Avast alerte message
soussou2004
Messages postés
2
Statut
Membre
-
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour, je suis nouveau est j'ai un gros problème, depuis 2 jours avast me met tros de mails enoyés ds un intervalle
j'ai fait un nettoyage mais rien a faire, toujours là lorsque je redémare mon ordi. Ca ouvre une 20 de fenetre qui indiquent continuer ou ne pas repondre aidez moi SVP je ne connait pas grand chose
Merci d'avence
[b]SDFix: Version 1.190 [/b]
Run by Jawad on 10/06/2008 at 23:31
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\nnnmnKee.dll - Deleted
C:\Program Files\Antivirus 2008 PRO\vscan.tsi - Deleted
C:\WINDOWS\system32\WinCtrl32(2)(2).dll - Deleted
C:\DOCUME~1\Jawad\LOCALS~1\Temp\media.php.bat - Deleted
C:\DOCUME~1\Jawad\LOCALS~1\Temp\winpole32.exe.bat - Deleted
C:\WINDOWS\system32\WinCtrl32.dll - Deleted
Folder C:\Program Files\Antivirus 2008 PRO - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 23:37:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="912E7C9B7CC11181A387D7A2B862F0F9F8DCBAB3BD8095F8FAEEE9E3A82D1BB76851483A548DF8AA5BCBA5480CC4B5E229D45A5589F46E807F17B515CBCCA93A688336F82EA6FCE98C7F1B85E3357F304A96BF3F2EC38F2AA5414223738768B2F6BA09B29CF583B07CE9890F48BC51FD2C59651FC6B7B8DB5FB559FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C9DB7CE019D40AA5CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808812F438A58C4808551165CDE5E6F5D057BD0E4F11709EB4AD5C65CA5B6EDB0F3021B5F1788BEB6990D2D2328668619B033E787CCB6B39BCEA6E73334055FCA356863C13E1FE9B9A635F1033CC55BC1200219C987F827DECA002F4C643EAA12CABD870D3A0D0A59624EF95E93BBD9B6D3032DEFF68214C728B9B96C069063E632B39927F72CBA67F27F6C5D59E63FDC42F88001A25DFCE94BCDBA1C1E8DF2AE581A43B918B66ABBF4168569E8CA1F1AD24885C94576B9DE09597829632C1554A2EA3D34F1CB59B0797F96B3D752E0DAE2F7C0D9CFA0F742AB1F4D25C447DCC3E53FD7480D6F9CA3035283AD6B483E8E44B74C86640F35B5728428E3E11C2C71ED56F66BA98820780A44438F1F5D47A9BAD65366DA5DC5DD0D9209800ECEBDCF7A13105736622015FBB2645520265C2301CA9AD6BF075262A4790855D3631DD93CFB318CD9AC2F65B69D05BB519AB6F6422C7478D16F55705009CF866FC6AC8EDDBCF6CA6EFAB3D68FA7DAC74918DF2321B74BAD835A20B99F389D774FC59FED77A3161980C4655C4E1AACBF53DDB7ADB1CF9C20FE7155F0942044D01A9280FC9924D5C152E4D3EB2EDFD8AFEC10EE9DFCF679BA9DC2ECD0257F2981A7452AC746559152591C5F816109CD6549380FFD015787ADEEBF3394BAB7C73A05D64D5A74F0B61E3F0C409B09C91275CE43F0DEADBD7E6F373DC67CB3CEAE6F71A6F0C69056CABA603D7DBBBF793BB61800C353E89B2DB56E741DCEE16E7D5AE2F5EB2278896402CF1A76E98F947643F2A38AF38A0574FC3F837C530CE46D7800EB6C067FAF2F92D2735BAF79BA057A63471C5C60B3C9860A6B02D66B25480BA792F191EC15E94D61FAB49CF1313A809EE4A22BAB04B6D561911CA92EC2EA976958D1657BA8E75AAA4A5943605D7FBC0FDF1D0521F557B20D4010A0F67848E50A1134A65A7B10228FDAF839A0CDCFD8D4FA5F906A305D2A882374945BA5E68300F01700AC46DD54A60D9499832F3C45C0DE0FFA23FA0F8B844C35E1E44BE1427A134A1F09E36162382482844CD86735D997A772DD43456BE2B21269138DE5B7D9F6F2347AD23D0241476C1A33C08C9EDA96772B9E19EC21BB2D1F905639B53CB07D0AF500B5292E74814F83E48275BC322FA05C5EB2874A5B7B"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"="C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager (IDM)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 13 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Thu 29 May 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT9.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BITC.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT10.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT8.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BITD.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BITA.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BITF.tmp"
Mon 9 Jun 2008 25,839,664 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c06ee28d8d3322676c2cd7acbad74c37\BIT91.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BITB.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITE.tmp"
[b]Finished![/b]
j'ai fait un nettoyage mais rien a faire, toujours là lorsque je redémare mon ordi. Ca ouvre une 20 de fenetre qui indiquent continuer ou ne pas repondre aidez moi SVP je ne connait pas grand chose
Merci d'avence
[b]SDFix: Version 1.190 [/b]
Run by Jawad on 10/06/2008 at 23:31
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\nnnmnKee.dll - Deleted
C:\Program Files\Antivirus 2008 PRO\vscan.tsi - Deleted
C:\WINDOWS\system32\WinCtrl32(2)(2).dll - Deleted
C:\DOCUME~1\Jawad\LOCALS~1\Temp\media.php.bat - Deleted
C:\DOCUME~1\Jawad\LOCALS~1\Temp\winpole32.exe.bat - Deleted
C:\WINDOWS\system32\WinCtrl32.dll - Deleted
Folder C:\Program Files\Antivirus 2008 PRO - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-10 23:37:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="912E7C9B7CC11181A387D7A2B862F0F9F8DCBAB3BD8095F8FAEEE9E3A82D1BB76851483A548DF8AA5BCBA5480CC4B5E229D45A5589F46E807F17B515CBCCA93A688336F82EA6FCE98C7F1B85E3357F304A96BF3F2EC38F2AA5414223738768B2F6BA09B29CF583B07CE9890F48BC51FD2C59651FC6B7B8DB5FB559FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C9DB7CE019D40AA5CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808812F438A58C4808551165CDE5E6F5D057BD0E4F11709EB4AD5C65CA5B6EDB0F3021B5F1788BEB6990D2D2328668619B033E787CCB6B39BCEA6E73334055FCA356863C13E1FE9B9A635F1033CC55BC1200219C987F827DECA002F4C643EAA12CABD870D3A0D0A59624EF95E93BBD9B6D3032DEFF68214C728B9B96C069063E632B39927F72CBA67F27F6C5D59E63FDC42F88001A25DFCE94BCDBA1C1E8DF2AE581A43B918B66ABBF4168569E8CA1F1AD24885C94576B9DE09597829632C1554A2EA3D34F1CB59B0797F96B3D752E0DAE2F7C0D9CFA0F742AB1F4D25C447DCC3E53FD7480D6F9CA3035283AD6B483E8E44B74C86640F35B5728428E3E11C2C71ED56F66BA98820780A44438F1F5D47A9BAD65366DA5DC5DD0D9209800ECEBDCF7A13105736622015FBB2645520265C2301CA9AD6BF075262A4790855D3631DD93CFB318CD9AC2F65B69D05BB519AB6F6422C7478D16F55705009CF866FC6AC8EDDBCF6CA6EFAB3D68FA7DAC74918DF2321B74BAD835A20B99F389D774FC59FED77A3161980C4655C4E1AACBF53DDB7ADB1CF9C20FE7155F0942044D01A9280FC9924D5C152E4D3EB2EDFD8AFEC10EE9DFCF679BA9DC2ECD0257F2981A7452AC746559152591C5F816109CD6549380FFD015787ADEEBF3394BAB7C73A05D64D5A74F0B61E3F0C409B09C91275CE43F0DEADBD7E6F373DC67CB3CEAE6F71A6F0C69056CABA603D7DBBBF793BB61800C353E89B2DB56E741DCEE16E7D5AE2F5EB2278896402CF1A76E98F947643F2A38AF38A0574FC3F837C530CE46D7800EB6C067FAF2F92D2735BAF79BA057A63471C5C60B3C9860A6B02D66B25480BA792F191EC15E94D61FAB49CF1313A809EE4A22BAB04B6D561911CA92EC2EA976958D1657BA8E75AAA4A5943605D7FBC0FDF1D0521F557B20D4010A0F67848E50A1134A65A7B10228FDAF839A0CDCFD8D4FA5F906A305D2A882374945BA5E68300F01700AC46DD54A60D9499832F3C45C0DE0FFA23FA0F8B844C35E1E44BE1427A134A1F09E36162382482844CD86735D997A772DD43456BE2B21269138DE5B7D9F6F2347AD23D0241476C1A33C08C9EDA96772B9E19EC21BB2D1F905639B53CB07D0AF500B5292E74814F83E48275BC322FA05C5EB2874A5B7B"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"="C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager (IDM)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 13 Apr 2008 1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 13 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Thu 29 May 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT9.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BITC.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT10.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT8.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BITD.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BITA.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BITF.tmp"
Mon 9 Jun 2008 25,839,664 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c06ee28d8d3322676c2cd7acbad74c37\BIT91.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BITB.tmp"
Fri 30 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITE.tmp"
[b]Finished![/b]
A voir également:
- Avast alerte message
- Recuperer message whatsapp supprimé - Guide
- Désinstaller avast - Télécharger - Antivirus & Antimalwares
- Fausse alerte mcafee - Accueil - Piratage
- Message absence thunderbird - Guide
- Epingler un message whatsapp - Accueil - Messagerie instantanée
2 réponses
Salut !!
Télécharge sur le bureau hijackthis : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
-une fois installé sur le bureau, le renommer scan.exe
-Double-clic dessus
- Clic sur "Do a system scan and save the log"
- copier le rapport, le coller dans la réponse
Télécharge sur le bureau hijackthis : http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
-une fois installé sur le bureau, le renommer scan.exe
-Double-clic dessus
- Clic sur "Do a system scan and save the log"
- copier le rapport, le coller dans la réponse
Salut !!
Y a infections!
Télécharge BTFix 1.017
http://www.clubic.com/telecharger-fiche42579-btfix.html
* Décompresse l'archive sur ton Bureau
* Ouvre le dossier BTFix
* Double clique sur BTFix.exe
* Clique sur Rechercher
* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse
Remarque : BTFix n'est pas infecté ! Il peut être détecté à tort comme étant une toolbar indésirable ou un trojan par antivirus, c'est donc un faux positif, vous pouvez le télécharger et l'utiliser en toute sécurité
Y a infections!
Télécharge BTFix 1.017
http://www.clubic.com/telecharger-fiche42579-btfix.html
* Décompresse l'archive sur ton Bureau
* Ouvre le dossier BTFix
* Double clique sur BTFix.exe
* Clique sur Rechercher
* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse
Remarque : BTFix n'est pas infecté ! Il peut être détecté à tort comme étant une toolbar indésirable ou un trojan par antivirus, c'est donc un faux positif, vous pouvez le télécharger et l'utiliser en toute sécurité
voici le resultat je penses que c'est ca
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:02:27, on 11/06/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Documents and Settings\Jawad\Mes documents\Downloads\Programs\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: La Solution Ciel.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_0_31.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe