Virus dique dur externe

Fermé
latzen.64 - 5 nov. 2008 à 13:11
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 - 5 nov. 2008 à 17:38
Bonjour,
Alors voila il y a peu j'ai fait un scan de mon système avec mon antivirus (Avira antivir). Il m'a trouvé 3 trojan que j'ai mis en quarantaine. Les 3 se trouvent sur mon disque dur externe ou je stocke mes fichiers les plus importants photos musiques films document pour le boulot.
Hier j'ai voulu écouter de la musique et la à ma grande surprise le morceau saute comme si c'était un CD de salon et que tu sautes à coté de la chaine hifi. J'ai également trouvé un album où les fichiers audio avaient été remplacé par des dossiers avec des noms illisibles (police de caractères symbols je pense). Je suis allé voir mes photos et la quelques une pour l'instant on été altérés (une partie de l'image est grisée comme quand on recoit pas une chaine TV avec l'antenne hertzienne)

Vous pourrez trouver ci dessous le rapport de mon scan antivir Merci pour votre aide!!

PS: J'ai éteind le disque dur externe:

Avira AntiVir Personal
Report file date: lundi 3 novembre 2008 13:35

Scanning for 1002747 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: XP-3863C12A1079

Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 19:00:43
ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 31/10/2008 18:49:16
ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 31/10/2008 18:49:16
ANTIVIR3.VDF : 7.1.0.27 30208 Bytes 02/11/2008 18:48:23
Engineversion : 8.2.0.10
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 11:25:17
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 17/10/2008 13:50:28
AESCN.DLL : 8.1.1.3 123252 Bytes 15/10/2008 11:25:15
AERDL.DLL : 8.1.1.2 438644 Bytes 02/10/2008 12:09:28
AEPACK.DLL : 8.1.2.4 369014 Bytes 15/10/2008 11:25:14
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 23/10/2008 17:37:42
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 23/10/2008 17:37:39
AEHELP.DLL : 8.1.1.2 115062 Bytes 15/10/2008 11:25:12
AEGEN.DLL : 8.1.0.42 319861 Bytes 24/10/2008 17:37:46
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 11:25:10
AECORE.DLL : 8.1.2.9 172407 Bytes 29/10/2008 19:00:50
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 11:25:08
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 02/10/2008 12:09:22
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, G:, K:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 3 novembre 2008 13:35

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned
Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
Scan process 'MPAPI3s.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
Scan process 'PCSuite.exe' - '1' Module(s) have been scanned
Scan process 'PcSync2.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'SixEngine.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'K:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\' <Windows>
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Données>
Begin scan in 'E:\' <Swap>
E:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'G:\' <Data>
Begin scan in 'K:\' <IOMEGA_HDD>
K:\Mes documents\jeux\Diablo II + Expansion\Nouveau dossier (2)\Crack DIABLO II LOD NO CD.ZIP
[0] Archive type: ZIP
--> DLoad.exe
[DETECTION] Is the TR/DownLd.B Trojan
[NOTE] The file was moved to '49700393.qua'!
K:\Mes documents\jeux\Diablo II + Expansion\Nouveau dossier (2)\DLoad.exe
[DETECTION] Is the TR/DownLd.B Trojan
[NOTE] The file was moved to '497e0374.qua'!
K:\Mes documents\jeux\oblivion\engine32.cab
[0] Archive type: CAB (Microsoft)
--> ctor.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
K:\Mes documents\jeux\oblivion\DXREDIST\Aug2005_d3dx9_27_x64.cab
[0] Archive type: CAB (Microsoft)
--> d3dx9_27.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
K:\Mes documents\jeux\oblivion\DXREDIST\Aug2005_MDX_x86.cab
[0] Archive type: CAB (Microsoft)
--> microsoft.directx.diagnostics.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
K:\Aurélie\Sauvegarde\antivirus\AVG AntiVirus 7.5 + Keygen\avg75_488a1157.exe
[DETECTION] Is the TR/Jevafus.A.239 Trojan
[NOTE] The file was moved to '497603ac.qua'!
K:\Assasin's creed\Support\DirectX\APR2007_d3dx10_33_x64.cab
[0] Archive type: CAB (Microsoft)
--> d3dx10_33.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
K:\Assasin's creed\Support\DirectX\APR2007_d3dx10_33_x86.cab
[0] Archive type: CAB (Microsoft)
--> d3dcompiler_33.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
K:\Assasin's creed\Support\DirectX\Apr2006_d3dx9_30_x64.cab
[0] Archive type: CAB (Microsoft)
--> infinst.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
K:\Assasin's creed\Support\DirectX\Apr2006_xinput_x64.cab
[0] Archive type: CAB (Microsoft)
--> infinst.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
K:\Assasin's creed\Support\DirectX\BDANT.cab
[0] Archive type: CAB (Microsoft)
--> psisrndr.ax
[WARNING] No further files can be extracted from this archive. The archive will be closed
K:\Assasin's creed\Support\DirectX\Dec2005_d3dx9_28_x86.cab
[0] Archive type: CAB (Microsoft)
--> d3dx9_28.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
K:\Assasin's creed\Support\DirectX\JUN2007_d3dx10_34_x86.cab
[0] Archive type: CAB (Microsoft)
--> d3dcompiler_34.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
K:\Assasin's creed\Support\DirectX\JUN2007_d3dx9_34_x64.cab
[0] Archive type: CAB (Microsoft)
--> d3dx9_34.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
K:\Assasin's creed\Support\DirectX\Jun2005_d3dx9_26_x86.cab
[0] Archive type: CAB (Microsoft)
--> d3dx9_26.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
K:\Assasin's creed\Support\DirectX\OCT2006_d3dx9_31_x86.cab
[0] Archive type: CAB (Microsoft)
--> d3dx9_31.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed
K:\Assasin's creed\Support\DirectX\dxnt.cab
[0] Archive type: CAB (Microsoft)
--> ddrawex.dll
[WARNING] No further files can be extracted from this archive. The archive will be closed


End of the scan: lundi 3 novembre 2008 14:58
Used time: 1:22:32 Hour(s)

The scan has been done completely.

6882 Scanning directories
149897 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
149892 Files not concerned
1310 Archives were scanned
16 Warnings
3 Notes

3 réponses

Utilisateur anonyme
5 nov. 2008 à 13:28
Salut,

Commence par ceci:

===================POUR LES UTILISATEURS DE VISTA=========================
=>< Désactive le « contrôle des comptes utilisateurs = UAC »
(tu le réactiveras après ta désinfection): Ne pas oublier !!
Désactiver l'UAC est nécessaire pour pouvoir faire fonctionner certains programmes sous Vista.
- Vas dans Démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
=><><Désactiver la restauration système sous vista

==>NOTE:
=><Avant tout emploi de logiciel, s’assurer que les protections de registres tel que le Tea Timer de spybot sont désactivées (notamment lors de l’emploi d’HijackThis)
Spybot=>mode avancé=> outils => résident
Décocher la case résident "tea timer"

Refermer Spybot.

télécharge hijackthis
-> enregistre la cible sous .... "le bureau"

->renommer hijackthis en faisant comme suit:Fais un clic droit sur hijackthis, choisis "renommer" marque : ABCD.exe

-> Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation

-> Clique sur Install ensuite sur "I Accept"

-> Clique sur" Do a scan system and save log file"

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse

->Tuto hijackthis
0
Salut goldorak tu as le rapport sans le disque externe branché ci dessus merci pour ton aide
0
Re excuse moi j'avais pas renommer le prog Voici le log tjs sans le disque dur externe branché donc si il te faut le log avec le disque externe préviens moi merci de ton aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:24, on 05/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350
5 nov. 2008 à 13:28
peut tu nous fair ce rapport
télecharge ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html


Lance HijackThis en double cliquant sur son icône puis cliquez sur le bouton do a system scan and save a logfile

Le rapport est retranscrit aussitôt apres le scan dans une fenêtre de type Bloc-notes

toutes règles absolues est vrai , jusqu'à son contraire ...(sherred)
0
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350
5 nov. 2008 à 13:28
peut tu nous fair ce rapport
télecharge ici https://www.clubic.com/telecharger-fiche17891-hijackthis.html


Lance HijackThis en double cliquant sur son icône puis cliquez sur le bouton do a system scan and save a logfile

Le rapport est retranscrit aussitôt apres le scan dans une fenêtre de type Bloc-notes

toutes règles absolues est vrai , jusqu'à son contraire ...(sherred)
0
Ok mais je suis donc obligé de rebranché mon disque dur externe je suppose!!
Parceque chose que j'ai oublier de préciser tous les fichiers multimédias étant sur mes disques dur internes sont utilisables et non altérés!!
0
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350 > latzen.64
5 nov. 2008 à 13:36
je laisse goldorak te repondre
0
Voila le rapport sans le disque externe branché

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:48, on 05/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
0
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 350 > latzen.64
5 nov. 2008 à 17:38
bon comme personne te repond.....
perso je ne vois rien de bien mechant pour l'instant
si ce n'est Explorer v6.00 qu tu devrai passer en V7.00

donc pour tes disques dur
telecharge
https://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html
tres important---->Fait les mises à jour de MBAM
puis redemarre en mode sans échec (F8 au demarrage du pc)
Lance le ,en examen COMPLET ,sur TOUS tes disques durs
Une fois le scan terminé, cliquez sur supprimer tous ce qu'il a trouver
redemarre ton pc
redemarre MBAM
va voir dans rapport log copi et colle les resultats
0