Sujet Précédent Sujet Suivant

Maudit CARLTON !

mounie85 -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour,

Je suis également virussé par CARLTON !

Pouvez-vous m'aider à mon tour ?

Pour info, pas d'ADSL... alors soyez indulgent, ça risque de prendre du temps !

Merci à vous !

WINDOWS XP -

26 réponses

Précédent
  • 1
  • 2
Réponse 21 / 26
mounie85
 
Bonjour !

Aujourd'hui, je suis désespérée !!!!!!!!!!! et ne sais plus quoi faire...

Ce matin, j'ai essayé de retélécharger AVAST (puisque ANTIVIR ne fonctionne pas) et impossible de l'installer ! J'ai le message suivant :

An error 1006 (000003EE° has occured.
Last performed operation was:
opening the self-extract archive

Try to dowload setup file again.
If you use Internet Explorer, clear it's cache before downloading:
Start->Control panel ->Internet Options and Delete Temporary Internet Files.

Quoiteske ??? D'après toi, est-ce parce que je télécharge avec TrueDownloader ?

STP, ne me laisse pas dans ma désespérétude :-)
0
Réponse 22 / 26
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonjour,

sincèrement je ne sais pas si TrueDownloader a une incidence ou non. Une chose est certaine, y a un bleme.

vu que les scans en ligne c'est quasi impossible avec ta connexion, essaie de m'envoyer ceci :

* Télécharge le script "Silent Runners"

clic droit > "enregistrer sous" (et non pas clic gauche) sur le lien suivant :
https://www.silentrunners.org/Silent%20Runners.vbs
clique ensuite 2 fois sur "yes"
Laisse lui le temps de faire son analyse (compte une minute, montre en main)

poste le rapport généré qui se trouve dans le meme dossier que Silent Runners...

Si ton antivirus s'affole, autorise ce script. Ou au pire, désactive-le juste le temps du téléchargement et du scan. Ce script n'est pas dangereux.
0
Réponse 23 / 26
mounie85
 
Voilà :

"Silent Runners.vbs", revision 52, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"AWMON" = ""C:\Program Files\Securitoo\Anti-Spyware\Ad-Monitor.exe"" ["Securitoo"]
"MoneyAgent" = ""C:\Program Files\Microsoft Money\System\mnyexpr.exe"" [MS]
"SRS Audio Sandbox" = ""C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"FSASWREG" = ""C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"" [null data]
"F-Secure TNB" = ""C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW" ["F-Secure Corporation"]
"DecomptNet" = "C:\Program Files\DecomptNet\decomptnet.exe" [null data]
"monipfr1 " = "C:\Program Files\MonIPfr\MonIPfr.exe" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx" [empty string]
{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyside.dll" [MS]
{2E03C0FD-4C48-43A7-9A54-00240C70FF16}\(Default) = "e-Carte Bleue Browser Helper Object"
-> {HKLM...CLSID} = "ECarteBleueBrowserHelper Class"
\InProcServer32\(Default) = "C:\WINDOWS\system32\BhoECart.dll" ["Orbiscom Ltd. All rights reserved."]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Windows Live Sign-in Helper"
\InProcServer32\(Default) = "C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["GRISOFT s.r.o."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {HKLM...CLSID} = "PowerArchiver Shell Extensions"
\InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["eFront Media, Inc."]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\AVG Anti-Spyware 7.5\context.dll" ["GRISOFT s.r.o."]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
PowerArchiver\(Default) = "{d03d3e68-0c44-3d45-b15f-bcfd8a8b4c7e}"
-> {HKLM...CLSID} = "PowerArchiver Shell Extensions"
\InProcServer32\(Default) = "C:\Program Files\PowerArchiver\PASHLEXT.DLL" ["eFront Media, Inc."]

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Macquigneau\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "Macquigneau" & "All Users" startup folders:
-------------------------------------------------------------

C:\Documents and Settings\Macquigneau\Menu Démarrer\Programmes\Démarrage
"e-Backup Scheduler" -> shortcut to: "C:\Program Files\Outlook-Backup\eBackup.exe /S" ["Inachis"]
"Microsoft Outlook" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE" [MS]
"SpamPal" -> shortcut to: "C:\Program Files\SpamPal\spampal.exe" ["www.spampal.org"]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"avast! Antivirus" -> shortcut to: "C:\Program Files\Alwil Software\Avast4\ashAvast.exe" ["ALWIL Software"]

Enabled Scheduled Tasks:
------------------------

"Ma sauvegarde" -> launches: "C:\WINDOWS\system32\ntbackup.exe backup "@C:\Documents and Settings\Macquigneau\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\Ma sauvegarde.bks" /a /d "Jeu créé le 02/12/2006 à 11:47" /v:yes /r:no /rs:no /hc:off /m normal /j "Ma sauvegarde" /l:n /f "F:\Ma sauvegarde.bkf"" [MS]
"ntbackup" -> launches: "C:\WINDOWS\system32\ntbackup.exe" [MS]
"Programmateur e-Backup Macquigneau" -> launches: "eBackup.exe /T" [file not found]
"Sauvegarde Mes documents et mon bureau" -> launches: "C:\WINDOWS\system32\ntbackup.exe backup "@C:\Documents and Settings\Macquigneau\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\Sauvegarde Mes documents et mon bureau.bks" /n "Ma sauvegarde.bkf créé le 20/06/2007 à 15:26" /d "Jeu créé le 20/06/2007 à 15:26" /v:no /r:no /rs:no /hc:off /m normal /j "Sauvegarde Mes documents et mon bureau" /l:n /f "F:\Ma sauvegarde.bkf"" [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\System32\nwprovau.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 18
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{C5F7A735-70F1-477F-8C36-6FF3C736017B}"
-> {HKLM...CLSID} = "Copernic Desktop Search"
\InProcServer32\(Default) = "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll" ["Copernic Technologies Inc."]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}"
-> {HKLM...CLSID} = "Copernic Agent"
\InProcServer32\(Default) = "C:\Program Files\Copernic Agent\CopernicAgentExt.dll" ["Copernic Technologies Inc."]
"{F2CF5485-4E02-4F68-819C-B92DE9277049}"
-> {HKLM...CLSID} = "&Links"
\InProcServer32\(Default) = "C:\WINDOWS\system32\ieframe.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{C5F7A735-70F1-477F-8C36-6FF3C736017B}" = (no title provided)
-> {HKLM...CLSID} = "Copernic Desktop Search"
\InProcServer32\(Default) = "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll" ["Copernic Technologies Inc."]
"{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}" = (no title provided)
-> {HKLM...CLSID} = "Copernic Agent"
\InProcServer32\(Default) = "C:\Program Files\Copernic Agent\CopernicAgentExt.dll" ["Copernic Technologies Inc."]
"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" = "0"
-> {HKLM...CLSID} = "Barre d'outils MSN"
\InProcServer32\(Default) = "C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll" [MS]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{6F480F82-C3A6-4D35-96F7-B297AD49FBE8}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Résultats de Copernic Agent"
\InProcServer32\(Default) = "C:\Program Files\Copernic Agent\CopernicAgentExt.dll" ["Copernic Technologies Inc."]
{D6A116E7-5906-42E4-87F6-E7E15936415E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "MoneySide"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyside.dll" [MS]

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{6F480F82-C3A6-4D35-96F7-B297AD49FBE8}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Résultats de Copernic Agent"
\InProcServer32\(Default) = "C:\Program Files\Copernic Agent\CopernicAgentExt.dll" ["Copernic Technologies Inc."]
{92A40B0A-740A-4A11-9DDB-70460C6DA383}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Copernic Desktop Search"
\InProcServer32\(Default) = "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll" ["Copernic Technologies Inc."]
{C5F7A735-70F1-477F-8C36-6FF3C736017B}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Copernic Desktop Search"
\InProcServer32\(Default) = "C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll" ["Copernic Technologies Inc."]
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Copernic Agent"
\InProcServer32\(Default) = "C:\Program Files\Copernic Agent\CopernicAgentExt.dll" ["Copernic Technologies Inc."]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Console Java (Sun)"
"CLSIDExtension" = "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.6.0_03"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll" ["Sun Microsystems, Inc."]

{193B17B0-7C9F-4D5B-AEAB-8D3605EFC084}\
"MenuText" = "Démarrer Copernic Agent"
"Exec" = "C:\PROGRA~1\COPERN~2\COPERN~1.EXE" ["Copernic Technologies Inc."]

{688DC797-DC11-46A7-9F1B-445F4F58CE6E}\
"ButtonText" = "Copernic Agent"
"Exec" = "C:\PROGRA~1\COPERN~2\COPERN~1.EXE" ["Copernic Technologies Inc."]

{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
"ButtonText" = "MoneySide"
"CLSIDExtension" = "{DD6687B5-CB43-4211-BFC9-2942CCBDCB3E}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyside.dll" [MS]

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
<<H>> "{BE89472C-B803-4D1D-9A9A-0A63660E0FE3}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\COPERN~2\COPERN~1.DLL" ["Copernic Technologies Inc."]
<<H>> "{83B79436-C1A7-427B-B40D-689E9CC71FAE}" = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\COPERN~1\COPERN~4.DLL" ["Copernic Technologies Inc."]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" ["ALWIL Software"]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" ["ALWIL Software"]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
AVG Anti-Spyware Guard, AVG Anti-Spyware Guard, "C:\Program Files\ewido anti-malware\AVG Anti-Spyware 7.5\guard.exe" ["GRISOFT s.r.o."]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Nero AG"]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\system32\nvsvc32.exe" ["NVIDIA Corporation"]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor i550\Driver = "CNMLM49.DLL" ["CANON INC."]

---------- (launch time: 2007-10-19 15:24:17)
<<!>>: Suspicious data at a malware launch point.
<<H>>: Suspicious data at a browser hijack point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 126 seconds, including 18 seconds for message boxes)

Et alors ???
0
Réponse 24 / 26
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

je vois quand même F SECURE Securitoo dans ton pc. Tu l'as toujours ?
j'ai raté la ligne je crois dans le rapport hijackthis il y est.
C'est bien un antivirus ca non ?

ensuite reposte un rapport hijackthis stp
tume reparles de truedownloader, je t'avais demandé de supprimer
la dll en 02
truedownloaderie.dll
est à virer.

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 26
mounie85
 
Pour F SECURE secutitoo, excuse mon ignorance mais je ne savais même pas que c'était un anti-virus !!! C'était installé sur mon PC et j'ai même pas cherché à savoir à quoi ça servait mais je me doutais que c'était utile alors j'ai laissé... Par contre, je ne sais pas s'il est bien paramétré !?

Pour truedownloader, je l'avais bien supprimé mais pour tous mes téléchargements (râtés?) j'ai dû le réinstaller. Et, je viens de le désinstaller avant mon rapport HJT que voici :

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:15:57, on 19/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DecomptNet\decomptnet.exe
C:\Program Files\Securitoo\Anti-Spyware\Ad-Monitor.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\SpamPal\spampal.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\Macquigneau\Mes documents\Mes fichiers reçus\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2.fr/startpage/dialup/fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://edit.europe.yahoo.com/config/mail?.intl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2.fr/startpage/dialup/fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~2\COPERN~1.DLL
R3 - URLSearchHook: (no name) - {83B79436-C1A7-427B-B40D-689E9CC71FAE} - C:\PROGRA~1\COPERN~1\COPERN~4.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Copernic Desktop Search - {C5F7A735-70F1-477F-8C36-6FF3C736017B} - C:\Program Files\Copernic Desktop Search\CopernicDesktopSearchIntegration974.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [FSASWREG] "C:\Program Files\Securitoo\Anti-Spyware\fsaswreg.exe"
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DecomptNet] C:\Program Files\DecomptNet\decomptnet.exe
O4 - HKLM\..\Run: [monipfr1 ] C:\Program Files\MonIPfr\MonIPfr.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Securitoo\Anti-Spyware\Ad-Monitor.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: e-Backup Scheduler.lnk = C:\Program Files\Outlook-Backup\eBackup.exe
O4 - Startup: Microsoft Outlook.lnk = C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
O4 - Startup: SpamPal.lnk = C:\Program Files\SpamPal\spampal.exe
O4 - Global Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4\ashAvast.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~2\COPERN~1.EXE
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\ewido anti-malware\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: Service Windows Media Connect (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
0
Réponse 26 / 26
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonsoir,

antivirus et antispyware en +
donc tu n'as pas besoin d'antivirus en +
par contre pour le paramétrage, je ne connais absolument pas. Tu dois pouvoir en fouillant un peu trouver qq chose
tu dois avoir une icone qui correspond à securitoo F SECURE

donc désinstalle Avast maintenant. Et laisse tomber antivir.

il faudrait que tu vois si tu as la possiblité avec cet antivirus de faire un scan de ton pc.

je t'ai trouvé ces liens
https://assistance.nordnet.com/
https://assistance.nordnet.com/
qui est un pdf apparemment, tu devrais trouver ton bonheur

0

Discussions similaires

gazon maudit
athena223 -
athena223 -

3 réponses
exodia le maudit
dardevil32 -
computerhelp -

20 réponses
Encore et toujours ce maudit WMP11
elisacheng -
karolus -

3 réponses
où est ce maudit presse papier ??
bourriinnette -
Papounet17000 -

3 réponses