Je n ai plus la min sur mon pc!! au secours

yoan 78 -  
 kants -
Bonsoir
J'ai un serieux probleme !!!
mon pc est certainement verole mais je n'ai plus la main.Impossible d'ouvrir regedit, impossible de lancer hijack et il m'enleve systematiquement mon anti virus.
Je suis sous xp pack service1 et il ne m'autorise pas à acceder au service de mise a jour microsoft pour prendre le pack service 2.
De plus, j ai constater que lorsque je veut mettre mon pare feu, j ai un message: Impossible d'activer le partage d'accés. erreur 123,syntaxe du nom de fichier, de repertoire ou de volume incorrecte.
Quand je fait recherche de fichier regedit je trouve ca:
Regedit.exe-1b606482.PF en date du 01/06/05.
Autre chose: au debut, il m'ouvrait systematiquement MSN 6 que j'ai enlevé depuis.
En espérant qu'une ame charitable puisse m'aider!
Je vous remercie d'avance
Configuration: xp professionnel pack 1
proc 1 giga
512 mega de ram

2 réponses

  1. yoan78 Messages postés 4 Statut Membre
     
    rebonsoir
    g reussi a utiliset hijack en mode sans echec

    Logfile of HijackThis v1.99.1
    Scan saved at 00:18:14, on 02/06/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\svchost.exe
    C:\windows\system32\svchost.exe
    C:\windows\Explorer.EXE
    H:\JACK\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freebox.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freebox.free.fr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://freebox.free.fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\COPERN~1\COPERN~1.DLL
    O1 - Hosts file is located at: C:\windows\help\hosts
    O1 - Hosts: 88.88.88.88 elite
    O1 - Hosts: 207.44.220.30 www.google.akadns.net
    O1 - Hosts: 207.44.220.30 www.google.com
    O1 - Hosts: 207.44.220.30 google.com
    O1 - Hosts: 207.44.220.30 www.altavista.com
    O1 - Hosts: 207.44.220.30 altavista.com
    O1 - Hosts: 207.44.220.30 search.yahoo.com
    O1 - Hosts: 207.44.220.30 uk.search.yahoo.com
    O1 - Hosts: 207.44.220.30 ca.search.yahoo.com
    O1 - Hosts: 207.44.220.30 jp.search.yahoo.com
    O1 - Hosts: 207.44.220.30 au.search.yahoo.com
    O1 - Hosts: 207.44.220.30 de.search.yahoo.com
    O1 - Hosts: 207.44.220.30 search.yahoo.co.jp
    O1 - Hosts: 207.44.220.30 www.lycos.de
    O1 - Hosts: 207.44.220.30 www.lycos.ca
    O1 - Hosts: 207.44.220.30 www.lycos.jp
    O1 - Hosts: 207.44.220.30 www.lycos.co.jp
    O1 - Hosts: 207.44.220.30 alltheweb.com
    O1 - Hosts: 207.44.220.30 web.ask.com
    O1 - Hosts: 207.44.220.30 ask.com
    O1 - Hosts: 207.44.220.30 www.ask.com
    O1 - Hosts: 207.44.220.30 www.teoma.com
    O1 - Hosts: 207.44.220.30 search.aol.com
    O1 - Hosts: 207.44.220.30 www.looksmart.com
    O1 - Hosts: 207.44.220.30 auto.search.msn.com
    O1 - Hosts: 207.44.220.30 search.msn.com
    O1 - Hosts: 207.44.220.30 ca.search.msn.com
    O1 - Hosts: 207.44.220.30 fr.ca.search.msn.com
    O1 - Hosts: 207.44.220.30 search.fr.msn.be
    O1 - Hosts: 207.44.220.30 search.fr.msn.ch
    O1 - Hosts: 207.44.220.30 search.latam.yupimsn.com
    O1 - Hosts: 207.44.220.30 search.msn.at
    O1 - Hosts: 207.44.220.30 search.msn.be
    O1 - Hosts: 207.44.220.30 search.msn.ch
    O1 - Hosts: 207.44.220.30 search.msn.co.in
    O1 - Hosts: 207.44.220.30 search.msn.co.jp
    O1 - Hosts: 207.44.220.30 search.msn.co.kr
    O1 - Hosts: 207.44.220.30 search.msn.com.br
    O1 - Hosts: 207.44.220.30 search.msn.com.hk
    O1 - Hosts: 207.44.220.30 search.msn.com.my
    O1 - Hosts: 207.44.220.30 search.msn.com.sg
    O1 - Hosts: 207.44.220.30 search.msn.com.tw
    O1 - Hosts: 207.44.220.30 search.msn.co.za
    O1 - Hosts: 207.44.220.30 search.msn.de
    O1 - Hosts: 207.44.220.30 search.msn.dk
    O1 - Hosts: 207.44.220.30 search.msn.es
    O1 - Hosts: 207.44.220.30 search.msn.fi
    O1 - Hosts: 207.44.220.30 search.msn.fr
    O1 - Hosts: 207.44.220.30 search.msn.it
    O1 - Hosts: 207.44.220.30 search.msn.nl
    O1 - Hosts: 207.44.220.30 search.msn.no
    O1 - Hosts: 207.44.220.30 search.msn.se
    O1 - Hosts: 207.44.220.30 search.ninemsn.com.au
    O1 - Hosts: 207.44.220.30 search.t1msn.com.mx
    O1 - Hosts: 207.44.220.30 search.xtramsn.co.nz
    O1 - Hosts: 207.44.220.30 search.yupimsn.com
    O1 - Hosts: 207.44.220.30 uk.search.msn.com
    O1 - Hosts: 207.44.220.30 search.lycos.com
    O1 - Hosts: 207.44.220.30 www.lycos.com
    O1 - Hosts: 207.44.220.30 www.google.ca
    O1 - Hosts: 207.44.220.30 google.ca
    O1 - Hosts: 207.44.220.30 www.google.uk
    O1 - Hosts: 207.44.220.30 www.google.co.uk
    O1 - Hosts: 207.44.220.30 www.google.com.au
    O1 - Hosts: 207.44.220.30 www.google.co.jp
    O1 - Hosts: 207.44.220.30 www.google.jp
    O1 - Hosts: 207.44.220.30 www.google.at
    O1 - Hosts: 207.44.220.30 www.google.be
    O1 - Hosts: 207.44.220.30 www.google.ch
    O1 - Hosts: 207.44.220.30 www.google.de
    O1 - Hosts: 207.44.220.30 www.google.se
    O1 - Hosts: 207.44.220.30 www.google.dk
    O1 - Hosts: 207.44.220.30 www.google.fi
    O1 - Hosts: 207.44.220.30 www.google.fr
    O1 - Hosts: 207.44.220.30 www.google.com.gr
    O1 - Hosts: 207.44.220.30 www.google.com.hk
    O1 - Hosts: 207.44.220.30 www.google.ie
    O1 - Hosts: 207.44.220.30 www.google.co.il
    O1 - Hosts: 207.44.220.30 www.google.it
    O1 - Hosts: 207.44.220.30 www.google.co.kr
    O1 - Hosts: 207.44.220.30 www.google.com.mx
    O1 - Hosts: 207.44.220.30 www.google.nl
    O1 - Hosts: 207.44.220.30 www.google.co.nz
    O1 - Hosts: 207.44.220.30 www.google.pl
    O1 - Hosts: 207.44.220.30 www.google.pt
    O1 - Hosts: 207.44.220.30 www.google.com.ru
    O1 - Hosts: 207.44.220.30 www.google.com.sg
    O1 - Hosts: 207.44.220.30 www.google.co.th
    O1 - Hosts: 207.44.220.30 www.google.com.tr
    O1 - Hosts: 207.44.220.30 www.google.com.tw
    O1 - Hosts: 207.44.220.30 go.google.com
    O1 - Hosts: 207.44.220.30 google.at
    O1 - Hosts: 207.44.220.30 google.be
    O1 - Hosts: 207.44.220.30 google.de
    O1 - Hosts: 207.44.220.30 google.dk
    O1 - Hosts: 207.44.220.30 google.fi
    O1 - Hosts: 207.44.220.30 google.fr
    O1 - Hosts: 207.44.220.30 google.com.hk
    O1 - Hosts: 207.44.220.30 google.ie
    O1 - Hosts: 207.44.220.30 google.co.il
    O1 - Hosts: 207.44.220.30 google.it
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - H:\IPFix\EOREZO~1.DLL
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\COPERN~1\COPERN~1.DLL
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
    O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
    O4 - HKLM\..\Run: [Microsoft Wins Service] wins.exe
    O4 - HKLM\..\Run: [Windows Services] C:\windows\Service32.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
    O4 - HKLM\..\Run: [Windows Service] llsas.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\RunServices: [Microsoft Wins Service] wins.exe
    O4 - HKLM\..\RunServices: [Windows Services] C:\windows\Service32.exe
    O4 - HKLM\..\RunServices: [Windows Service] llsas.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [I/O Controllers] svcnet.exe
    O4 - HKCU\..\Run: [FreeGo] C:\\FreeGo.exe
    O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINDOWS\System32\wytgzw.exe
    O4 - HKCU\..\Run: [Windows Services] C:\windows\Service32.exe
    O4 - HKCU\..\Run: [Windows Service] llsas.exe
    O4 - HKCU\..\RunServices: [Windows Service] llsas.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://freebox.free.fr/
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C9A43EF1-F810-4A01-A229-E697BB2F3404}: NameServer = 216.127.92.38,216.127.92.38
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CS1\Services\VxD\MSTCP: NameServer = 216.127.92.38,216.127.92.38
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: Domain = mydomain.com
    O17 - HKLM\System\CS2\Services\VxD\MSTCP: NameServer = 216.127.92.38,216.127.92.38
    O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 216.127.92.38,216.127.92.38
    O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
    O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
    O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\windows\system32\pctspk.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe

    En esperant que quelqu'un auras une solution
    merci
    0
    1. EL GUAPO
       
      salut,

      tu as comme virus spybot,,, dans le gestionnaires des taches tu as le processus llsas.exe qui est le virus,,,, il ne faut pas se tromper avec lsass.exe qui est un process windows.

      tu dois supprimer le processus llsas.exe, puis supprimer toutes les entrée llsas dans la base de registre ensuite supprimer tous les fichier tftp faisant 0 octet et enfin desactiver la restauration automatique du systeme pour qu'il ne réapparaisse pas,, redemarre et fait la mise a jour sp2
      0
    2. yoan78 Messages postés 4 Statut Membre > EL GUAPO
       
      merci mais g formater le disque et depuis tout va bien !!!
      0
    3. Neo-Nil@u Messages postés 1595 Statut Contributeur 96 > yoan78 Messages postés 4 Statut Membre
       
      Peux-tu copier le nouveau rapport d'HijackThis après formatage ? 8)
      0
    4. yoan78 Messages postés 4 Statut Membre > Neo-Nil@u Messages postés 1595 Statut Contributeur
       
      Logfile of HijackThis v1.99.1
      Scan saved at 12:30:56, on 11/06/2005
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

      Running processes:
      C:\windows\System32\smss.exe
      C:\windows\system32\csrss.exe
      C:\windows\system32\winlogon.exe
      C:\windows\system32\services.exe
      C:\windows\system32\lsass.exe
      C:\windows\system32\svchost.exe
      C:\windows\System32\svchost.exe
      C:\windows\System32\svchost.exe
      C:\windows\System32\svchost.exe
      C:\windows\system32\spoolsv.exe
      C:\Program Files\AVPersonal\AVGUARD.EXE
      C:\Program Files\AVPersonal\AVWUPSRV.EXE
      C:\PROGRA~1\CACHEM~1\CachemanXP.exe
      H:\Kerio\Personal Firewall 4\kpf4ss.exe
      C:\windows\System32\nvsvc32.exe
      C:\windows\system32\pctspk.exe
      H:\Kerio\Personal Firewall 4\kpf4gui.exe
      C:\windows\System32\svchost.exe
      C:\WINDOWS\System32\wdfmgr.exe
      C:\windows\Explorer.EXE
      H:\Kerio\Personal Firewall 4\kpf4gui.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\windows\System32\rundll32.exe
      C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
      C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe
      C:\Program Files\AVPersonal\AVSCHED32.EXE
      C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
      C:\Program Files\AVPersonal\AVGNT.EXE
      C:\windows\System32\RUNDLL32.EXE
      C:\windows\System32\wuauclt.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      H:\asquared\a2\a2guard.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\WinZip\WZQKPICK.EXE
      C:\windows\System32\wuauclt.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Free-Go\FreeGo.exe
      C:\Documents and Settings\pascal\Bureau\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://freebox.free.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://freebox.free.fr/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://freebox.free.fr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
      O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYBOT~1\SDHelper.dll
      O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\COPERN~1\COPERN~1.DLL
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\fr\msntb.dll
      O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
      O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\fr\msnappau.exe"
      O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSCHED32.EXE /min
      O4 - HKLM\..\Run: [Windows Services] C:\windows\Service32.exe
      O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
      O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
      O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
      O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
      O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\windows\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [FreeGo] C:\\FreeGo.exe
      O4 - HKCU\..\Run: [a-squared] "h:\asquared\a2\a2guard.exe"
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: WinZip Quick Pick.lnk = C:\WinZip\WZQKPICK.EXE
      O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
      O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\COPERN~1\COPERN~1.EXE
      O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\COPERN~1\COPERN~1.EXE
      O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\COPERN~1\COPERN~1.EXE
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
      O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
      O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
      O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
      O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
      O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - H:\Kerio\Personal Firewall 4\kpf4ss.exe
      O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
      O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\windows\system32\pctspk.exe
      O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
      O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
      O23 - Service: Pare-feu de connexion Internet (ICF) / Partage de connexion Internet (ICS) (SharedAccess) - Unknown owner - C:\windows\C:\windows\C:\windows\C:\windows\C:\windows\C:\windows\C:\windows\C:\windows\C:\windows\C:\windows\C:\WINDOWS\System32\svchost.exe (file missing)

      Et encore merci
      titou78800
      0
    5. Neo-Nil@u Messages postés 1595 Statut Contributeur 96 > yoan78 Messages postés 4 Statut Membre
       
      Relance HijackThis, coche ces lignes et clique sur Fix Checked :

      O4 - HKCU\..\Run: [FreeGo] C:\\FreeGo.exe
      O4 - HKLM\..\Run: [Windows Services] C:\windows\Service32.exe

      Ensuite, supprime les fichiers en gras en suivant les fichiers :
      C:\FreeGo.exe
      C:\windows\Service32.exe

      Et avec ton antivirus, lance un scan pour vérifier si il y'a encore des virus qui traînent ...
      Tiens-moi au courant ! @++
      0
  2. jeanphicool Messages postés 450 Statut Membre 33
     
    salut colles ton log ici: http://www.hijackthis.de/fr

    sans ça:

    Logfile of HijackThis v1.99.1
    Scan saved at 00:18:14, on 02/06/2005
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    sinon il te le prendra pas

    tu vas prendre peur...
    0