beaucoup pour ton aide
Bonne continuation.
Répondre à Angeldark
Il y a 2495 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
