Tom's Guide > Forum > Sécurité - Virus > changement avast pour antivir : nouveaux virus trouvés [RESOLU]

changement avast pour antivir : nouveaux virus trouvés [RESOLU]

Forum Sécurité - Virus : changement avast pour antivir : nouveaux virus trouvés [RESOLU]

TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Créer un nouveau sujet Répondre
Mot :    Pseudo :           
 
dieu_x   20-12-2007 à 17:12:44

merci angeldark, donc pour mon pc antivir m'a detecté des fichiers infectieux. Qu'en penses tu ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14, on 2007-12-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Remotty] C:\Program Files\Remotty\Remotty.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7241 bytes


Message édité par dieu_x le 21-12-2007 à 21:54:38
------------------------------ www.forum2biologie.actifforum.com
Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
dieu_x   20-12-2007 à 17:13:24
- 0 +



AntiVir PersonalEdition Classic
Report file date: 2007-12-19 19:46

Scanning for 981231 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: DIEUX

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 13:51:38
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 2007-12-14 13:51:38
ANTIVIR3.VDF : 7.0.1.121 117760 Bytes 2007-12-19 13:51:38
AVEWIN32.DLL : 7.6.0.45 3084800 Bytes 2007-12-19 13:51:38
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: 2007-12-19 19:46

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'thunderbird.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wcourier.exe' - '1' Module(s) have been scanned
Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'brss01a.exe' - '1' Module(s) have been scanned
Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP100\A0013434.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP100\A0013453.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP101\A0013499.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP101\A0013527.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP101\A0013570.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP102\A0013605.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP102\A0013622.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP102\A0013693.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP103\A0013797.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP103\A0013930.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP104\A0013969.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP106\A0014040.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP107\A0014120.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP108\A0014185.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP108\A0014232.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP109\A0014331.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP110\A0014440.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP111\A0014474.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP111\A0014507.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP112\A0014530.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP112\A0014577.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP113\A0014687.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP114\A0014794.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP115\A0014910.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP116\A0014969.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP117\A0015041.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP117\A0015094.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP118\A0015171.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP119\A0015262.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP120\A0015313.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP121\A0015421.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP122\A0015746.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP122\A0015767.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP123\A0015790.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP123\A0015869.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP124\A0015932.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP124\A0015951.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP125\A0016016.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP126\A0016126.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP127\A0016229.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP128\A0016349.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP129\A0016458.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP130\A0016506.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP131\A0016590.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP132\A0016731.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP133\A0016751.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP134\A0016891.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP135\A0016939.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP136\A0017025.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP136\A0017075.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP137\A0017096.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP137\A0017113.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP137\A0018113.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP138\A0018128.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP138\A0018138.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP139\A0018172.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP139\A0018262.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP95\A0013070.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP96\A0013171.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP97\A0013232.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP98\A0013280.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP98\A0013323.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP99\A0013359.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'


End of the scan: 2007-12-19 20:30
Used time: 44:05 min

The scan has been done completely.

5915 Scanning directories
359329 Files were scanned
63 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
63 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
359266 Files not concerned
1739 Archives were scanned
2 Warnings
1 Notes

------------------------------ www.forum2biologie.actifforum.com
 Répondre à dieu_x
Angeldark   20-12-2007 à 17:18:50
- 0 +

Re,

Désactive tes protections résidentes (antivirus...) !

  • Télécharge combofix.exe (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.


NOTE : Le rapport se trouve également ici : C:\Combofix.txt

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
dieu_x   20-12-2007 à 17:23:38
- 0 +

merci :
ComboFix 07-12-20.1 - Utilisateur 2007-12-20 17:22:32.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.405 [GMT 1:00]
Running from: D:\Mes Documents\Mes fichiers reçus\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))))))))
.

2007-12-19 14:50 . 2007-12-19 14:50 <REP> d-------- C:\Program Files\Avira
2007-12-19 14:50 . 2007-12-19 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-11 23:11 . 2007-12-11 23:11 <REP> d-------- C:\Program Files\CCleaner
2007-12-07 14:45 . 2007-12-07 14:45 16,574 --a------ C:\WINDOWS\EPISMF00.SWB
2007-12-07 14:45 . 2007-12-07 14:45 6,718 --a------ C:\WINDOWS\EPISMF07.SWB
2007-11-28 20:35 . 2007-11-28 20:35 <REP> d-------- C:\Documents and Settings\Utilisateur\DoctorWeb

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-20 12:13 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-20 10:48 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Hamachi
2007-12-18 18:28 --------- d-----w C:\Program Files\Weather Watcher
2007-12-16 18:45 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Azureus
2007-12-11 12:17 --------- d-----w C:\Program Files\Azureus
2007-12-05 19:10 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-11-18 09:59 --------- d-----w C:\Program Files\Teamspeak2 server
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-06 22:24 --------- d-----w C:\Program Files\QuickTime
2007-11-06 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-06 22:23 --------- d-----w C:\Program Files\Apple Software Update
2007-11-06 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-30 18:59 --------- d-----w C:\Program Files\Hamachi
2007-10-30 18:58 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-08-24 11:00 56 --sh--r C:\WINDOWS\system32\CF7CE98A61.sys
2007-08-24 11:00 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-17 19:17]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-08-29 04:30]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"SMSERIAL"="sm56hlpr.exe" [2005-05-27 00:12 C:\WINDOWS\sm56hlpr.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-19 03:07]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 15:55]
"Wireless Console 2"="C:\Program Files\ASUS\Wireless Console 2\wcourier.exe" [2005-08-23 12:45]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"Remotty"="C:\Program Files\Remotty\Remotty.exe" []
"SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 17:02]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-14 16:51 C:\WINDOWS\RTHDCPL.exe]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-10 14:55]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-19 14:51]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-08-18 11:38 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur d’état.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur d’état.lnk
backup=C:\WINDOWS\pss\Contrôleur d’état.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
path=C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)

R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 18:54]
R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys [2004-04-22 14:03]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f7aa99e-a269-11dc-80ae-001731229abf}]
\Shell\AutoRun\command - RAVMON.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d13836aa-9426-11dc-808f-001731229abf}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 17:24:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
.
Completion time: 2007-12-20 17:25:10
.
2007-12-12 21:22:34 --- E O F ---

------------------------------ www.forum2biologie.actifforum.com
 Répondre à dieu_x
Angeldark   20-12-2007 à 17:26:01
- 0 +

Re,

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
dieu_x   20-12-2007 à 17:30:46
- 0 +

20/12/2007 a 17:31:43,87

*** Recherche des fichiers dans C:
C:\autorun.inf FOUND

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !

------------------------------ www.forum2biologie.actifforum.com
 Répondre à dieu_x
Angeldark   20-12-2007 à 17:35:33
- 0 +

Re,

Redémarre en mode sans échec

Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.

Redémarre normalement.

Poste le rapport clean : C:\rapport_clean.txt

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
dieu_x   20-12-2007 à 17:44:17
- 0 +

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 20/12/2007 a 17:40:52,15

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:
tentative de suppression de C:\autorun.inf
Impossible de supprimer C:\autorun.inf

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

------------------------------ www.forum2biologie.actifforum.com
 Répondre à dieu_x
dieu_x   20-12-2007 à 17:45:56
- 0 +

c'est quoi cet autorun.inf ?

------------------------------ www.forum2biologie.actifforum.com
 Répondre à dieu_x
Angeldark   20-12-2007 à 18:05:34
- 0 +

Un infection :D

Pour supprimer cette infection, suis cette procédure.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
dieu_x   20-12-2007 à 23:47:21
- 0 +

ca y est
un autre hijackthis ?

bonne nuit

------------------------------ www.forum2biologie.actifforum.com
 Répondre à dieu_x
dieu_x   21-12-2007 à 11:43:30
- 0 +

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:56, on 21/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Remotty] C:\Program Files\Remotty\Remotty.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7225 bytes

------------------------------ www.forum2biologie.actifforum.com
 Répondre à dieu_x
dieu_x   21-12-2007 à 11:49:28
- 0 +

et maintenant quoi ? :P

------------------------------ www.forum2biologie.actifforum.com
 Répondre à dieu_x
dieu_x   21-12-2007 à 11:53:40
- 0 +

bein j'avais pas de symptomes, c'est juste que le scan d'antivir détectait des virus, sinon je n'avais rien remarqué de spécial.
je peux rescanner avec antivir peut etre

merci

------------------------------ www.forum2biologie.actifforum.com
 Répondre à dieu_x
dieu_x   21-12-2007 à 21:54:07
- 0 +

j'ai rescanné et antivir n'a rien détecté. Je ferme le topic

merci angeldrak et bonnes fetes

------------------------------ www.forum2biologie.actifforum.com
 Répondre à dieu_x
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > changement avast pour antivir : nouveaux virus trouvés [RESOLU]
Aller à :

Il y a 2026 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,355 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens