Plusieurs virus que je n'arrive pas à élimine
Résolu
bugs83
Messages postés
5
Statut
Membre
-
philae83 Messages postés 12854 Statut Contributeur sécurité -
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour;
Voici mon mes infections sous avast et mon log hyjack this quelqu'un peut il me donner un conseil?
Merci d'avance pour vos conseils éclairés.
Avast:
20/02/2007 10:00:58 Serge 4040 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\csrs.exe" file.
20/02/2007 10:02:34 Serge 4040 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\lssas.exe" file.
20/02/2007 10:02:43 Serge 4040 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\stt.exe" file.
20/02/2007 10:03:42 Serge 4040 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\winmgnt.exe" file.
20/02/2007 10:03:49 Serge 4040 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\msmqins.dll" file.
20/02/2007 10:03:55 Serge 4040 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\csrs.exe" file.
20/02/2007 10:03:59 Serge 4040 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\lssas.exe" file.
20/02/2007 10:04:02 Serge 4040 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\stt.exe" file.
20/02/2007 10:04:04 Serge 4040 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\unpack7.exe\winmgnt.exe" file.
20/02/2007 10:04:06 Serge 4040 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\unpack7.exe\msmqins.dll" file.
20/02/2007 18:24:29 Serge 2628 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\csrs.exe" file.
20/02/2007 18:24:54 Serge 2628 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\lssas.exe" file.
20/02/2007 18:24:57 Serge 2628 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\stt.exe" file.
20/02/2007 18:24:59 Serge 2628 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\winmgnt.exe" file.
20/02/2007 18:25:01 Serge 2628 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\msmqins.dll" file.
20/02/2007 18:25:06 Serge 2628 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\csrs.exe" file.
20/02/2007 18:25:08 Serge 2628 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\lssas.exe" file.
20/02/2007 18:25:12 Serge 2628 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\stt.exe" file.
20/02/2007 18:25:15 Serge 2628 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\unpack7.exe\winmgnt.exe" file.
20/02/2007 18:25:22 Serge 2628 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\unpack7.exe\msmqins.dll" file.
Logfile of HijackThis v1.99.1
Scan saved at 12:58:07, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Serge\Mes documents\Haking\scaner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Voici mon mes infections sous avast et mon log hyjack this quelqu'un peut il me donner un conseil?
Merci d'avance pour vos conseils éclairés.
Avast:
20/02/2007 10:00:58 Serge 4040 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\csrs.exe" file.
20/02/2007 10:02:34 Serge 4040 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\lssas.exe" file.
20/02/2007 10:02:43 Serge 4040 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\stt.exe" file.
20/02/2007 10:03:42 Serge 4040 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\winmgnt.exe" file.
20/02/2007 10:03:49 Serge 4040 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\msmqins.dll" file.
20/02/2007 10:03:55 Serge 4040 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\csrs.exe" file.
20/02/2007 10:03:59 Serge 4040 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\lssas.exe" file.
20/02/2007 10:04:02 Serge 4040 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\stt.exe" file.
20/02/2007 10:04:04 Serge 4040 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\unpack7.exe\winmgnt.exe" file.
20/02/2007 10:04:06 Serge 4040 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\unpack7.exe\msmqins.dll" file.
20/02/2007 18:24:29 Serge 2628 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\csrs.exe" file.
20/02/2007 18:24:54 Serge 2628 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\lssas.exe" file.
20/02/2007 18:24:57 Serge 2628 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\stt.exe" file.
20/02/2007 18:24:59 Serge 2628 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\winmgnt.exe" file.
20/02/2007 18:25:01 Serge 2628 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\tmp~2.exe\unpack7.exe\msmqins.dll" file.
20/02/2007 18:25:06 Serge 2628 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\csrs.exe" file.
20/02/2007 18:25:08 Serge 2628 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\lssas.exe" file.
20/02/2007 18:25:12 Serge 2628 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\stt.exe" file.
20/02/2007 18:25:15 Serge 2628 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\unpack7.exe\winmgnt.exe" file.
20/02/2007 18:25:22 Serge 2628 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\unpack7.exe\msmqins.dll" file.
Logfile of HijackThis v1.99.1
Scan saved at 12:58:07, on 21/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Serge\Mes documents\Haking\scaner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
A voir également:
- Plusieurs virus que je n'arrive pas à élimine
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Virus facebook demande d'amis - Accueil - Facebook
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
10 réponses
Bonjour,
fait un scan antivirus en ligne stp et poste le rapport ici ensuite
https://www.bitdefender.fr/
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.
fait un scan antivirus en ligne stp et poste le rapport ici ensuite
https://www.bitdefender.fr/
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.
Bonjour,
Merci de ta réponse Voici le resultat du scan merci d'avance pour tes conseils.
BitDefender Online Scanner
Scan report generated at: Thu, Feb 22, 2007 - 12:14:50
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
Statistics
Time
02:54:01
Files
899587
Folders
7366
Boot Sectors
4
Archives
11637
Packed Files
127545
Results
Identified Viruses
7
Infected Files
7
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
7
Engines Info
Virus Definitions
389422
Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>csrs.exe
Infected with: Backdoor.Mirc.S
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>csrs.exe
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>csrs.exe
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>lssas.exe
Infected with: Backdoor.FTP.ioFtpd.B
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>lssas.exe
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>lssas.exe
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>stt.exe
Infected with: VirTool.Maxxx.A
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>stt.exe
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>stt.exe
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>es32.dll
Infected with: Backdoor.Irc.Zapchast.BB
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>es32.dll
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>es32.dll
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>msmqins.dll
Infected with: Trojan.Leechpie.B
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>msmqins.dll
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>msmqins.dll
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>ntio40.sys
Infected with: Backdoor.IRC.Zapchast
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>ntio40.sys
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>ntio40.sys
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
D:\Telecharg\hack\iMeshV22.exe=>wise0020
Infected with: Trojan.Freg.A
D:\Telecharg\hack\iMeshV22.exe=>wise0020
Disinfection failed
D:\Telecharg\hack\iMeshV22.exe=>wise0020
Deleted
D:\Telecharg\hack\iMeshV22.exe
Update failed
Merci de ta réponse Voici le resultat du scan merci d'avance pour tes conseils.
BitDefender Online Scanner
Scan report generated at: Thu, Feb 22, 2007 - 12:14:50
Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
Statistics
Time
02:54:01
Files
899587
Folders
7366
Boot Sectors
4
Archives
11637
Packed Files
127545
Results
Identified Viruses
7
Infected Files
7
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
7
Engines Info
Virus Definitions
389422
Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)
Scan plugins
14
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>csrs.exe
Infected with: Backdoor.Mirc.S
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>csrs.exe
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>csrs.exe
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>lssas.exe
Infected with: Backdoor.FTP.ioFtpd.B
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>lssas.exe
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>lssas.exe
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>stt.exe
Infected with: VirTool.Maxxx.A
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>stt.exe
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>stt.exe
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>es32.dll
Infected with: Backdoor.Irc.Zapchast.BB
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>es32.dll
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>es32.dll
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>msmqins.dll
Infected with: Trojan.Leechpie.B
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>msmqins.dll
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>msmqins.dll
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>ntio40.sys
Infected with: Backdoor.IRC.Zapchast
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>ntio40.sys
Disinfection failed
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)=>ntio40.sys
Deleted
C:\WINDOWS\system32\unpack7.exe=>(RAR Sfx o)
Update failed
D:\Telecharg\hack\iMeshV22.exe=>wise0020
Infected with: Trojan.Freg.A
D:\Telecharg\hack\iMeshV22.exe=>wise0020
Disinfection failed
D:\Telecharg\hack\iMeshV22.exe=>wise0020
Deleted
D:\Telecharg\hack\iMeshV22.exe
Update failed
Bonsoir,
Merci pour ta réponse mais bit def n'as rien supprimé Tj les entrées
22/02/2007 20:41:51 Serge 2560 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\csrs.exe" file.
22/02/2007 20:42:01 Serge 2560 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\lssas.exe" file.
22/02/2007 20:42:04 Serge 2560 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\stt.exe" file.
22/02/2007 20:42:07 Serge 2560 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\unpack7.exe\winmgnt.exe" file.
22/02/2007 20:42:10 Serge 2560 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\unpack7.exe\msmqins.dll" file.
Avec avast faut il un nouveau log hyjackthis?
comment supprimer les virus manuellement?
seraije obligé de reformater?
Merc d'avance
Merci pour ta réponse mais bit def n'as rien supprimé Tj les entrées
22/02/2007 20:41:51 Serge 2560 Sign of "Win32:Trojano-1640 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\csrs.exe" file.
22/02/2007 20:42:01 Serge 2560 Sign of "Win32:Trojano-794 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\lssas.exe" file.
22/02/2007 20:42:04 Serge 2560 Sign of "Win32:Trojano-793 [Trj]" has been found in "C:\WINDOWS\system32\unpack7.exe\stt.exe" file.
22/02/2007 20:42:07 Serge 2560 Sign of "Win32:Trojan-gen. {VC}" has been found in "C:\WINDOWS\system32\unpack7.exe\winmgnt.exe" file.
22/02/2007 20:42:10 Serge 2560 Sign of "VBS:Malware [Gen]" has been found in "C:\WINDOWS\system32\unpack7.exe\msmqins.dll" file.
Avec avast faut il un nouveau log hyjackthis?
comment supprimer les virus manuellement?
seraije obligé de reformater?
Merc d'avance
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir,
non on ne formate pas pour si peu.
* Assure toi d'avoir accès à tous les fichiers
-démarrer
-poste de travail ou autre dossier
-menu outils
-options de dossier
-onglet affichage
puis
- activer la case : Afficher les fichiers et dossiers cachés
- désactiver la case : Masquer les extensions des fichiers dont le type est connu
- désactiver la case : Masquer les fichier protégés du système d'exploitation
Puis - Appliquer
* et Supprime le(s) fichier(s) ci dessous si il(s) est (sont) présent(s) :
C:\WINDOWS\system32\unpack7.exe
* Dans l'Explorateur Windows recache les fichiers système afin de ne pas faire d'erreur à l'avenir. Retourne à la fenêtre Paramètres de dossiers et sélectionne Ne pas afficher les fichiers cachés ou les fichiers système
si résistance, essaye en mode sans échec
reposte un rapport Hijackthis également.
non on ne formate pas pour si peu.
* Assure toi d'avoir accès à tous les fichiers
-démarrer
-poste de travail ou autre dossier
-menu outils
-options de dossier
-onglet affichage
puis
- activer la case : Afficher les fichiers et dossiers cachés
- désactiver la case : Masquer les extensions des fichiers dont le type est connu
- désactiver la case : Masquer les fichier protégés du système d'exploitation
Puis - Appliquer
* et Supprime le(s) fichier(s) ci dessous si il(s) est (sont) présent(s) :
C:\WINDOWS\system32\unpack7.exe
* Dans l'Explorateur Windows recache les fichiers système afin de ne pas faire d'erreur à l'avenir. Retourne à la fenêtre Paramètres de dossiers et sélectionne Ne pas afficher les fichiers cachés ou les fichiers système
si résistance, essaye en mode sans échec
reposte un rapport Hijackthis également.
Bonjour,
J'hésitai à supprimer ce fichier manuellement mais je vien de le faire sur tes conseils.
Ci dessous le log HijackThis .
Logfile of HijackThis v1.99.1
Scan saved at 10:26:26, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Serge\Mes documents\Haking\scaner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Y a il des entrées à fixer ou supprimer?
merci de tes conseils.
J'hésitai à supprimer ce fichier manuellement mais je vien de le faire sur tes conseils.
Ci dessous le log HijackThis .
Logfile of HijackThis v1.99.1
Scan saved at 10:26:26, on 24/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\ImageStudio\LowLight.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Plextor\PlexTool.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\Serge\Mes documents\Haking\scaner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NVCLOCK] rundll32 nvclock.dll,fnNvclock
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PlexTools Professional.lnk = C:\Program Files\Plextor\PlexTool.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Y a il des entrées à fixer ou supprimer?
merci de tes conseils.
lance hijackthis, coche et fixe ces lignes :
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
et désactive AVG si tu as trojan scanner. Inutile d'avoir 2 antispywares en résident.
encore des soucis ?
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
et désactive AVG si tu as trojan scanner. Inutile d'avoir 2 antispywares en résident.
encore des soucis ?
Merci de tes conseils je vien de retirer les lignes indiquées.
Merci pour tout le problème a l'air résolu.
Par contre mon disque D vien de claquer un drole de bruit répétitif et qui empéche vraisemblablement la lecture mais ce n'est pas le bon forum pour en parler.
merci encore pour tes conseils éclairés.
Merci pour tout le problème a l'air résolu.
Par contre mon disque D vien de claquer un drole de bruit répétitif et qui empéche vraisemblablement la lecture mais ce n'est pas le bon forum pour en parler.
merci encore pour tes conseils éclairés.
