Virus récalcitrant

045Greg Messages postés 32 Statut Membre -  
045Greg Messages postés 32 Statut Membre -
Bonjour,
aidez moi s'il vous plait.
après avoir installé successivement Kaspersky anti virus, NOD 32 et Bitdefender total security 2008 et après avoir procédé au scan complet de la bécane, ils ont découvert les mêmes virus et bien sûr supprimé ceux ci. Mais à chaque fois que je redémarre la bête, ils réapparraissent à nouveau !! et rebelote : même manip encore et encore.........
en ce moment j'ai laissé NOD 32 sur le pc (Windows XP Home)
QUE FAIRE ??

merci de vos réponses !
Configuration: Windows Vista
Internet Explorer 7.0

1 réponse

  1. 045Greg Messages postés 32 Statut Membre 3
     
    Voici un log de hijack this (si il y a des écritures bizarres c'est normal : le pc en question est le pc de ma copine, un pc coréen) :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at ¿ÀÈÄ 7:21:07, on 2007-12-17
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\OO Software\CleverCache\ooccag.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\Samsung\Samsung Command Center\PIC_UI.exe
    C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
    C:\Program Files\Samsung\AVStation premium\bin\AVStation agent.exe
    C:\PROGRA~1\FASOOD~1\fclient.exe
    C:\PROGRA~1\Samsung\SAMSUN~1\SAMSUN~1.EXE
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
    C:\Program Files\OO Software\CleverCache\ooccctrl.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\conime.exe
    C:\PROGRA~1\FASOOD~1\fph.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\s\LOCALS~1\Temp\winime.exe
    O2 - BHO: BrowserHook Class - {09F93072-DE5E-4b5a-B347-F80FD7CB7309} - C:\WINDOWS\system32\webmailHook20060113.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: wNavy Åø¹Ù - {8D4095C3-3314-40AA-A227-136FFD1195C9} - C:\Program Files\navy\navy.dll
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [SamsungPIC] C:\Program Files\Samsung\Samsung Command Center\PIC_UI.exe
    O4 - HKLM\..\Run: [MagicKeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
    O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
    O4 - HKLM\..\Run: [AVStation premium] "C:\Program Files\Samsung\AVStation premium\bin\AVStation agent.exe"
    O4 - HKLM\..\Run: [zcl] "C:\PROGRA~1\FASOOD~1\fclient.exe"
    O4 - HKLM\..\Run: [HncUpdate] C:\WINDOWS\system32\HncUpdate.exe /A
    O4 - HKLM\..\Run: [navy] C:\Program Files\navy\navy.exe
    O4 - HKLM\..\Run: [Inciter Inspector] C:\WINDOWS\InciterInstaller\ICAgent30.exe -reboot
    O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [FPH Exe] "C:\PROGRA~1\FASOOD~1\fph.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [NATEON] C:\Program Files\NATEON\BIN\NATEON.exe -as
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Microsoft Excel·Î ³»º¸³»±â(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java ÄÜ¼Ö - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: wnavy - {7A485BBD-3558-4451-BDD9-A25513C078A2} - C:\Program Files\navy\navyal.exe (file missing)
    O9 - Extra button: ¸®¼­Ä¡ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.allthegate.com
    O15 - Trusted Zone: http://*.inicis.com
    O15 - Trusted Zone: http://www.iros.go.kr
    O15 - Trusted Zone: http://*.kcp.co.kr
    O15 - Trusted Zone: http://*.telec.co.kr
    O15 - Trusted Zone: http://*.vpay.co.kr
    O15 - Trusted Zone: http://*.wedisk.co.kr
    O15 - Trusted Zone: http://*.wedisk.net
    O15 - ESC Trusted Zone: http://*.update.microsoft.com
    O16 - DPF: {00001024-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter24 Class) - http://download.netmarble.com/web/nmstarter/NMStarter24.cab
    O16 - DPF: {1EC772E3-6882-4D42-812E-5882CCB60536} (Csession Object) - http://www.ebslang.co.kr/error.html
    O16 - DPF: {2086592C-34CB-46BC-A042-715910AFBE81} (EBSSessionCheck.SessionCheck) - http://img.ebs.co.kr/ActiveX/Session/EBSSessionCheck.CAB
    O16 - DPF: {2D394D05-A066-4678-BA38-E85882B09B2E} (Controller Class) - http://www.cosmotan.com/cabinet/myspeed.cab
    O16 - DPF: {2E68BEE5-A640-11D2-AEA4-00AA006E5B34} (HnwActiv Control) - http://kmu.hhu.ac.kr/ezgen/hnwactive/hnwactiv_5_0_0_7.cab
    O16 - DPF: {31FA72F5-BE46-4D6D-A10D-857C8D6F4BFA} (OrangeFileSearch Control) - http://www.orangefile.com/ActiveX/OrangeFileSearch.cab
    O16 - DPF: {474AD63A-9B7E-40FE-8E4E-7067CC0F8D3D} (IB_OnAir.IBOnAir) - http://ionair.sbs.co.kr/onair/IB_OnAir.CAB
    O16 - DPF: {5DAEF053-DEF0-4752-A963-CCE9B49B0B79} (Gogs Class) - http://bridge.item2.naver.com/music/cab/nbgm.cab
    O16 - DPF: {6CE20149-ABE3-462E-A1B4-5B549971AA38} (XecureCKKB Class) - http://ck.softforum.co.kr/CKKeyPro/yescard/CKKeyPro.cab
    O16 - DPF: {7513B187-5954-4C64-ABF4-E652FE899F24} (Wedisk Control) - http://www.wedisk.co.kr/app/WeDisk.cab
    O16 - DPF: {8C99859C-05D9-4CA5-B7DB-BCE80E4185BC} (AGSWallet Control) - http://www.allthegate.com/plugin/AGSWallet.cab
    O16 - DPF: {8ED577E0-25F4-4477-866B-3C572B7FB603} - http://viout.com/downloader/ViOutActive.cab
    O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.com/NMChatX/NMTransX.cab
    O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanmail.net/activex/dmcc2.cab?Version=1,0,0,10
    O16 - DPF: {93F83364-58E3-43C6-BE34-DE1252B26307} - http://sbill.em4s.com/sbill/cruzbill.cab
    O16 - DPF: {970E1B88-8AC1-4E31-86D6-BFA769CEF7A6} (eGSignPlus For_EBS Class) - http://www.ebs.co.kr/sso/eGEBS.cab
    O16 - DPF: {9CDD57AC-CA86-464C-B920-3228A388CC78} (NaverFileControl Control) - http://file.naver.com/down/NaverFile.cab
    O16 - DPF: {9DA9609B-9237-40D3-A66D-24FE73CE3CD0} (IB_SiteSigning.IBSiteSigning) - http://img.sbs.co.kr/vobos/site/IB_SiteSigning.CAB
    O16 - DPF: {A4D2A490-7F5F-464C-B8D7-99E52932C4D9} - http://124.2.41.10/ocx/XDocRegister.cab
    O16 - DPF: {A671DC03-71D0-4CF0-895C-7D4A248FC1F1} (skcbgmset Class) - http://cyimg7.cyworld.nate.com/cymusic/package/skcbgmset.cab
    O16 - DPF: {D31B8502-F679-44A2-8671-29D984AA4121} - http://124.2.41.10/ocx/ApvlXApvlLine.cab
    O16 - DPF: {DC4207CE-C03E-4449-ACB1-032CA4137053} (Npz Control) - http://update.nprotect.net/nprotect2006/yescard/npz.cab
    O21 - SSODL: ocwnklfdu - {86E5EBE9-7DF5-4D76-AE8B-BC43743A0EE1} - (no file)
    O21 - SSODL: NewsCheck - {48D2B539-9C78-40A1-92EC-C1078858E0CD} - C:\WINDOWS\xuqfrgslv.dll
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
    O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
    O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
    O23 - Service: SNM WLAN Service - Unknown owner - C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    0