Virus "Win32:IRCBot-CPX [Trj]" !!!!

bandou Messages postés 27 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

J'ai un ordi depuis peu de temps et il a déjà des problèmes! J'ai avast antivirus mais à mon avis la version n'est plus à jour. On me demande souvent de remttre à jour. Comment faire sans devoir payer?

D'autre part, mon ordinateur est infecté par un virus "Win32:IRCBot-CPX [Trj]", et d'autres. Comment cela se fait-il?Je vous mets ci dessous le scan de avast, rubrique "avertissement".

Pourriez-vous me dire comment les supprimer?

Aussi, ma connexion internet déconne très souvent, et anormalement. Pourriez-vous me dire si cela est lié?

Merci beaucoup pour votre aide !

2/02/2008 17:01:15 SYSTEM 528 Sign of "VBS:Solow" has been found in "F:\MS32DLL.dll.vbs" file.
2/02/2008 17:37:55 SYSTEM 528 Sign of "VBS:Solow" has been found in "F:\MS32DLL.dll.vbs" file.
2/02/2008 20:02:13 SYSTEM 528 Sign of "VBS:Solow" has been found in "F:\MS32DLL.dll.vbs" file.
16/02/2008 15:30:49 SYSTEM 544 Sign of "Win32:Agent-RWI [Trj]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\S5A30TQ3\loader[1].exe" file.
16/02/2008 15:33:24 SYSTEM 544 Sign of "Win32:Agent-RWI [Trj]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\58.exe" file.
16/02/2008 15:33:38 SYSTEM 544 Sign of "Win32:Agent-RWI [Trj]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\58.exe" file.
2/03/2008 12:50:10 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
3/03/2008 10:05:20 SYSTEM 476 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
3/03/2008 20:45:45 SYSTEM 180 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
4/03/2008 10:46:17 SYSTEM 480 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
5/03/2008 19:57:49 SYSTEM 468 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
6/03/2008 19:28:51 SYSTEM 536 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
7/03/2008 22:59:39 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
8/03/2008 9:51:12 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
9/03/2008 13:43:31 SYSTEM 488 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
9/03/2008 21:38:31 SYSTEM 476 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
10/03/2008 8:41:00 SYSTEM 472 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
10/03/2008 20:20:16 SYSTEM 464 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
11/03/2008 16:49:32 SYSTEM 520 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
12/03/2008 9:55:31 SYSTEM 468 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
12/03/2008 17:09:22 SYSTEM 216 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
14/03/2008 19:26:45 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
15/03/2008 9:55:16 SYSTEM 520 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
15/03/2008 15:09:21 SYSTEM 504 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
16/03/2008 10:23:56 SYSTEM 532 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
17/03/2008 8:12:06 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
18/03/2008 12:18:35 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
19/03/2008 8:56:06 SYSTEM 508 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
20/03/2008 8:05:06 SYSTEM 512 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
21/03/2008 21:47:12 SYSTEM 512 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
22/03/2008 10:47:24 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
22/03/2008 17:52:43 SYSTEM 520 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
22/03/2008 21:26:00 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
24/03/2008 7:58:53 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
25/03/2008 7:54:36 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
26/03/2008 7:59:11 SYSTEM 512 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
27/03/2008 8:02:55 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
28/03/2008 8:00:01 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
29/03/2008 8:31:08 SYSTEM 1920 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
30/03/2008 8:58:36 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
30/03/2008 10:30:05 SYSTEM 516 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: F:\bittorrent.exe (F:\bittorrent.exe) returning error, 0000A474.
1/04/2008 7:57:24 SYSTEM 516 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/04/2008 8:52:23 SYSTEM 524 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/04/2008 11:20:00 SYSTEM 564 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/04/2008 14:22:27 SYSTEM 508 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/04/2008 15:35:58 SYSTEM 576 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
3/04/2008 8:06:55 SYSTEM 568 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
4/04/2008 7:24:42 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
5/04/2008 8:19:28 SYSTEM 568 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
6/04/2008 10:01:50 SYSTEM 648 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
7/04/2008 9:44:35 SYSTEM 652 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
8/04/2008 20:46:31 SYSTEM 552 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
9/04/2008 9:02:58 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
11/04/2008 17:03:47 SYSTEM 364 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
11/04/2008 17:04:46 SYSTEM 364 Sign of "VBS:Solow" has been found in "F:\MS32DLL.dll.vbs" file.
12/04/2008 9:19:41 SYSTEM 568 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
13/04/2008 10:23:07 SYSTEM 644 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
14/04/2008 10:12:41 SYSTEM 500 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
15/04/2008 8:12:10 SYSTEM 644 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
16/04/2008 9:23:08 SYSTEM 472 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
18/04/2008 9:48:05 SYSTEM 636 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
18/04/2008 14:00:45 SYSTEM 676 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
18/04/2008 21:30:03 SYSTEM 580 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
19/04/2008 9:40:40 SYSTEM 568 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
20/04/2008 8:58:52 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
21/04/2008 10:21:54 SYSTEM 328 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
21/04/2008 18:00:10 SYSTEM 644 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
23/04/2008 14:11:37 SYSTEM 584 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
24/04/2008 10:00:03 SYSTEM 528 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
25/04/2008 22:14:58 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
26/04/2008 9:06:15 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
27/04/2008 10:54:50 SYSTEM 536 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
28/04/2008 11:19:45 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\70.exe" file.
28/04/2008 12:18:34 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\01.exe" file.
28/04/2008 12:18:56 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\13.exe" file.
28/04/2008 12:19:01 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\15.exe" file.
28/04/2008 12:19:04 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\38.exe" file.
28/04/2008 12:19:08 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\Documents and Settings\Admin\Local Settings\Temp\74.exe" file.
28/04/2008 13:31:08 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\50.exe" file.
28/04/2008 13:41:50 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\31.exe" file.
28/04/2008 13:41:56 SYSTEM 576 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\31.exe" file.
30/04/2008 19:27:06 SYSTEM 684 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
2/05/2008 9:21:15 SYSTEM 572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
3/05/2008 9:03:33 Admin 528 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\17.exe" file.
3/05/2008 14:04:21 Admin 528 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\44.exe" file.
3/05/2008 14:04:24 Admin 528 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\71.exe" file.
6/05/2008 21:05:53 SYSTEM 1576 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
6/05/2008 21:21:16 SYSTEM 1408 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
6/05/2008 22:18:48 Admin 1556 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\74.exe" file.
6/05/2008 22:27:54 Admin 1772 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\68.exe" file.
7/05/2008 8:43:27 Admin 1344 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\33.exe" file.
7/05/2008 14:22:50 Admin 1116 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\70.exe" file.
8/05/2008 8:52:48 SYSTEM 1808 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
9/05/2008 9:57:39 Admin 1344 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\62.exe" file.
9/05/2008 20:45:55 Admin 1612 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Admin\LOCALS~1\Temp\12.exe" file.
9/05/2008 21:34:30 SYSTEM 1576 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
10/05/2008 11:31:52 SYSTEM 1572 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "C:\WINDOWS\system32\process32.exe" file.
10/05/2008 19:12:21 Admin 3504 Sign of "Win32:IRCBot-CPX [Trj]" has been found in "c:\windows\system32\process32.exe" file.
Configuration: Windows XP
Internet Explorer 7.0

20 réponses

  1. Utilisateur anonyme
     
    salut

    enleve avast et mes antivir qui est gratuit puis mes le a jour puis fait un scan et supprime tous se qu'il trouve
    puis telecharge hijackthis fait un scan et colle moi le log ici stp merci
    0
  2. bandou Messages postés 27 Statut Membre
     
    Je dois envlever avast?

    Et je met quel antivirus alors?
    merci pour ton aide
    0
  3. bandou Messages postés 27 Statut Membre
     
    Voilà le rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:30:11, on 11/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\SkyTel.EXE
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\Admin\Mes documents\Oli\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
    O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. bandou Messages postés 27 Statut Membre
     
    Et pq je dois enlever avast? pcq c pas mon ordi dc j'aime pas trop changer son antivirus.

    Avec ce rapport de hijackthis y a-til moyen de faire qqch?

    Merci pour votre aide
    0
  6. Utilisateur anonyme
     
    avast et le plus nul change le stp si tu ne veut pas etre de nouveau affecter stp
    0
  7. bandou Messages postés 27 Statut Membre
     
    Ok mais y a-til moyen déjà moyen de voir qqch avec ce rapport? Merci bcp
    0
  8. Utilisateur anonyme
     
    non pas trop il ya pas beaucoup de chose mes c'est plus securiser de le faire avec un antivirus qui est antivir

    on peut planter l'ordi si on le fait avec hijackthis!!
    0
  9. bandou Messages postés 27 Statut Membre
     
    OK voilà. J'ai installé antivir.

    J'ai refait un scan hijachthis que voici. Que dois-je faire alors?

    Merci

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:43:46, on 11/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\SkyTel.EXE
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Documents and Settings\Admin\Mes documents\Oli\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
    O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
    0
  10. Utilisateur anonyme
     
    il faut desisntaller avast vite !!
    0
  11. bandou Messages postés 27 Statut Membre
     
    Ok voilà c fait

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:47:23, on 11/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\SkyTel.EXE
    C:\WINDOWS\system32\00THotkey.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Admin\Mes documents\Oli\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
    O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TPSODDCtl] TPSODDCtl.exe
    O4 - HKLM\..\Run: [ThpSrv] thpsrv /logon
    O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
    O4 - HKLM\..\Run: [TOSDCR] TOSDCR.EXE
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
    O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA HDD Protection (Thpsrv) - TOSHIBA Corporation - C:\WINDOWS\system32\ThpSrv.exe
    0
  12. bandou Messages postés 27 Statut Membre
     
    Et maintenant, que faire?

    Merci
    0
  13. Utilisateur anonyme
     
    et tu sur de bien avoir desinstaller avast ?? redemarre puis mes a jour antivir puis fait un scan du pc et supprime tous se qu'il trouve

    avant fait ca sur antivir:

    reglages pour antivir :

    une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    aussi clic sur guard puis coche scan archive puis tu decoche les 3 case en dessous puis ok
    0
  14. bandou Messages postés 27 Statut Membre
     
    C'est où rootkit search?
    0
  15. bandou Messages postés 27 Statut Membre
     
    Stp peux-tu être plus clair dans tes explications? Car je suis un novice..

    Merci beaucoup
    0
  16. Utilisateur anonyme
     
    laisse tomber cette etap mais fait quand meme la suite

    puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
    coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
    puis sur la droite coche les case suivantes :
    scan boot sectors of selected drives
    scan master boot sectors
    scan memory
    search foe rootkit before scan
    decoche :
    ignore off line files
    toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

    aussi clic sur guard puis coche scan archive puis tu decoche les 3 case en dessous puis ok
    0
  17. bandou Messages postés 27 Statut Membre
     
    Voilà j'ai suivi tout ce que tu m'as demandé.

    J'ai fait ok, la fenêtre s'est fermée, mais l'autre pas. Je dois faire quoi mnt?
    0
  18. Utilisateur anonyme
     
    mes a jour antivir puis fait un scan et supprime tous se qu'il trouve
    0
  19. bandou Messages postés 27 Statut Membre
     
    Voilà c'est fait.

    Que dois-je faire mnt?
    tu crois que c'est bon?

    Et aussi, comment se fait-il que internet ne marche que pendant 10 min? Après il ne marche plus. Etait-ce du aux virus?

    Est-ce que ça va aller mieux mnt?

    Merci pr ta réponse
    0
  20. Utilisateur anonyme
     
    telecharge malwarebytes + spybot + ad-aware puis mes les a jours puis fait un scan et supprime tous se qu'ils trouvent
    puis recolle moi un log hijackthis

    (pour malwarebytes et ad-aware fait un scan complet)
    0