Virus "Win32:IRCBot-CPX [Trj]" !!!!
bandou
Messages postés
27
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
J'ai un ordi depuis peu de temps et il a déjà des problèmes! J'ai avast antivirus mais à mon avis la version n'est plus à jour. On me demande souvent de remttre à jour. Comment faire sans devoir payer?
D'autre part, mon ordinateur est infecté par un virus "Win32:IRCBot-CPX [Trj]", et d'autres. Comment cela se fait-il?Je vous mets ci dessous le scan de avast, rubrique "avertissement".
Pourriez-vous me dire comment les supprimer?
Aussi, ma connexion internet déconne très souvent, et anormalement. Pourriez-vous me dire si cela est lié?
Merci beaucoup pour votre aide !
2/02/2008 17:01:15 SYSTEM 528 Sign of "VBS:Solow" has been found in "F:\MS32DLL.dll.vbs" file.
2/02/2008 17:37:55 SYSTEM 528 Sign of "VBS:Solow" has been found in "F:\MS32DLL.dll.vbs" file.
2/02/2008 20:02:13 SYSTEM 528 Sign of "VBS:Solow" has been found in "F:\MS32DLL.dll.vbs" file.
16/02/2008 15:30:49 SYSTEM 544 Sign of "Win32:Agent-RWI [Trj]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\S5A30TQ3\loader[1].exe" file.
16/02/2008 15:33:24 SYSTEM 544 Sign of "Win32:Agent-RWI [Trj]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\58.exe" file.
16/02/2008 15:33:38 SYSTEM 544 Sign of "Win32:Agent-RWI [Trj]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\58.exe" file.
2/03/2008 12:50:10 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
3/03/2008 10:05:20 SYSTEM 476 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
3/03/2008 20:45:45 SYSTEM 180 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
4/03/2008 10:46:17 SYSTEM 480 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
5/03/2008 19:57:49 SYSTEM 468 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
6/03/2008 19:28:51 SYSTEM 536 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
7/03/2008 22:59:39 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
8/03/2008 9:51:12 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
9/03/2008 13:43:31 SYSTEM 488 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
9/03/2008 21:38:31 SYSTEM 476 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
10/03/2008 8:41:00 SYSTEM 472 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
10/03/2008 20:20:16 SYSTEM 464 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
11/03/2008 16:49:32 SYSTEM 520 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
12/03/2008 9:55:31 SYSTEM 468 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
12/03/2008 17:09:22 SYSTEM 216 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
14/03/2008 19:26:45 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
15/03/2008 9:55:16 SYSTEM 520 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
15/03/2008 15:09:21 SYSTEM 504 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
16/03/2008 10:23:56 SYSTEM 532 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
17/03/2008 8:12:06 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
18/03/2008 12:18:35 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
19/03/2008 8:56:06 SYSTEM 508 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
20/03/2008 8:05:06 SYSTEM 512 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
21/03/2008 21:47:12 SYSTEM 512 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
22/03/2008 10:47:24 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
22/03/2008 17:52:43 SYSTEM 520 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
22/03/2008 21:26:00 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
24/03/2008 7:58:53 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
25/03/2008 7:54:36 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
26/03/2008 7:59:11 SYSTEM 512 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
27/03/2008 8:02:55 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
28/03/2008 8:00:01 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
29/03/2008 8:31:08 SYSTEM 1920 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
30/03/2008 8:58:36 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
30/03/2008 10:30:05 SYSTEM 516 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\bittorrent.exe (F:\bittorrent.exe) returning error, 0000A474.
1/04/2008 7:57:24 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/04/2008 8:52:23 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/04/2008 11:20:00 SYSTEM 564 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/04/2008 14:22:27 SYSTEM 508 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/04/2008 15:35:58 SYSTEM 576 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
3/04/2008 8:06:55 SYSTEM 568 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
4/04/2008 7:24:42 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
5/04/2008 8:19:28 SYSTEM 568 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
6/04/2008 10:01:50 SYSTEM 648 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
7/04/2008 9:44:35 SYSTEM 652 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
8/04/2008 20:46:31 SYSTEM 552 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
9/04/2008 9:02:58 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
11/04/2008 17:03:47 SYSTEM 364 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
11/04/2008 17:04:46 SYSTEM 364 Sign of "VBS:Solow" has been found in "F:\MS32DLL.dll.vbs" file.
12/04/2008 9:19:41 SYSTEM 568 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
13/04/2008 10:23:07 SYSTEM 644 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
14/04/2008 10:12:41 SYSTEM 500 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
15/04/2008 8:12:10 SYSTEM 644 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
16/04/2008 9:23:08 SYSTEM 472 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
18/04/2008 9:48:05 SYSTEM 636 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
18/04/2008 14:00:45 SYSTEM 676 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
18/04/2008 21:30:03 SYSTEM 580 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
19/04/2008 9:40:40 SYSTEM 568 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
20/04/2008 8:58:52 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
21/04/2008 10:21:54 SYSTEM 328 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
21/04/2008 18:00:10 SYSTEM 644 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
23/04/2008 14:11:37 SYSTEM 584 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
24/04/2008 10:00:03 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
25/04/2008 22:14:58 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
26/04/2008 9:06:15 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
27/04/2008 10:54:50 SYSTEM 536 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
28/04/2008 11:19:45 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\70.exe" file.
28/04/2008 12:18:34 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\01.exe" file.
28/04/2008 12:18:56 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\13.exe" file.
28/04/2008 12:19:01 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\15.exe" file.
28/04/2008 12:19:04 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\38.exe" file.
28/04/2008 12:19:08 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\74.exe" file.
28/04/2008 13:31:08 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\50.exe" file.
28/04/2008 13:41:50 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\31.exe" file.
28/04/2008 13:41:56 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\31.exe" file.
30/04/2008 19:27:06 SYSTEM 684 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/05/2008 9:21:15 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
3/05/2008 9:03:33 Admin 528 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\17.exe" file.
3/05/2008 14:04:21 Admin 528 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\44.exe" file.
3/05/2008 14:04:24 Admin 528 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\71.exe" file.
6/05/2008 21:05:53 SYSTEM 1576 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
6/05/2008 21:21:16 SYSTEM 1408 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
6/05/2008 22:18:48 Admin 1556 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\74.exe" file.
6/05/2008 22:27:54 Admin 1772 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\68.exe" file.
7/05/2008 8:43:27 Admin 1344 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\33.exe" file.
7/05/2008 14:22:50 Admin 1116 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\70.exe" file.
8/05/2008 8:52:48 SYSTEM 1808 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
9/05/2008 9:57:39 Admin 1344 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\62.exe" file.
9/05/2008 20:45:55 Admin 1612 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\12.exe" file.
9/05/2008 21:34:30 SYSTEM 1576 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
10/05/2008 11:31:52 SYSTEM 1572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
10/05/2008 19:12:21 Admin 3504 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "c:\windows\system32\process32.exe" file.
J'ai un ordi depuis peu de temps et il a déjà des problèmes! J'ai avast antivirus mais à mon avis la version n'est plus à jour. On me demande souvent de remttre à jour. Comment faire sans devoir payer?
D'autre part, mon ordinateur est infecté par un virus "Win32:IRCBot-CPX [Trj]", et d'autres. Comment cela se fait-il?Je vous mets ci dessous le scan de avast, rubrique "avertissement".
Pourriez-vous me dire comment les supprimer?
Aussi, ma connexion internet déconne très souvent, et anormalement. Pourriez-vous me dire si cela est lié?
Merci beaucoup pour votre aide !
2/02/2008 17:01:15 SYSTEM 528 Sign of "VBS:Solow" has been found in "F:\MS32DLL.dll.vbs" file.
2/02/2008 17:37:55 SYSTEM 528 Sign of "VBS:Solow" has been found in "F:\MS32DLL.dll.vbs" file.
2/02/2008 20:02:13 SYSTEM 528 Sign of "VBS:Solow" has been found in "F:\MS32DLL.dll.vbs" file.
16/02/2008 15:30:49 SYSTEM 544 Sign of "Win32:Agent-RWI [Trj]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\S5A30TQ3\loader[1].exe" file.
16/02/2008 15:33:24 SYSTEM 544 Sign of "Win32:Agent-RWI [Trj]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\58.exe" file.
16/02/2008 15:33:38 SYSTEM 544 Sign of "Win32:Agent-RWI [Trj]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\58.exe" file.
2/03/2008 12:50:10 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
3/03/2008 10:05:20 SYSTEM 476 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
3/03/2008 20:45:45 SYSTEM 180 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
4/03/2008 10:46:17 SYSTEM 480 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
5/03/2008 19:57:49 SYSTEM 468 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
6/03/2008 19:28:51 SYSTEM 536 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
7/03/2008 22:59:39 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
8/03/2008 9:51:12 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
9/03/2008 13:43:31 SYSTEM 488 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
9/03/2008 21:38:31 SYSTEM 476 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
10/03/2008 8:41:00 SYSTEM 472 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
10/03/2008 20:20:16 SYSTEM 464 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
11/03/2008 16:49:32 SYSTEM 520 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
12/03/2008 9:55:31 SYSTEM 468 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
12/03/2008 17:09:22 SYSTEM 216 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
14/03/2008 19:26:45 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
15/03/2008 9:55:16 SYSTEM 520 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
15/03/2008 15:09:21 SYSTEM 504 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
16/03/2008 10:23:56 SYSTEM 532 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
17/03/2008 8:12:06 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
18/03/2008 12:18:35 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
19/03/2008 8:56:06 SYSTEM 508 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
20/03/2008 8:05:06 SYSTEM 512 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
21/03/2008 21:47:12 SYSTEM 512 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
22/03/2008 10:47:24 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
22/03/2008 17:52:43 SYSTEM 520 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
22/03/2008 21:26:00 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
24/03/2008 7:58:53 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
25/03/2008 7:54:36 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
26/03/2008 7:59:11 SYSTEM 512 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
27/03/2008 8:02:55 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
28/03/2008 8:00:01 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
29/03/2008 8:31:08 SYSTEM 1920 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
30/03/2008 8:58:36 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
30/03/2008 10:30:05 SYSTEM 516 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\bittorrent.exe (F:\bittorrent.exe) returning error, 0000A474.
1/04/2008 7:57:24 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/04/2008 8:52:23 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/04/2008 11:20:00 SYSTEM 564 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/04/2008 14:22:27 SYSTEM 508 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/04/2008 15:35:58 SYSTEM 576 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
3/04/2008 8:06:55 SYSTEM 568 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
4/04/2008 7:24:42 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
5/04/2008 8:19:28 SYSTEM 568 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
6/04/2008 10:01:50 SYSTEM 648 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
7/04/2008 9:44:35 SYSTEM 652 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
8/04/2008 20:46:31 SYSTEM 552 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
9/04/2008 9:02:58 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
11/04/2008 17:03:47 SYSTEM 364 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
11/04/2008 17:04:46 SYSTEM 364 Sign of "VBS:Solow" has been found in "F:\MS32DLL.dll.vbs" file.
12/04/2008 9:19:41 SYSTEM 568 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
13/04/2008 10:23:07 SYSTEM 644 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
14/04/2008 10:12:41 SYSTEM 500 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
15/04/2008 8:12:10 SYSTEM 644 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
16/04/2008 9:23:08 SYSTEM 472 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
18/04/2008 9:48:05 SYSTEM 636 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
18/04/2008 14:00:45 SYSTEM 676 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
18/04/2008 21:30:03 SYSTEM 580 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
19/04/2008 9:40:40 SYSTEM 568 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
20/04/2008 8:58:52 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
21/04/2008 10:21:54 SYSTEM 328 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
21/04/2008 18:00:10 SYSTEM 644 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
23/04/2008 14:11:37 SYSTEM 584 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
24/04/2008 10:00:03 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
25/04/2008 22:14:58 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
26/04/2008 9:06:15 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
27/04/2008 10:54:50 SYSTEM 536 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
28/04/2008 11:19:45 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\70.exe" file.
28/04/2008 12:18:34 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\01.exe" file.
28/04/2008 12:18:56 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\13.exe" file.
28/04/2008 12:19:01 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\15.exe" file.
28/04/2008 12:19:04 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\38.exe" file.
28/04/2008 12:19:08 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\74.exe" file.
28/04/2008 13:31:08 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\50.exe" file.
28/04/2008 13:41:50 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\31.exe" file.
28/04/2008 13:41:56 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\31.exe" file.
30/04/2008 19:27:06 SYSTEM 684 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/05/2008 9:21:15 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
3/05/2008 9:03:33 Admin 528 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\17.exe" file.
3/05/2008 14:04:21 Admin 528 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\44.exe" file.
3/05/2008 14:04:24 Admin 528 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\71.exe" file.
6/05/2008 21:05:53 SYSTEM 1576 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
6/05/2008 21:21:16 SYSTEM 1408 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
6/05/2008 22:18:48 Admin 1556 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\74.exe" file.
6/05/2008 22:27:54 Admin 1772 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\68.exe" file.
7/05/2008 8:43:27 Admin 1344 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\33.exe" file.
7/05/2008 14:22:50 Admin 1116 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\70.exe" file.
8/05/2008 8:52:48 SYSTEM 1808 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
9/05/2008 9:57:39 Admin 1344 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\62.exe" file.
9/05/2008 20:45:55 Admin 1612 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\12.exe" file.
9/05/2008 21:34:30 SYSTEM 1576 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
10/05/2008 11:31:52 SYSTEM 1572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
10/05/2008 19:12:21 Admin 3504 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "c:\windows\system32\process32.exe" file.
A voir également:
- Virus "Win32:IRCBot-CPX [Trj]" !!!!
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
20 réponses
salut
enleve avast et mes antivir qui est gratuit puis mes le a jour puis fait un scan et supprime tous se qu'il trouve
puis telecharge hijackthis fait un scan et colle moi le log ici stp merci
enleve avast et mes antivir qui est gratuit puis mes le a jour puis fait un scan et supprime tous se qu'il trouve
puis telecharge hijackthis fait un scan et colle moi le log ici stp merci
Voilà le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:11, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Admin\Mes documents\Oli\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:11, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Admin\Mes documents\Oli\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Et pq je dois enlever avast? pcq c pas mon ordi dc j'aime pas trop changer son antivirus.
Avec ce rapport de hijackthis y a-til moyen de faire qqch?
Merci pour votre aide
Avec ce rapport de hijackthis y a-til moyen de faire qqch?
Merci pour votre aide
non pas trop il ya pas beaucoup de chose mes c'est plus securiser de le faire avec un antivirus qui est antivir
on peut planter l'ordi si on le fait avec hijackthis!!
on peut planter l'ordi si on le fait avec hijackthis!!
OK voilà. J'ai installé antivir.
J'ai refait un scan hijachthis que voici. Que dois-je faire alors?
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:46, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Admin\Mes documents\Oli\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
J'ai refait un scan hijachthis que voici. Que dois-je faire alors?
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:43:46, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Admin\Mes documents\Oli\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
Ok voilà c fait
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:23, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Admin\Mes documents\Oli\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:23, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SkyTel.EXE
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\thpsrv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Admin\Mes documents\Oli\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
et tu sur de bien avoir desinstaller avast ?? redemarre puis mes a jour antivir puis fait un scan du pc et supprime tous se qu'il trouve
avant fait ca sur antivir:
reglages pour antivir :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
aussi clic sur guard puis coche scan archive puis tu decoche les 3 case en dessous puis ok
avant fait ca sur antivir:
reglages pour antivir :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
aussi clic sur guard puis coche scan archive puis tu decoche les 3 case en dessous puis ok
laisse tomber cette etap mais fait quand meme la suite
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
aussi clic sur guard puis coche scan archive puis tu decoche les 3 case en dessous puis ok
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
aussi clic sur guard puis coche scan archive puis tu decoche les 3 case en dessous puis ok
Voilà j'ai suivi tout ce que tu m'as demandé.
J'ai fait ok, la fenêtre s'est fermée, mais l'autre pas. Je dois faire quoi mnt?
J'ai fait ok, la fenêtre s'est fermée, mais l'autre pas. Je dois faire quoi mnt?
