Pc plein de trojans et autres malwares
zenzizen
-
philae83 Messages postés 12854 Statut Contributeur sécurité -
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour tout le monde.
Mon Pc est infesté de trojans .pop ups, progarmmes qui veulent se telecharger tout seuls.c'est un ballet infernal et .impossible de m'en debarrasser. Bit defender, antivir, adaware les detecte mais ne peut pas les enlever. Voici le log de hijackthis:
et Merci de votre aide.
Logfile of HijackThis v1.99.1
Scan saved at 17:39:58, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\Fichiers communs\AOL\1171749235\ee\AOLSoftware.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\eNM\eNMTray.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\program files\softwin\bitdefender9\bdmcon.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\Dominique\Bureau\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9f2fff42-0f2d-41d7-921f-a37e0d8fe3dd} - C:\WINDOWS\system32\inetntl.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\tmpB0.tmp.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\program files\softwin\bitdefender9\bdswitch.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1171749235\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\awwxyx.dll",setvm
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eNMTray.exe] c:\Acer\eNM\eNMTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Fichiers communs\AOL\Launch\AOLLaunch.exe" /d locale=en-GB ee://aol/imApp
O4 - HKCU\..\Run: [Spam Bully for Outlook Express] "C:\Program Files\Axaware\Spam Bully 2 for OE\oespambully.exe" install
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: inetntl - C:\WINDOWS\SYSTEM32\inetntl.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Mon Pc est infesté de trojans .pop ups, progarmmes qui veulent se telecharger tout seuls.c'est un ballet infernal et .impossible de m'en debarrasser. Bit defender, antivir, adaware les detecte mais ne peut pas les enlever. Voici le log de hijackthis:
et Merci de votre aide.
Logfile of HijackThis v1.99.1
Scan saved at 17:39:58, on 20/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\program files\softwin\bitdefender9\bdnagent.exe
C:\program files\softwin\bitdefender9\bdswitch.exe
C:\Program Files\Fichiers communs\AOL\1171749235\ee\AOLSoftware.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\eNM\eNMTray.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
c:\program files\softwin\bitdefender9\bdmcon.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\Dominique\Bureau\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {9f2fff42-0f2d-41d7-921f-a37e0d8fe3dd} - C:\WINDOWS\system32\inetntl.dll
O2 - BHO: (no name) - {E03C740E-BB24-4d3c-B92A-6F84DE1DD99C} - C:\WINDOWS\system32\tmpB0.tmp.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "c:\program files\softwin\bitdefender9\bdswitch.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1171749235\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Fichiers communs\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\awwxyx.dll",setvm
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eNMTray.exe] c:\Acer\eNM\eNMTray.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Fichiers communs\AOL\Launch\AOLLaunch.exe" /d locale=en-GB ee://aol/imApp
O4 - HKCU\..\Run: [Spam Bully for Outlook Express] "C:\Program Files\Axaware\Spam Bully 2 for OE\oespambully.exe" install
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: inetntl - C:\WINDOWS\SYSTEM32\inetntl.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
A voir également:
- Pc plein de trojans et autres malwares
- Reinitialiser pc - Guide
- Pc lent - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
3 réponses
Merci de la réponse
Bit defender est l' antivirus+firewall+antispam que j'utilise mais comme il ne detectait pas tous les spywares et virus, j'ai re-scanné avec Antivir qui, lui, a detecté et localisé les problèmes ( les pop up sont soit de sites porn. de winfixer et autres logiciels , pc cleaner etc..)
je viens de refaire un scan complet en mode sans echec et Bit defender cette fois a bien detecte les programmes en question mais les a mis en quarantaine à défaut de pouvoir les détruire.
pour le moment, je ne suis plus embêtée...je croise les doigts
................
Scan log BitDefender:
Product: BitDefender 9 Professional Plus
// Version: 9.5
//
// Created on: 20/02/2007 20:50:18
//
//-----------------------------------------------------------------
Virus Statistics
Scan path : C:\
Folders : 5140
Files : 368798
Archives : 20794
Packed files : 32714
Identified viruses : 5
Infected files : 15
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 15
Renamed files : 0
I/O errors : 26
Scan time : 01:03:33
Scan speed (files/sec) : 96
Spyware Statistics
Memory processes scanned : 48
Memory processes infected : 0
Registry keys scanned : 1689
Registry keys infected : 0
Cookies scanned : 50
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0
Virus definitions : 424839
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1172001018.log
Spyware scan options
[X] Memory Processes
[X] Registry keys
[X] Cookies
Summary:
C:\WINDOWS\system32\tmp3A.tmp.dll Infected: MemScan:Trojan.Juan.F
C:\WINDOWS\system32\tmp3A.tmp.dll Disinfection failed
C:\WINDOWS\system32\tmp3A.tmp.dll Moved
C:\WINDOWS\system32\tmpB0.tmp.dll Infected: MemScan:Trojan.Juan.F
C:\WINDOWS\system32\tmpB0.tmp.dll Disinfection failed
C:\WINDOWS\system32\tmpB0.tmp.dll Moved
C:\Documents and Settings\Dominique\Local Settings\Temp\ti7yzwde.exe Detected: Application.DriveCleaner.F
C:\Documents and Settings\Dominique\Local Settings\Temp\ti7yzwde.exe Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Temp\ti7yzwde.exe Moved
C:\Documents and Settings\Dominique\Local Settings\Temp\vkwjqi39.exe Infected: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Dominique\Local Settings\Temp\vkwjqi39.exe Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Temp\vkwjqi39.exe Moved
C:\Documents and Settings\Dominique\Local Settings\Temp\nfpu784o.exe Infected: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Dominique\Local Settings\Temp\nfpu784o.exe Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Temp\nfpu784o.exe Moved
C:\Documents and Settings\Dominique\Local Settings\Temp\41lkun4b.exe Infected: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Dominique\Local Settings\Temp\41lkun4b.exe Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Temp\41lkun4b.exe Moved
C:\Documents and Settings\Dominique\Local Settings\Temp\wc6ly3wl.exe Detected: Adware.Winfixer.G
C:\Documents and Settings\Dominique\Local Settings\Temp\wc6ly3wl.exe Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Temp\wc6ly3wl.exe Moved
C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\2EDSY9X9\cr_obj[1].htm Infected: Generic.XPL.ADODB.71D635A5
C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\2EDSY9X9\cr_obj[1].htm Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\2EDSY9X9\cr_obj[1].htm Moved
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\B23E4567d01 Infected: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\B23E4567d01 Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\B23E4567d01 Moved
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\A23E4567d01 Infected: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\A23E4567d01 Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\A23E4567d01 Moved
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\069CD5C0d01 Detected: Adware.Winfixer.G
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\069CD5C0d01 Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\069CD5C0d01 Moved
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache\DAF1E752d01 Detected: Application.DriveCleaner.F
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache\DAF1E752d01 Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache\DAF1E752d01 Moved
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache\FEA38D99d01 Infected: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache\FEA38D99d01 Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache\FEA38D99d01 Moved
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP104\A0040069.dll Infected: MemScan:Trojan.Juan.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP104\A0040069.dll Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP104\A0040069.dll Moved
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP104\A0040070.dll Infected: MemScan:Trojan.Juan.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP104\A0040070.dll Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP104\A0040070.dll Moved
Bit defender est l' antivirus+firewall+antispam que j'utilise mais comme il ne detectait pas tous les spywares et virus, j'ai re-scanné avec Antivir qui, lui, a detecté et localisé les problèmes ( les pop up sont soit de sites porn. de winfixer et autres logiciels , pc cleaner etc..)
je viens de refaire un scan complet en mode sans echec et Bit defender cette fois a bien detecte les programmes en question mais les a mis en quarantaine à défaut de pouvoir les détruire.
pour le moment, je ne suis plus embêtée...je croise les doigts
................
Scan log BitDefender:
Product: BitDefender 9 Professional Plus
// Version: 9.5
//
// Created on: 20/02/2007 20:50:18
//
//-----------------------------------------------------------------
Virus Statistics
Scan path : C:\
Folders : 5140
Files : 368798
Archives : 20794
Packed files : 32714
Identified viruses : 5
Infected files : 15
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 0
Copied files : 0
Moved files : 15
Renamed files : 0
I/O errors : 26
Scan time : 01:03:33
Scan speed (files/sec) : 96
Spyware Statistics
Memory processes scanned : 48
Memory processes infected : 0
Registry keys scanned : 1689
Registry keys infected : 0
Cookies scanned : 50
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0
Virus definitions : 424839
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1172001018.log
Spyware scan options
[X] Memory Processes
[X] Registry keys
[X] Cookies
Summary:
C:\WINDOWS\system32\tmp3A.tmp.dll Infected: MemScan:Trojan.Juan.F
C:\WINDOWS\system32\tmp3A.tmp.dll Disinfection failed
C:\WINDOWS\system32\tmp3A.tmp.dll Moved
C:\WINDOWS\system32\tmpB0.tmp.dll Infected: MemScan:Trojan.Juan.F
C:\WINDOWS\system32\tmpB0.tmp.dll Disinfection failed
C:\WINDOWS\system32\tmpB0.tmp.dll Moved
C:\Documents and Settings\Dominique\Local Settings\Temp\ti7yzwde.exe Detected: Application.DriveCleaner.F
C:\Documents and Settings\Dominique\Local Settings\Temp\ti7yzwde.exe Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Temp\ti7yzwde.exe Moved
C:\Documents and Settings\Dominique\Local Settings\Temp\vkwjqi39.exe Infected: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Dominique\Local Settings\Temp\vkwjqi39.exe Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Temp\vkwjqi39.exe Moved
C:\Documents and Settings\Dominique\Local Settings\Temp\nfpu784o.exe Infected: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Dominique\Local Settings\Temp\nfpu784o.exe Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Temp\nfpu784o.exe Moved
C:\Documents and Settings\Dominique\Local Settings\Temp\41lkun4b.exe Infected: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Dominique\Local Settings\Temp\41lkun4b.exe Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Temp\41lkun4b.exe Moved
C:\Documents and Settings\Dominique\Local Settings\Temp\wc6ly3wl.exe Detected: Adware.Winfixer.G
C:\Documents and Settings\Dominique\Local Settings\Temp\wc6ly3wl.exe Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Temp\wc6ly3wl.exe Moved
C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\2EDSY9X9\cr_obj[1].htm Infected: Generic.XPL.ADODB.71D635A5
C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\2EDSY9X9\cr_obj[1].htm Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Temporary Internet Files\Content.IE5\2EDSY9X9\cr_obj[1].htm Moved
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\B23E4567d01 Infected: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\B23E4567d01 Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\B23E4567d01 Moved
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\A23E4567d01 Infected: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\A23E4567d01 Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\A23E4567d01 Moved
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\069CD5C0d01 Detected: Adware.Winfixer.G
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\069CD5C0d01 Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache.Trash\Trash\Cache\069CD5C0d01 Moved
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache\DAF1E752d01 Detected: Application.DriveCleaner.F
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache\DAF1E752d01 Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache\DAF1E752d01 Moved
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache\FEA38D99d01 Infected: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache\FEA38D99d01 Disinfection failed
C:\Documents and Settings\Dominique\Local Settings\Application Data\Mozilla\Firefox\Profiles\dpm63lfl.default\Cache\FEA38D99d01 Moved
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP104\A0040069.dll Infected: MemScan:Trojan.Juan.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP104\A0040069.dll Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP104\A0040069.dll Moved
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP104\A0040070.dll Infected: MemScan:Trojan.Juan.F
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP104\A0040070.dll Disinfection failed
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP104\A0040070.dll Moved
merci, je m'en doutais un peu, mais alors retire antivir du démarrage, pour le moment tu en as 2 en résident, ce n'est pas bon.
* Télécharge Blacklight
https://europe.f-secure.com/exclude/blacklight/index.shtml
(de F-Secure)
(le premier de la page)
Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence;
clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse.
NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
car des fichiers légitimes peuvent être présents, tel wbemtest.exe
* Télécharge Blacklight
https://europe.f-secure.com/exclude/blacklight/index.shtml
(de F-Secure)
(le premier de la page)
Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence;
clique Scan puis Next
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse.
NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
car des fichiers légitimes peuvent être présents, tel wbemtest.exe
