[Virus ou trojans ?] Pc très lent
easton
Messages postés
104
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonsoir toutes et tous,
Mon pc est devenu très lent. Il a souvent des problèmes de ralentissement surtout sur internet que je "règle" en supprimant IEXPLORE.EXE à chaque fois qu'il revient c est a dire presque tous les jours.
Hier soir en démarrant le PC, gros ralentissements, alors j'ai lancé hijackthis qui s'est arrété à moitié (barre de progression) même pas de log possible...
Depuis j'ai fouillé un peu ici et j'ai supprimé pas mal de choses avec ccleaner, adawre et spybot, et maintenant hijcackthis remarche.
De plus impossible de scanner en ligne chez bitdefender, message du genre "controle activex invalide avec ce site web"..
Et mon PC rame toujours lamentablement sur le net , je sens que quelque chose cloche mais je ne sais pas quoi faire.
Je poste un log, si quelqu'un peut m'aider à résoudre çà :
Logfile of HijackThis v1.99.1
Scan saved at 22:48:13, on 23/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\msinit.exe
C:\winnt\system32\dllcache\FireDaemon.EXE
C:\winnt\system32\dllcache\runbatch.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\lrdwht.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update Schedule] lrdwht.exe
O4 - HKLM\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Schedule] lrdwht.exe
O4 - HKLM\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKCU\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O13 - DefaultPrefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17786f44c678c61cca00/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123662115875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123662477546
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F1A94C-9D94-44E8-B5A0-EB63D8237C03}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
Merci d'avance :)
Mon pc est devenu très lent. Il a souvent des problèmes de ralentissement surtout sur internet que je "règle" en supprimant IEXPLORE.EXE à chaque fois qu'il revient c est a dire presque tous les jours.
Hier soir en démarrant le PC, gros ralentissements, alors j'ai lancé hijackthis qui s'est arrété à moitié (barre de progression) même pas de log possible...
Depuis j'ai fouillé un peu ici et j'ai supprimé pas mal de choses avec ccleaner, adawre et spybot, et maintenant hijcackthis remarche.
De plus impossible de scanner en ligne chez bitdefender, message du genre "controle activex invalide avec ce site web"..
Et mon PC rame toujours lamentablement sur le net , je sens que quelque chose cloche mais je ne sais pas quoi faire.
Je poste un log, si quelqu'un peut m'aider à résoudre çà :
Logfile of HijackThis v1.99.1
Scan saved at 22:48:13, on 23/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\msinit.exe
C:\winnt\system32\dllcache\FireDaemon.EXE
C:\winnt\system32\dllcache\runbatch.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINNT\system32\lrdwht.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Update Schedule] lrdwht.exe
O4 - HKLM\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Schedule] lrdwht.exe
O4 - HKLM\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKCU\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O13 - DefaultPrefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17786f44c678c61cca00/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123662115875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123662477546
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F1A94C-9D94-44E8-B5A0-EB63D8237C03}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
Merci d'avance :)
A voir également:
- [Virus ou trojans ?] Pc très lent
- Pc tres lent - Guide
- Reinitialiser pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Forcer demarrage pc - Guide
- Double ecran pc - Guide
31 réponses
J'ajoute le rapport du scan en ligne kaspersky que je viens de faire, si ca peut aider, c'est bien vérolé mais comment supprimer tout ca ?
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{B200A563-1922-4B5C-BDB5-48BF3ECCC905}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From "Postmaster" ][Date Tue, 1 Nov 2005 10:31:09 +0000]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{B200A563-1922-4B5C-BDB5-48BF3ECCC905}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From "Postmaster" ][Date Tue, 1 Nov 2005 10:31:09 +0000]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{B200A563-1922-4B5C-BDB5-48BF3ECCC905}\Microsoft\Outlook Express\Éléments supprimés.dbx Mail MS Outlook 5: suspect - 2 ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Fri, 24 Sep 2004 14:54:24 -070 ... /html Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Sat, 25 Sep 2004 22:50:39 -0600]/html Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Sat, 25 Sep 2004 10:16:46 +0100]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Sat, 25 Sep 2004 07:51:37 +0500]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Fri, 24 Sep 2004 18:32:33 -0400]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Fri, 24 Sep 2004 14:54:24 -0700]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Thu, 23 Sep 2004 09:46:09 +0100]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Wed, 22 Sep 2004 20:57:03 +0200]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Wed, 22 Sep 2004 10:46:58 +0100]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm Mail: infecté - 15 ignoré
C:\msdirectx.sys Infecté: Rootkit.Win32.Agent.l ignoré
C:\WINNT\msinit.exe Infecté: Backdoor.Win32.SdBot.aad ignoré
C:\WINNT\system32\lrdwht.exe Infecté: Backdoor.Win32.Rbot.akc ignoré
C:\WINNT\system32\msconf.exe Infecté: Backdoor.Win32.SdBot.yx ignoré
Analyse terminée.
Merci de votre aide.
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{B200A563-1922-4B5C-BDB5-48BF3ECCC905}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From "Postmaster" ][Date Tue, 1 Nov 2005 10:31:09 +0000]/UNNAMED/html Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{B200A563-1922-4B5C-BDB5-48BF3ECCC905}\Microsoft\Outlook Express\Éléments supprimés.dbx/[From "Postmaster" ][Date Tue, 1 Nov 2005 10:31:09 +0000]/UNNAMED Suspect : Exploit.HTML.Iframe.FileDownload ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{B200A563-1922-4B5C-BDB5-48BF3ECCC905}\Microsoft\Outlook Express\Éléments supprimés.dbx Mail MS Outlook 5: suspect - 2 ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Fri, 24 Sep 2004 14:54:24 -070 ... /html Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Sat, 25 Sep 2004 22:50:39 -0600]/html Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Sat, 25 Sep 2004 10:16:46 +0100]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Sat, 25 Sep 2004 07:51:37 +0500]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Fri, 24 Sep 2004 18:32:33 -0400]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Fri, 24 Sep 2004 14:54:24 -0700]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Thu, 23 Sep 2004 09:46:09 +0100]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Wed, 22 Sep 2004 20:57:03 +0200]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED/[From "Delabys" ][Date Wed, 22 Sep 2004 10:46:58 +0100]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED/[From "Delabys" ][Date Mon, 20 Sep 2004 21:47:26 +0100]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:05 +0000]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:04 +0000]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:03 +0000]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm/[From IncrediMail][Date Tue, 8 Jun 2004 12:00:02 +0000]/UNNAMED Infecté: Trojan-Spy.HTML.Citifraud.ai ignoré
C:\Documents and Settings\Administrateur\Local Settings\Application Data\IM\Identities\{A72A5FEF-A156-4680-B449-6B9BDA2A2908}\Message Store\Inbox.imm Mail: infecté - 15 ignoré
C:\msdirectx.sys Infecté: Rootkit.Win32.Agent.l ignoré
C:\WINNT\msinit.exe Infecté: Backdoor.Win32.SdBot.aad ignoré
C:\WINNT\system32\lrdwht.exe Infecté: Backdoor.Win32.Rbot.akc ignoré
C:\WINNT\system32\msconf.exe Infecté: Backdoor.Win32.SdBot.yx ignoré
Analyse terminée.
Merci de votre aide.
En attendant de l'aide pour m'éclairer je continue à farfouiller et je poste les résultats de mes recherches :
j'ai supprimé tous les fichiers infectés cités ci-dessus par Kaspersky SAUF :
C:\WINNT\msinit.exe que je ne trouve pas
(pourtant j'ai demandé l'affichage de tous les fichiers et dossiers)
et
C:\msdirectx.sys
auquel je n'ose pas toucher car il est marqué comme étant un fichier système.
A votre avis je peux le supprimer ?
Et celui que je ne trouve pas ?
...mon pc est toujours très très lent et j'ai eu 2 gros plantages depuis 22h 00.
Merci pour une éventuelle réponse si quelqu'un a le temps :)
j'ai supprimé tous les fichiers infectés cités ci-dessus par Kaspersky SAUF :
C:\WINNT\msinit.exe que je ne trouve pas
(pourtant j'ai demandé l'affichage de tous les fichiers et dossiers)
et
C:\msdirectx.sys
auquel je n'ose pas toucher car il est marqué comme étant un fichier système.
A votre avis je peux le supprimer ?
Et celui que je ne trouve pas ?
...mon pc est toujours très très lent et j'ai eu 2 gros plantages depuis 22h 00.
Merci pour une éventuelle réponse si quelqu'un a le temps :)
salut
0. Installe ce nettoyeur CCLEANER http://www.ccleaner.com/ ou lien direct là http://www.filehippo.com/download_ccleaner.html (la flèche)
Tutorial là http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ensuite
*Configure ton ordi pour tous scan à exécuter complétement, il faut pouvoir scanner tous les dossiers caché et système donc faire :
Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher
- masquer fichiers protégés du dossier système
Puis cliquer APPLIQUER à TOUS les Dossiers
1. relances Hijackthis
coche et fix ceci
O4 - HKLM\..\Run: [Microsoft Update Schedule] lrdwht.exe
O4 - HKLM\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Schedule] lrdwht.exe
O4 - HKLM\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKCU\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKCU\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
2. efface ces fichiers
c:... lrdwht.exe
c:... wmsgui32.exe
3. refais un hijackthis
a+
0. Installe ce nettoyeur CCLEANER http://www.ccleaner.com/ ou lien direct là http://www.filehippo.com/download_ccleaner.html (la flèche)
Tutorial là http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ensuite
*Configure ton ordi pour tous scan à exécuter complétement, il faut pouvoir scanner tous les dossiers caché et système donc faire :
Démarrer/PanneauConfiguration/OptionsDossiers /ongletAffichage et là cocher les lignes
- afficher les fichiers et dossier cachés
- afficher contenu dossier système
décocher
- masquer fichiers protégés du dossier système
Puis cliquer APPLIQUER à TOUS les Dossiers
1. relances Hijackthis
coche et fix ceci
O4 - HKLM\..\Run: [Microsoft Update Schedule] lrdwht.exe
O4 - HKLM\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKLM\..\RunServices: [Microsoft Update Schedule] lrdwht.exe
O4 - HKLM\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKCU\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKCU\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
2. efface ces fichiers
c:... lrdwht.exe
c:... wmsgui32.exe
3. refais un hijackthis
a+
re
et aussi
à vérifier là http://virusscan.jotti.org/ fichier par fichier Parcourir puis SUBMIT lance ce multiple scanneur antivirus)
ce fichier c:/winnt/msinit.exe
a+
et aussi
à vérifier là http://virusscan.jotti.org/ fichier par fichier Parcourir puis SUBMIT lance ce multiple scanneur antivirus)
ce fichier c:/winnt/msinit.exe
a+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Salut et merci de t'être penché sur mes problèmes.
J'ai enfin pu faire un log avec hijackthis mais impossible de fixer, quand hijack veut bien s'ouvrir la fenêtre ne reste ouverte que 1 ou 2 secondes. Comment arranger ca ?
Je poste le log à la fin.
Ici le scan de virusJotti :
File: msinit.exe
Status: INFECTED/MALWARE
MD5 1e2d6a22e353805749a95ce5834cc208
Packers detected: PESPIN
Scanner results
AntiVir Found Worm/SdBot.55296.32
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found IRC/BackDoor.SdBot.PQH
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found BackDoor.IRC.Sdbot.based
F-Prot Antivirus Found nothing
Fortinet Found W32/SDBot.BJ!bdr
Kaspersky Anti-Virus Found Backdoor.Win32.SdBot.aad
NOD32 Found a variant of IRC/SdBot
Norman Virus Control Found W32/SDBot.VFQ
UNA Found Backdoor.SdBot
VBA32 Found Backdoor.Win32.SdBot.aad
Ici le log Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 11:47:20, on 24/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\msinit.exe
C:\winnt\system32\dllcache\FireDaemon.EXE
C:\winnt\system32\dllcache\runbatch.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\notepad.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKLM\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKCU\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O13 - DefaultPrefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17786f44c678c61cca00/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123662115875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123662477546
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F1A94C-9D94-44E8-B5A0-EB63D8237C03}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
A +
J'ai enfin pu faire un log avec hijackthis mais impossible de fixer, quand hijack veut bien s'ouvrir la fenêtre ne reste ouverte que 1 ou 2 secondes. Comment arranger ca ?
Je poste le log à la fin.
Ici le scan de virusJotti :
File: msinit.exe
Status: INFECTED/MALWARE
MD5 1e2d6a22e353805749a95ce5834cc208
Packers detected: PESPIN
Scanner results
AntiVir Found Worm/SdBot.55296.32
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found IRC/BackDoor.SdBot.PQH
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found BackDoor.IRC.Sdbot.based
F-Prot Antivirus Found nothing
Fortinet Found W32/SDBot.BJ!bdr
Kaspersky Anti-Virus Found Backdoor.Win32.SdBot.aad
NOD32 Found a variant of IRC/SdBot
Norman Virus Control Found W32/SDBot.VFQ
UNA Found Backdoor.SdBot
VBA32 Found Backdoor.Win32.SdBot.aad
Ici le log Hijackthis :
Logfile of HijackThis v1.99.1
Scan saved at 11:47:20, on 24/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\msinit.exe
C:\winnt\system32\dllcache\FireDaemon.EXE
C:\winnt\system32\dllcache\runbatch.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINNT\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\notepad.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKLM\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - HKCU\..\RunServices: [Microsoft USB2 Support Driver] wmsgui32.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O13 - DefaultPrefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17786f44c678c61cca00/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123662115875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123662477546
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F1A94C-9D94-44E8-B5A0-EB63D8237C03}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
A +
Re,
J'ajoute que quand je veux ouvrir le Gestionnaire des tâches pour stopper un processus, il ne reste ouvert que 1 ou 2 secondes également...peux pas faire grand chose....
a +
J'ajoute que quand je veux ouvrir le Gestionnaire des tâches pour stopper un processus, il ne reste ouvert que 1 ou 2 secondes également...peux pas faire grand chose....
a +
re
fait le hijackthis en mode sans échec
idem pour effacer les fichiers , y comprins le fichier C:\WINNT\msinit.exe qui est infecté
a+
fait le hijackthis en mode sans échec
idem pour effacer les fichiers , y comprins le fichier C:\WINNT\msinit.exe qui est infecté
a+
Re,
au passage ;) salut régis59 et bonnes fêtes à vous deux.
ca a marché en mode sans échec mais à peine redémarré j'ai eu cette alerte avast :
c\winnt\system32\winocx.exe .... infecté
voici le dernier log hijack :
Logfile of HijackThis v1.99.1
Scan saved at 13:18:16, on 24/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Tiny Personal Firewall\persfw.exe
C:\winnt\system32\dllcache\FireDaemon.EXE
C:\winnt\system32\dllcache\runbatch.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cmd.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O13 - DefaultPrefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17786f44c678c61cca00/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123662115875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123662477546
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F1A94C-9D94-44E8-B5A0-EB63D8237C03}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
a +
au passage ;) salut régis59 et bonnes fêtes à vous deux.
ca a marché en mode sans échec mais à peine redémarré j'ai eu cette alerte avast :
c\winnt\system32\winocx.exe .... infecté
voici le dernier log hijack :
Logfile of HijackThis v1.99.1
Scan saved at 13:18:16, on 24/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Tiny Personal Firewall\persfw.exe
C:\winnt\system32\dllcache\FireDaemon.EXE
C:\winnt\system32\dllcache\runbatch.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cmd.exe
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O13 - DefaultPrefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17786f44c678c61cca00/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123662115875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123662477546
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F1A94C-9D94-44E8-B5A0-EB63D8237C03}: NameServer = 80.10.246.1 80.10.246.132
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
a +
re
je ne vois rien de spécial, repasse l'antivirus sur toutes les partitions,
sinon essaie aussi sysclean
http://users.skynet.be/BernieClub/index.html#sysclean
a+ et joyeux noël
je ne vois rien de spécial, repasse l'antivirus sur toutes les partitions,
sinon essaie aussi sysclean
http://users.skynet.be/BernieClub/index.html#sysclean
a+ et joyeux noël
salut
Mauvais mais je voudrais verifier:
Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\winnt\system32\dllcache\FireDaemon.EXE
Clik send et colle le rapport stp
A+
Mauvais mais je voudrais verifier:
Rend toi sur ce site :
http://www.virustotal.com/xhtml/virustotal_en.html
Clik sur parcourir
Recherche ceci :
C:\winnt\system32\dllcache\FireDaemon.EXE
Clik send et colle le rapport stp
A+
Salut,
rapport virustotal :
This is a report processed by VirusTotal on 12/24/2005 at 13:59:40 (CET) after scanning the file "FireDaemon.exe" file.
Antivirus Version Update Result
AntiVir 6.33.0.70 12.23.2005 no virus found
Avast 4.6.695.0 12.24.2005 no virus found
AVG 718 12.23.2005 no virus found
Avira 6.33.0.70 12.23.2005 no virus found
BitDefender 7.2 12.24.2005 no virus found
CAT-QuickHeal 8.00 12.24.2005 RiskWare.RemoteAd (Not a Virus)
ClamAV devel-20051108 12.24.2005 no virus found
DrWeb 4.33 12.24.2005 no virus found
eTrust-Iris 7.1.194.0 12.23.2005 no virus found
eTrust-Vet 12.4.1.0 12.24.2005 no virus found
Fortinet 2.54.0.0 12.24.2005 NMT/FireDaemon
F-Prot 3.16c 12.23.2005 no virus found
Ikarus 0.2.59.0 12.23.2005 no virus found
Kaspersky 4.0.2.24 12.24.2005 not-a-virus:RemoteAdmin.Win32.RA.3826
McAfee 4658 12.23.2005 potentially unwanted program FireDaemon
NOD32v2 1.1338 12.23.2005 Win32/FireDaemon
Norman 5.70.10 12.23.2005 no virus found
Panda 8.02.00 12.24.2005 Application/Firedaemon.A
Sophos 4.01.0 12.23.2005 no virus found
Symantec 8.0 12.24.2005 no virus found
TheHacker 5.9.1.060 12.21.2005 Aplicacion/FireDaemon
VBA32 3.10.5 12.23.2005 RiskWare.RemoteAdmin.RA.3826
C'est vraiment mauvais ?
a+
rapport virustotal :
This is a report processed by VirusTotal on 12/24/2005 at 13:59:40 (CET) after scanning the file "FireDaemon.exe" file.
Antivirus Version Update Result
AntiVir 6.33.0.70 12.23.2005 no virus found
Avast 4.6.695.0 12.24.2005 no virus found
AVG 718 12.23.2005 no virus found
Avira 6.33.0.70 12.23.2005 no virus found
BitDefender 7.2 12.24.2005 no virus found
CAT-QuickHeal 8.00 12.24.2005 RiskWare.RemoteAd (Not a Virus)
ClamAV devel-20051108 12.24.2005 no virus found
DrWeb 4.33 12.24.2005 no virus found
eTrust-Iris 7.1.194.0 12.23.2005 no virus found
eTrust-Vet 12.4.1.0 12.24.2005 no virus found
Fortinet 2.54.0.0 12.24.2005 NMT/FireDaemon
F-Prot 3.16c 12.23.2005 no virus found
Ikarus 0.2.59.0 12.23.2005 no virus found
Kaspersky 4.0.2.24 12.24.2005 not-a-virus:RemoteAdmin.Win32.RA.3826
McAfee 4658 12.23.2005 potentially unwanted program FireDaemon
NOD32v2 1.1338 12.23.2005 Win32/FireDaemon
Norman 5.70.10 12.23.2005 no virus found
Panda 8.02.00 12.24.2005 Application/Firedaemon.A
Sophos 4.01.0 12.23.2005 no virus found
Symantec 8.0 12.24.2005 no virus found
TheHacker 5.9.1.060 12.21.2005 Aplicacion/FireDaemon
VBA32 3.10.5 12.23.2005 RiskWare.RemoteAdmin.RA.3826
C'est vraiment mauvais ?
a+
re,
oui regarde:
CAT-QuickHeal 8.00 12.24.2005 RiskWare.RemoteAd
Fortinet 2.54.0.0 12.24.2005 NMT/FireDaemon
Kaspersky 4.0.2.24 12.24.2005 not-a-virus:RemoteAdmin.Win32.RA.3826
McAfee 4658 12.23.2005 potentially unwanted program FireDaemon
NOD32v2 1.1338 12.23.2005 Win32/FireDaemon
Panda 8.02.00 12.24.2005 Application/Firedaemon.A
TheHacker 5.9.1.060 12.21.2005 Aplicacion/FireDaemon
VBA32 3.10.5 12.23.2005 RiskWare.RemoteAdmin.RA.3826
A gauche, ce sont les noms d infections, a droite, les antivirus qui le considere comme "virus"
Fixe ceci dans hijack this
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
supprime ceci
C:\winnt\system32\dllcache\FireDaemon.EXE
----------------------------------------------------------------------------
¤Arrête ces services :
Clique sur Démarrer->exécuter->tape: services.msc
Double-clique: Service: FireDaemon Service: runbatch
Règle-le sur "Arrêté" et "Désactivé".
----------------------------------------------------------------------------
Redemarre et remet un hijack this
a+
oui regarde:
CAT-QuickHeal 8.00 12.24.2005 RiskWare.RemoteAd
Fortinet 2.54.0.0 12.24.2005 NMT/FireDaemon
Kaspersky 4.0.2.24 12.24.2005 not-a-virus:RemoteAdmin.Win32.RA.3826
McAfee 4658 12.23.2005 potentially unwanted program FireDaemon
NOD32v2 1.1338 12.23.2005 Win32/FireDaemon
Panda 8.02.00 12.24.2005 Application/Firedaemon.A
TheHacker 5.9.1.060 12.21.2005 Aplicacion/FireDaemon
VBA32 3.10.5 12.23.2005 RiskWare.RemoteAdmin.RA.3826
A gauche, ce sont les noms d infections, a droite, les antivirus qui le considere comme "virus"
Fixe ceci dans hijack this
O23 - Service: FireDaemon Service: runbatch (runbatch) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE
supprime ceci
C:\winnt\system32\dllcache\FireDaemon.EXE
----------------------------------------------------------------------------
¤Arrête ces services :
Clique sur Démarrer->exécuter->tape: services.msc
Double-clique: Service: FireDaemon Service: runbatch
Règle-le sur "Arrêté" et "Désactivé".
----------------------------------------------------------------------------
Redemarre et remet un hijack this
a+
Re,
Ok, vu.
J'ai fait tout ça et désactivé Firedaemon là où tu m'as dit, dans l'onglet "général" et aussi "connexion" pour le profil matériel.
Voici le log, qu'en penses tu ? :
Logfile of HijackThis v1.99.1
Scan saved at 14:22:24, on 24/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Tiny Personal Firewall\persfw.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O13 - DefaultPrefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17786f44c678c61cca00/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123662115875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123662477546
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F1A94C-9D94-44E8-B5A0-EB63D8237C03}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe
A+
Ok, vu.
J'ai fait tout ça et désactivé Firedaemon là où tu m'as dit, dans l'onglet "général" et aussi "connexion" pour le profil matériel.
Voici le log, qu'en penses tu ? :
Logfile of HijackThis v1.99.1
Scan saved at 14:22:24, on 24/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Tiny Personal Firewall\persfw.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\Wanadoo\taskbaricon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\taskbaricon.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O13 - DefaultPrefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/17786f44c678c61cca00/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123662115875
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123662477546
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D4F1A94C-9D94-44E8-B5A0-EB63D8237C03}: NameServer = 80.10.246.130 80.10.246.3
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Tiny Personal Firewall (PersFw) - Tiny Software - C:\Program Files\Tiny Personal Firewall\persfw.exe
A+
Re,
c'est ceux là que je dois fixer ?
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe (file missing)
a+
c'est ceux là que je dois fixer ?
O23 - Service: FireDaemon Service: eventsec (eventsec) - Unknown owner - C:\winnt\system32\dllcache\FireDaemon.EXE (file missing)
O23 - Service: msinit (Microsoft Scheduling Agent) - Unknown owner - C:\WINNT\msinit.exe (file missing)
a+
-Bonsoir Quentin,BON NOEL QUAND MEME .
J'ai un probleme(je l'ai expliquer sur le forum logiciel sous le titre "installer skype".J'ai chopper un virus que j'ai mis enquarentaine Je vais essayer de mettreun log hitjactis-
A tout a l'heure
Amitiés Pierre
je suis comme un cep de vigne:
il est tordu mais donne du raisin
J'ai un probleme(je l'ai expliquer sur le forum logiciel sous le titre "installer skype".J'ai chopper un virus que j'ai mis enquarentaine Je vais essayer de mettreun log hitjactis-
A tout a l'heure
Amitiés Pierre
je suis comme un cep de vigne:
il est tordu mais donne du raisin
