VIRUS WIN32 bzud-DA
sonic730
Messages postés
31
Statut
Membre
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour a tous
voila mon probleme
J'aurais voulu savoir si WIN32 bzud-DA est un virus, trojan ou autre et comment faire pour le supprimmer, car à chaque demarrage mon antivirus le signale. Je fais supprimmer mais apparemment ca ne marche pas.
merci
voila mon probleme
J'aurais voulu savoir si WIN32 bzud-DA est un virus, trojan ou autre et comment faire pour le supprimmer, car à chaque demarrage mon antivirus le signale. Je fais supprimmer mais apparemment ca ne marche pas.
merci
A voir également:
- VIRUS WIN32 bzud-DA
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Artemis virus - Forum Virus
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
4 réponses
ok, merci !
Télécharge ceci sur ton bureau :
Lien : hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
Télécharge ceci sur ton bureau :
Lien : hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
ET VOILA
Logfile of HijackThis v1.99.1
Scan saved at 17:28:48, on 14/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\PROGRAMMES\INDISPENSABLES\TRUE IMAGE\TrueImageMonitor.exe
E:\PROGRA~1\PROTEC~1\AVAST\ashDisp.exe
E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\SpywareTerminatorShield.exe
E:\PROGRAMMES\PROTECTION INTERNET\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
E:\PROGRAMMES\PROTECTION INTERNET\SPYBOT\TeaTimer.exe
E:\PROGRAMMES\INDISPENSABLES\STICKY PASSWORD\stpass.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\aswUpdSv.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashServ.exe
E:\PROGRAMMES\PROTECTION INTERNET\COMODO\Firewall\cmdagent.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\slserv.exe
E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashMaiSv.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashWebSv.exe
E:\PROGRAMMES\UTILES\LAUNCHY\Launchy.exe
E:\PROGRAMMES\UTILES\TOTAL UNINSTALL 3\Total uninstall.exe
E:\PROGRAMMES\INTERNET\FIREFOX\firefox.exe
E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
E:\PROGRAMMES\INTERNET\DREAMMAIL 4\DM2005.exe
E:\PROGRAMMES\UTILES\PARTITION MAGIC 8\PMagicNT.exe
E:\PROGRAMMES\ENTRETIEN PC\HIJACK THIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\PROGRAMMES\INTERNET\COPERNIC AGENT\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\PROGRAMMES\INDISPENSABLES\TRUE IMAGE\TrueImageMonitor.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\PROTEC~1\AVAST\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\PROGRAMMES\PROTECTION INTERNET\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\PROGRAMMES\PROTECTION INTERNET\SPYBOT\TeaTimer.exe
O4 - HKCU\..\Run: [StickyPassword] E:\PROGRAMMES\INDISPENSABLES\STICKY PASSWORD\stpass.exe
O4 - Global Startup: Launchy.lnk = E:\PROGRAMMES\UTILES\LAUNCHY\Launchy.exe
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\fd8sz6dh.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://E:\PROGRAMMES\INTERNET\COPERNIC AGENT\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\fd8sz6dh.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O9 - Extra 'Tools' menuitem: Veille de la page avec Copernic Agent - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{594FE388-2534-4558-BCF7-3FFBE005A25B}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - E:\PROGRAMMES\PROTECTION INTERNET\COMODO\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\sp_rsser.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\PROGRAMMES\ENTRETIEN PC\TUNESUP UTILITIES\WinStylerThemeSvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 17:28:48, on 14/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\PROGRAMMES\INDISPENSABLES\TRUE IMAGE\TrueImageMonitor.exe
E:\PROGRA~1\PROTEC~1\AVAST\ashDisp.exe
E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\SpywareTerminatorShield.exe
E:\PROGRAMMES\PROTECTION INTERNET\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
E:\PROGRAMMES\PROTECTION INTERNET\SPYBOT\TeaTimer.exe
E:\PROGRAMMES\INDISPENSABLES\STICKY PASSWORD\stpass.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\aswUpdSv.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashServ.exe
E:\PROGRAMMES\PROTECTION INTERNET\COMODO\Firewall\cmdagent.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\slserv.exe
E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashMaiSv.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashWebSv.exe
E:\PROGRAMMES\UTILES\LAUNCHY\Launchy.exe
E:\PROGRAMMES\UTILES\TOTAL UNINSTALL 3\Total uninstall.exe
E:\PROGRAMMES\INTERNET\FIREFOX\firefox.exe
E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
E:\PROGRAMMES\INTERNET\DREAMMAIL 4\DM2005.exe
E:\PROGRAMMES\UTILES\PARTITION MAGIC 8\PMagicNT.exe
E:\PROGRAMMES\ENTRETIEN PC\HIJACK THIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\PROGRAMMES\INTERNET\COPERNIC AGENT\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\PROGRAMMES\INDISPENSABLES\TRUE IMAGE\TrueImageMonitor.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\PROTEC~1\AVAST\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\PROGRAMMES\PROTECTION INTERNET\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\PROGRAMMES\PROTECTION INTERNET\SPYBOT\TeaTimer.exe
O4 - HKCU\..\Run: [StickyPassword] E:\PROGRAMMES\INDISPENSABLES\STICKY PASSWORD\stpass.exe
O4 - Global Startup: Launchy.lnk = E:\PROGRAMMES\UTILES\LAUNCHY\Launchy.exe
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\fd8sz6dh.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://E:\PROGRAMMES\INTERNET\COPERNIC AGENT\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\fd8sz6dh.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O9 - Extra 'Tools' menuitem: Veille de la page avec Copernic Agent - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{594FE388-2534-4558-BCF7-3FFBE005A25B}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - E:\PROGRAMMES\PROTECTION INTERNET\COMODO\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\sp_rsser.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\PROGRAMMES\ENTRETIEN PC\TUNESUP UTILITIES\WinStylerThemeSvc.exe
ok, fais un clic droit sur hijackthis.exe puis renommer et nomme le CCM.exe
puis reposte un nouveau hijhackthis stp
@+
La sagesse, c'est d'avoir des rêves suffisamment grands pour ne pas les
perdre de vue lorsqu'on les poursuit. (Oscar Wilde)
puis reposte un nouveau hijhackthis stp
@+
La sagesse, c'est d'avoir des rêves suffisamment grands pour ne pas les
perdre de vue lorsqu'on les poursuit. (Oscar Wilde)
voila, je ne sais pas si c'est cela que tu voulais
Logfile of HijackThis v1.99.1
Scan saved at 17:33:31, on 14/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\PROGRAMMES\INDISPENSABLES\TRUE IMAGE\TrueImageMonitor.exe
E:\PROGRA~1\PROTEC~1\AVAST\ashDisp.exe
E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\SpywareTerminatorShield.exe
E:\PROGRAMMES\PROTECTION INTERNET\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
E:\PROGRAMMES\PROTECTION INTERNET\SPYBOT\TeaTimer.exe
E:\PROGRAMMES\INDISPENSABLES\STICKY PASSWORD\stpass.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\aswUpdSv.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashServ.exe
E:\PROGRAMMES\PROTECTION INTERNET\COMODO\Firewall\cmdagent.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\slserv.exe
E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashMaiSv.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashWebSv.exe
E:\PROGRAMMES\UTILES\LAUNCHY\Launchy.exe
E:\PROGRAMMES\UTILES\TOTAL UNINSTALL 3\Total uninstall.exe
E:\PROGRAMMES\INTERNET\FIREFOX\firefox.exe
E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
E:\PROGRAMMES\INTERNET\DREAMMAIL 4\DM2005.exe
E:\PROGRAMMES\UTILES\PARTITION MAGIC 8\PMagicNT.exe
E:\PROGRAMMES\ENTRETIEN PC\HIJACK THIS\HijackThis.exe
E:\PROGRAMMES\ENTRETIEN PC\HIJACK THIS\CCM.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\PROGRAMMES\INTERNET\COPERNIC AGENT\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\PROGRAMMES\INDISPENSABLES\TRUE IMAGE\TrueImageMonitor.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\PROTEC~1\AVAST\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\PROGRAMMES\PROTECTION INTERNET\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\PROGRAMMES\PROTECTION INTERNET\SPYBOT\TeaTimer.exe
O4 - HKCU\..\Run: [StickyPassword] E:\PROGRAMMES\INDISPENSABLES\STICKY PASSWORD\stpass.exe
O4 - Global Startup: Launchy.lnk = E:\PROGRAMMES\UTILES\LAUNCHY\Launchy.exe
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\fd8sz6dh.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://E:\PROGRAMMES\INTERNET\COPERNIC AGENT\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\fd8sz6dh.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O9 - Extra 'Tools' menuitem: Veille de la page avec Copernic Agent - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{594FE388-2534-4558-BCF7-3FFBE005A25B}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - E:\PROGRAMMES\PROTECTION INTERNET\COMODO\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\sp_rsser.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\PROGRAMMES\ENTRETIEN PC\TUNESUP UTILITIES\WinStylerThemeSvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 17:33:31, on 14/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
E:\PROGRAMMES\INDISPENSABLES\TRUE IMAGE\TrueImageMonitor.exe
E:\PROGRA~1\PROTEC~1\AVAST\ashDisp.exe
E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\SpywareTerminatorShield.exe
E:\PROGRAMMES\PROTECTION INTERNET\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\ctfmon.exe
E:\PROGRAMMES\PROTECTION INTERNET\SPYBOT\TeaTimer.exe
E:\PROGRAMMES\INDISPENSABLES\STICKY PASSWORD\stpass.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\aswUpdSv.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashServ.exe
E:\PROGRAMMES\PROTECTION INTERNET\COMODO\Firewall\cmdagent.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\slserv.exe
E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\sp_rsser.exe
C:\WINDOWS\system32\wdfmgr.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashMaiSv.exe
E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashWebSv.exe
E:\PROGRAMMES\UTILES\LAUNCHY\Launchy.exe
E:\PROGRAMMES\UTILES\TOTAL UNINSTALL 3\Total uninstall.exe
E:\PROGRAMMES\INTERNET\FIREFOX\firefox.exe
E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
E:\PROGRAMMES\INTERNET\DREAMMAIL 4\DM2005.exe
E:\PROGRAMMES\UTILES\PARTITION MAGIC 8\PMagicNT.exe
E:\PROGRAMMES\ENTRETIEN PC\HIJACK THIS\HijackThis.exe
E:\PROGRAMMES\ENTRETIEN PC\HIJACK THIS\CCM.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\PROGRAMMES\INTERNET\COPERNIC AGENT\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\PROGRAMMES\INDISPENSABLES\TRUE IMAGE\TrueImageMonitor.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\PROTEC~1\AVAST\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\PROGRAMMES\PROTECTION INTERNET\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\PROGRAMMES\PROTECTION INTERNET\SPYBOT\TeaTimer.exe
O4 - HKCU\..\Run: [StickyPassword] E:\PROGRAMMES\INDISPENSABLES\STICKY PASSWORD\stpass.exe
O4 - Global Startup: Launchy.lnk = E:\PROGRAMMES\UTILES\LAUNCHY\Launchy.exe
O8 - Extra context menu item: Afficher cette page dans Firefox - file://C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\fd8sz6dh.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewpage.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://E:\PROGRAMMES\INTERNET\COPERNIC AGENT\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Ouvrir la cible dans Firefox - file://C:\Documents and Settings\stef\Application Data\Mozilla\Firefox\Profiles\fd8sz6dh.default\extensions\{5D558C43-550F-4b12-84AB-0D8ABDA9F975}\firefoxviewlink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O9 - Extra 'Tools' menuitem: Veille de la page avec Copernic Agent - {0BCBCDD8-E5D9-417D-A752-C2DA929A21BF} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.DLL
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - E:\PROGRA~1\INTERNET\COPERN~1\COPERN~1.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{594FE388-2534-4558-BCF7-3FFBE005A25B}: NameServer = 194.117.200.10,194.117.200.15
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\PROGRAMMES\PROTECTION INTERNET\AVAST\ashWebSv.exe" /service (file missing)
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - E:\PROGRAMMES\PROTECTION INTERNET\COMODO\Firewall\cmdagent.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - E:\PROGRAMMES\PROTECTION INTERNET\SPYWARE TERMINATOR\sp_rsser.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\PROGRAMMES\ENTRETIEN PC\TUNESUP UTILITIES\WinStylerThemeSvc.exe
j'ai avast 4.7 comme antivirus.
Pour ce qui est de la detection, c'est dans c:\ windows\troy.exe, et dans local setting\temporary internet files