Analyse hijack this s'il vous plait
julo67190
Messages postés
6
Statut
Membre
-
salwa5 Messages postés 7552 Statut Contributeur -
salwa5 Messages postés 7552 Statut Contributeur -
bonjour pourriez vous m'aider s'il vous plait
je vous remercie d'avance
Logfile of HijackThis v1.99.1
Scan saved at 20:10:16, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\chantal\LOCALS~1\Temp\1exinjs.r.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\chantal\Mes documents\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E2DE7C5B74442C3DC3 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\Casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://jpjuen.myvnc.com/tsweb/msrdp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing)
je vous remercie d'avance
Logfile of HijackThis v1.99.1
Scan saved at 20:10:16, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\chantal\LOCALS~1\Temp\1exinjs.r.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\chantal\Mes documents\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: TVEngine Helper /fleok=1D8A83A5C2E6107C91A475760EA83FA5EF80752B94E2DE7C5B74442C3DC3 - {4B18DD50-C996-44fc-AC52-0FECFF82ED58} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxmk570YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Casino-on-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\Casino.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin7.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version=
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://jpjuen.myvnc.com/tsweb/msrdp.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing)
A voir également:
- Analyse hijack this s'il vous plait
- Hijack this - Télécharger - Antivirus & Antimalwares
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Analyse performance pc - Guide
- Analyse et réparation disque dur externe - Guide
5 réponses
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
a+++
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
a+++
merci pour ta réponse après les infos que tu m'a donné voila ce que j'obtiens :
Logfile of HijackThis v1.99.1
Scan saved at 08:50:53, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\chantal\Mes documents\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 08:50:53, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\chantal\Mes documents\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing)
bonjour esque tu peu mettre le raport sdfix tu le trouvera dans le dossier sdfix qui est sur ton bureau met aussi un autre raport hijackthis car celui ci est incomplet
a+++
a+++
voici les deux rapport que tu m'a demander je te remercie
aSophos Anti-Virus
Version 4.12.0 [Win32/Intel]
Virus data version 4.12, December 2006
Includes detection for 202043 viruses, trojans and worms
Copyright (c) 1989-2006 Sophos Plc, www.sophos.com
System time 21:05:27, System date 01 December 2006
Command line qualifiers are: -f -remove -nc -nb --stop-scan
IDE directory is: C:\SDFix\IDE
Using IDE file strat-bo.ide
Using IDE file dref-o.ide
Using IDE file legmi-yy.idea
Using IDE file rbot-fuo.ide
Using IDE file vanity-a.ide
Using IDE file tileb-fy.ide
Using IDE file bckd-pnp.ide
Using IDE file agnt-dgy.ide
Using IDE file tibs-pf.ide
Using IDE file stex-a.ide
Using IDE file bancb-oj.ide
Using IDE file rbot-fus.ide
Using IDE file looke-ar.ide
Using IDE file line-aeh.ide
Using IDE file pitcom-c.ide
Using IDE file levona-b.ide
Using IDE file ds061113.ide
Using IDE file dropp-ma.ide
Using IDE file pardon-a.ide
Using IDE file sniffe-m.ide
Using IDE file tileb-hx.ide
Using IDE file delspy-e.ide
Using IDE file banc-api.ide
Using IDE file psyme-dd.ide
Using IDE file clagg-aj.ide
Using IDE file ldpin-op.ide
Using IDE file proxy-eu.ide
Using IDE file winspy-l.ide
Using IDE file ds061115.ide
Using IDE file mona-b.ide
Using IDE file banl-aqv.ide
Using IDE file ds061116.ide
Using IDE file qqpa-akl.ide
Using IDE file ntroo-av.ide
Using IDE file batkil-a.ide
Using IDE file zlob-nw.ide
Using IDE file tileb-hn.ide
Using IDE file backdr-c.ide
Using IDE file dwnl-fvg.ide
Using IDE file silly-e.ide
Using IDE file rbot-fvz.ide
Using IDE file rungbu-c.ide
Using IDE file looke-av.ide
Using IDE file rbot-fwl.ide
Using IDE file nebul-m.ide
Using IDE file rbot-fwm.ide
Using IDE file strd-gen.ide
Using IDE file strat-bq.ide
Using IDE file vb-crj.ide
Using IDE file clagg-ak.ide
Using IDE file look-ax.ide
Using IDE file vixup-bz.ide
Using IDE file qqro-aba.ide
Using IDE file pardon-b.ide
Using IDE file looke-a.ide
Using IDE file looke-ay.ide
Using IDE file dloadaqk.ide
Using IDE file line-aeg.ide
Using IDE file medbot-b.ide
Using IDE file looke-aq.ide
Using IDE file bronto-m.ide
Using IDE file dloa-apl.ide
Using IDE file zlobat.ide
Using IDE file strat-ak.ide
Using IDE file adloa-kb.ide
Using IDE file clagg-al.ide
Using IDE file dload-yt.ide
Using IDE file clagg-am.ide
Using IDE file sdbo-cuj.ide
Using IDE file looke-az.ide
Using IDE file line-aeo.ide
Using IDE file wow-aj.ide
Using IDE file dnsbus-n.ide
Using IDE file nebule-n.ide
Using IDE file rbot-fwy.ide
Using IDE file zlob-wp.ide
Using IDE file strat-bv.ide
Using IDE file ds061127.ide
Using IDE file codeba-u.ide
Using IDE file zlob-wq.ide
Using IDE file feebszip.ide
Using IDE file strat-al.ide
Using IDE file strat-aj.ide
Using IDE file dloa-akq.ide
Using IDE file ds061128.ide
Using IDE file agen-dsf.ide
Using IDE file dloa-aqn.ide
Using IDE file strat-cd.ide
Using IDE file clagg-an.ide
Using IDE file mytob-if.ide
Using IDE file look-ba.ide
Using IDE file spake-a.ide
Using IDE file zlob-wt.ide
Using IDE file limpne-a.ide
Using IDE file rjump-h.ide
Using IDE file sohana-b.ide
Using IDE file newurg-a.ide
Using IDE file star-bda.ide
Using IDE file paprox-d.ide
Using IDE file dref-q.ide
Using IDE file dloa-aqs.ide
Using IDE file ds061130.ide
Using IDE file bckd-pqp.ide
Using IDE file bagle-qs.ide
Using IDE file strat-cf.ide
Using IDE file looke-bb.ide
Using IDE file nesht-a.ide
Using IDE file qqro-abd.ide
Using IDE file baglezip.ide
Using IDE file bagle-qt.ide
Full Scanning
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\All Users\Documents\setup.exe
Removal successful
Password protected file C:\Documents and Settings\chantal\Application Data\Adobe\Acrobat\6.0\Messages\FRA\read0600win_FRAadbe0040c.pdf
Password protected file C:\Documents and Settings\chantal\Application Data\Adobe\Acrobat\6.0\Messages\FRA\read0600win_FRAyhoo0010c.pdf
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\10exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\11exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\13exssd32.r.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\17exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\22exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\25exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\27exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\2exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\34exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\36exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\38exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\38exssd32.r.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\40exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\41exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\45exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\53exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\55exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\58exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\69exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\70exssd32.r.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\77exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\78exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\86exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\87exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\96exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\setup.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Tempsetup.exe
Removal successful
Password protected file C:\Documents and Settings\katy\Application Data\Adobe\Acrobat\6.0\Messages\FRA\read0600win_FRAadbe0040b.pdf
Password protected file C:\Documents and Settings\katy\Application Data\Adobe\Acrobat\6.0\Messages\FRA\read0600win_FRAyhoo0010b.pdf
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\katy\Local Settings\Temp\8exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\katy\Local Settings\Temp\setup.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\katy\Local Settings\Tempsetup.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\laurent\Local Settings\Temp\93exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\laurent\Local Settings\Temp\setup.exe
Removal successful
Could not open C:\hiberfil.sys
Password protected file C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\ENU\RdrMsgENU.pdf
Password protected file C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\RdrMsgSplash.pdf
Password protected file C:\Program Files\Adobe\Acrobat 7.0\Reader\WebSearch\WebSearchENU.pdf
>>> Virus 'Mal/Behav-080' found in file C:\setup.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP487\A0059365.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP490\A0060565.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP490\A0060567.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP490\A0060658.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP490\A0060660.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP491\A0061979.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP491\A0061981.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP491\A0061994.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP491\A0061996.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP491\A0062994.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP491\A0062996.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0063235.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0063237.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0064236.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0064238.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0065428.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0065430.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0065475.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0065476.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0065479.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\WINDOWS\system\smss.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\WINDOWS\system32\spool\drivers\setup.exe
Removal successful
1 boot sector swept.
42057 files swept in 39 minutes and 12 seconds.
8 errors were encountered.
56 viruses were discovered.
56 files out of 42057 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
7 encrypted files were not checked.
Ending Sophos Anti-Virus.
Logfile of HijackThis v1.99.1
Scan saved at 13:43:24, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\chantal\Mes documents\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing)
aSophos Anti-Virus
Version 4.12.0 [Win32/Intel]
Virus data version 4.12, December 2006
Includes detection for 202043 viruses, trojans and worms
Copyright (c) 1989-2006 Sophos Plc, www.sophos.com
System time 21:05:27, System date 01 December 2006
Command line qualifiers are: -f -remove -nc -nb --stop-scan
IDE directory is: C:\SDFix\IDE
Using IDE file strat-bo.ide
Using IDE file dref-o.ide
Using IDE file legmi-yy.idea
Using IDE file rbot-fuo.ide
Using IDE file vanity-a.ide
Using IDE file tileb-fy.ide
Using IDE file bckd-pnp.ide
Using IDE file agnt-dgy.ide
Using IDE file tibs-pf.ide
Using IDE file stex-a.ide
Using IDE file bancb-oj.ide
Using IDE file rbot-fus.ide
Using IDE file looke-ar.ide
Using IDE file line-aeh.ide
Using IDE file pitcom-c.ide
Using IDE file levona-b.ide
Using IDE file ds061113.ide
Using IDE file dropp-ma.ide
Using IDE file pardon-a.ide
Using IDE file sniffe-m.ide
Using IDE file tileb-hx.ide
Using IDE file delspy-e.ide
Using IDE file banc-api.ide
Using IDE file psyme-dd.ide
Using IDE file clagg-aj.ide
Using IDE file ldpin-op.ide
Using IDE file proxy-eu.ide
Using IDE file winspy-l.ide
Using IDE file ds061115.ide
Using IDE file mona-b.ide
Using IDE file banl-aqv.ide
Using IDE file ds061116.ide
Using IDE file qqpa-akl.ide
Using IDE file ntroo-av.ide
Using IDE file batkil-a.ide
Using IDE file zlob-nw.ide
Using IDE file tileb-hn.ide
Using IDE file backdr-c.ide
Using IDE file dwnl-fvg.ide
Using IDE file silly-e.ide
Using IDE file rbot-fvz.ide
Using IDE file rungbu-c.ide
Using IDE file looke-av.ide
Using IDE file rbot-fwl.ide
Using IDE file nebul-m.ide
Using IDE file rbot-fwm.ide
Using IDE file strd-gen.ide
Using IDE file strat-bq.ide
Using IDE file vb-crj.ide
Using IDE file clagg-ak.ide
Using IDE file look-ax.ide
Using IDE file vixup-bz.ide
Using IDE file qqro-aba.ide
Using IDE file pardon-b.ide
Using IDE file looke-a.ide
Using IDE file looke-ay.ide
Using IDE file dloadaqk.ide
Using IDE file line-aeg.ide
Using IDE file medbot-b.ide
Using IDE file looke-aq.ide
Using IDE file bronto-m.ide
Using IDE file dloa-apl.ide
Using IDE file zlobat.ide
Using IDE file strat-ak.ide
Using IDE file adloa-kb.ide
Using IDE file clagg-al.ide
Using IDE file dload-yt.ide
Using IDE file clagg-am.ide
Using IDE file sdbo-cuj.ide
Using IDE file looke-az.ide
Using IDE file line-aeo.ide
Using IDE file wow-aj.ide
Using IDE file dnsbus-n.ide
Using IDE file nebule-n.ide
Using IDE file rbot-fwy.ide
Using IDE file zlob-wp.ide
Using IDE file strat-bv.ide
Using IDE file ds061127.ide
Using IDE file codeba-u.ide
Using IDE file zlob-wq.ide
Using IDE file feebszip.ide
Using IDE file strat-al.ide
Using IDE file strat-aj.ide
Using IDE file dloa-akq.ide
Using IDE file ds061128.ide
Using IDE file agen-dsf.ide
Using IDE file dloa-aqn.ide
Using IDE file strat-cd.ide
Using IDE file clagg-an.ide
Using IDE file mytob-if.ide
Using IDE file look-ba.ide
Using IDE file spake-a.ide
Using IDE file zlob-wt.ide
Using IDE file limpne-a.ide
Using IDE file rjump-h.ide
Using IDE file sohana-b.ide
Using IDE file newurg-a.ide
Using IDE file star-bda.ide
Using IDE file paprox-d.ide
Using IDE file dref-q.ide
Using IDE file dloa-aqs.ide
Using IDE file ds061130.ide
Using IDE file bckd-pqp.ide
Using IDE file bagle-qs.ide
Using IDE file strat-cf.ide
Using IDE file looke-bb.ide
Using IDE file nesht-a.ide
Using IDE file qqro-abd.ide
Using IDE file baglezip.ide
Using IDE file bagle-qt.ide
Full Scanning
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\All Users\Documents\setup.exe
Removal successful
Password protected file C:\Documents and Settings\chantal\Application Data\Adobe\Acrobat\6.0\Messages\FRA\read0600win_FRAadbe0040c.pdf
Password protected file C:\Documents and Settings\chantal\Application Data\Adobe\Acrobat\6.0\Messages\FRA\read0600win_FRAyhoo0010c.pdf
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\10exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\11exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\13exssd32.r.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\17exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\22exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\25exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\27exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\2exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\34exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\36exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\38exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\38exssd32.r.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\40exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\41exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\45exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\53exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\55exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\58exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\69exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\70exssd32.r.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\77exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\78exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\86exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\87exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\96exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Temp\setup.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\chantal\Local Settings\Tempsetup.exe
Removal successful
Password protected file C:\Documents and Settings\katy\Application Data\Adobe\Acrobat\6.0\Messages\FRA\read0600win_FRAadbe0040b.pdf
Password protected file C:\Documents and Settings\katy\Application Data\Adobe\Acrobat\6.0\Messages\FRA\read0600win_FRAyhoo0010b.pdf
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\katy\Local Settings\Temp\8exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\katy\Local Settings\Temp\setup.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\katy\Local Settings\Tempsetup.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\laurent\Local Settings\Temp\93exssd32.q.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\Documents and Settings\laurent\Local Settings\Temp\setup.exe
Removal successful
Could not open C:\hiberfil.sys
Password protected file C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\ENU\RdrMsgENU.pdf
Password protected file C:\Program Files\Adobe\Acrobat 7.0\Reader\Messages\RdrMsgSplash.pdf
Password protected file C:\Program Files\Adobe\Acrobat 7.0\Reader\WebSearch\WebSearchENU.pdf
>>> Virus 'Mal/Behav-080' found in file C:\setup.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP487\A0059365.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP490\A0060565.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP490\A0060567.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP490\A0060658.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP490\A0060660.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP491\A0061979.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP491\A0061981.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP491\A0061994.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP491\A0061996.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP491\A0062994.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP491\A0062996.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0063235.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0063237.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0064236.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0064238.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0065428.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0065430.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0065475.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0065476.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP492\A0065479.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\WINDOWS\system\smss.exe
Removal successful
>>> Virus 'Mal/Behav-080' found in file C:\WINDOWS\system32\spool\drivers\setup.exe
Removal successful
1 boot sector swept.
42057 files swept in 39 minutes and 12 seconds.
8 errors were encountered.
56 viruses were discovered.
56 files out of 42057 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email support@sophos.com
or telephone +44 1235 559933
7 encrypted files were not checked.
Ending Sophos Anti-Virus.
Logfile of HijackThis v1.99.1
Scan saved at 13:43:24, on 02/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UltraVNC\winvnc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\chantal\Mes documents\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\winvnc.exe" -service (file missing)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok ton log est propre mais tu deverais activer avast antivirus c'est tres important !!
pour plus de securité je te conseille d'installer un parefeu
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
tuto
https://forums.cnetfrance.fr
telecharge et execute regulierement ces antispywares ( pense a les mettre a jour avant de les lancées)
(1) ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
(2) spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
ps : un grand merci a balltrap pour les lien :)
(3) AVG anti spyware
https://www.01net.com/telecharger/
Copier/coller le rapport entier sur le forum. (n'oublie pas de le mettre a jour avant de lancer le scan)
NB suis les instruction du tutoriel
http://www.malekal.com/tutorial_AVG_AntiSpyware.html
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
supprime les fichiers inutiles (fichiers temporaire , cookies .. ect avec ceci
Ccleaner
https://www.malekal.com/tutoriel-ccleaner/
voila :)
a+++
pour plus de securité je te conseille d'installer un parefeu
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
tuto
https://forums.cnetfrance.fr
telecharge et execute regulierement ces antispywares ( pense a les mettre a jour avant de les lancées)
(1) ad-aware version 1.06
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
(2) spybot version 1.4
(ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
voir demo d utilisation
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
ps : un grand merci a balltrap pour les lien :)
(3) AVG anti spyware
https://www.01net.com/telecharger/
Copier/coller le rapport entier sur le forum. (n'oublie pas de le mettre a jour avant de lancer le scan)
NB suis les instruction du tutoriel
http://www.malekal.com/tutorial_AVG_AntiSpyware.html
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
supprime les fichiers inutiles (fichiers temporaire , cookies .. ect avec ceci
Ccleaner
https://www.malekal.com/tutoriel-ccleaner/
voila :)
a+++
