[LOGICIEL] [Centralisation] .:::: Hijackthis ::::.

guymauve · le 14 mai 2005

Bonjour,

Cela fait 2 jours que je tente de réparer un pc infecté comme c'est pas permis. Au départ j'avais lancé ad-aware qui m'avais trouvé 1100 problèmes.

Bref j'ai passé a-v + cccleaner + spysweeper + anti trojan, modifier le msconfig

Je suis passé au sp2 aussi mais je n'arrive pas à faire les maj depuis le net.

De plus j'ai un dossier isrvs que je n'arrive pas à virer.

En 1 mot comme en 100 ... Au secours ...

PS: je dois être dans les gagnants là non ??? Un grand merci d'avance.

Logfile of HijackThis v1.99.1

Scan saved at 17:19:25, on 14/05/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

C:\Program Files\Softwin\BitDefender8\vsserv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\rundll32.exe

C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

C:\Program Files\Softwin\BitDefender8\bdoesrv.exe

C:\Program Files\Softwin\BitDefender8\bdnagent.exe

C:\WINDOWS\System32\w?auboot.exe

C:\Documents and Settings\Maurice\Application Data\satp.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\msiexec.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {3EDBA5DF-1969-6591-6BD3-678309C8F4E9} - C:\WINDOWS\System32\mqkpik.dll

O2 - BHO: (no name) - {EB9C1461-09E0-94E6-F2FC-52E41E589E51} - (no file)

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [bDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe

O4 - HKLM\..\Run: [bDOESRV] C:\Program Files\Softwin\BitDefender8\bdoesrv.exe

O4 - HKLM\..\Run: [bDNewsAgent] C:\Program Files\Softwin\BitDefender8\bdnagent.exe

O4 - HKCU\..\Run: [Zw0mRjN5T] touql32.exe

O4 - HKCU\..\Run: [bpa] C:\WINDOWS\System32\w?auboot.exe

O4 - HKCU\..\Run: [Aaes] C:\Documents and Settings\Maurice\Application Data\satp.exe

O4 - HKCU\..\Run: [Lhe] C:\WINDOWS\System32\Lpr.exe

O4 - HKCU\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O4 - Startup: WindowsUpdate57726[1].exe

O4 - Startup: winupdate14709836[1].exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Microsoft AntiSpyware helper - {AD9AA0BF-7096-4507-8AA2-E792C27525B7} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AD9AA0BF-7096-4507-8AA2-E792C27525B7} - (no file) (HKCU)

O15 - Trusted Zone: *.c4tdownload.com

O15 - Trusted Zone: *.horse-active.net

O15 - Trusted Zone: *.iframe.biz

O15 - Trusted Zone: *.newiframe.biz

O15 - Trusted Zone: *.overpro.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.sp2admin.biz

O15 - Trusted Zone: *.sp2fucked.biz

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.horse-active.net (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 64.62.171.156

O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Sha...t//DexiaIIA.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110910364512

O16 - DPF: {B467A3AF-E45B-4B1B-9983-C035D988FB0F} - http://advnt01.com/dialer/belgio_ver10.CAB

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{170A721C-5192-4799-B912-A1AC489340B2}: NameServer = 194.119.228.67 193.74.208.135

O17 - HKLM\System\CS1\Services\Tcpip\..\{170A721C-5192-4799-B912-A1AC489340B2}: NameServer = 194.119.228.67 193.74.208.135

O20 - Winlogon Notify: drct16 - drct16.dll (file missing)

O20 - Winlogon Notify: iexplore - i\ird.dll (file missing)

O21 - SSODL: NTDBGTOOL - {ED8D65C8-F7C4-4A1A-87EA-4B9602AB236F} - C:\WINDOWS\System32\rasaaddr.dll

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netnn32.exe (file missing)

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe

O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\System32\wisvcc.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender8\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

:francais:

tom_beckett · le 14 mai 2005

Salut j'ai fais un scan par curiosité .

Si tu pourrais me dire ce qu'il en est.

Je te remercie beaucoup.

J'ai mis le rapport en ligne sur le site . Apparement c'est good.

Mais je préfère demander avis à un humain que un robot :eeek2:

Merci beaucoup. :transpi:

Logfile of HijackThis v1.99.1

Scan saved at 18:50:35, on 14/05/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

C:\Program Files\SpeedFan\speedfan.exe

D:\serveur\emule pawio\emule.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll

O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1112028768968

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Keyboard Service System Files (Keyboard Service) - Unknown owner - C:\WINDOWS\System32\keyboard.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Amnesiac · le 15 mai 2005

Salut, avec un peu de retard, voici mon log aveles modifs que tu m'avais dit de faire :francais:

Logfile of HijackThis v1.99.1

Scan saved at 16:18:09, on 15/05/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ASUS\Probe\AsusProb.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\MessengerPlus! 3\MsgPlus.exe

C:\WINDOWS\System32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\SOUNDMAN.EXE

I:\gamez\valve\steam\steam.exe

C:\Program Files\TheTurtle\TheTurtle.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Serv-U\ServUTray.exe

C:\Program Files\Samurize\Client.exe

C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\Program Files\Serv-U\ServUDaemon.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Winamp\winamp.exe

C:\Program Files\BitTorrent\btdownloadgui.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe

O4 - HKLM\..\Run: [Microsoft Support Service] svcmgt.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] winss.exe

O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe

O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe

O4 - HKLM\..\Run: [symantec Anti Virus] symantec32.exe

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"

O4 - HKLM\..\RunServices: [Microsoft Support Service] svcmgt.exe

O4 - HKLM\..\RunServices: [Microsoft Update Machine] winss.exe

O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe

O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe

O4 - HKLM\..\RunServices: [symantec Anti Virus] symantec32.exe

O4 - HKCU\..\Run: [Microsoft Support Service] svcmgt.exe

O4 - HKCU\..\Run: [Microsoft Update Machine] winss.exe

O4 - HKCU\..\Run: [symantec Anti Virus] symantec32.exe

O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe

O4 - HKCU\..\Run: [steam] "i:\gamez\valve\steam\steam.exe" -silent

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [TheTurtle] C:\Program Files\TheTurtle\TheTurtle.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

O4 - HKCU\..\Run: [servUTrayIcon] C:\Program Files\Serv-U\ServUTray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [spySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe

O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: Télécharger le site web avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm

O8 - Extra context menu item: Télécharger sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Télécharger tout avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1098620658624

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\System32\CTsvcCDA.exe (file missing)

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Serv-U FTP Server (Serv-U) - Cat Soft - C:\Program Files\Serv-U\ServUDaemon.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

O23 - Service: Symantec Anti Virus (Symantec) - Unknown owner - C:\WINDOWS\system32\symantec32.exe" -netsvcs (file missing)

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)

snooky · le 15 mai 2005

@ guymauve :

Passe ccleaner.

Ces processus doivent disparaitre de ton pc :

( termine ces processus s'ils sont actifs dans le gestionnaire de tâches )

C:\WINDOWS\System32\w?auboot.exe

C:\Documents and Settings\Maurice\Application Data\satp.exe

... touql32.exe

...WindowsUpdate57726[1].exe

...winupdate14709836[1].exe

Utilise la fonction "Delete a file on reboot " de Hijackthis . ( capture décran plus haut dans les posts )

Fixer objet sur ces lignes :

O2 - BHO: (no name) - {3EDBA5DF-1969-6591-6BD3-678309C8F4E9} - C:\WINDOWS\System32\mqkpik.dll

O2 - BHO: (no name) - {EB9C1461-09E0-94E6-F2FC-52E41E589E51} - (no file)

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKCU\..\Run: [Zw0mRjN5T] touql32.exe

O4 - HKCU\..\Run: [bpa] C:\WINDOWS\System32\w?auboot.exe

O4 - HKCU\..\Run: [Aaes] C:\Documents and Settings\Maurice\Application Data\satp.exe

O4 - Startup: WindowsUpdate57726[1].exe

O4 - Startup: winupdate14709836[1].exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Microsoft AntiSpyware helper - {AD9AA0BF-7096-4507-8AA2-E792C27525B7} - (no file) (HKCU)

O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AD9AA0BF-7096-4507-8AA2-E792C27525B7} - (no file) (HKCU)

O15 - Trusted Zone: *.c4tdownload.com

O15 - Trusted Zone: *.horse-active.net

O15 - Trusted Zone: *.iframe.biz

O15 - Trusted Zone: *.newiframe.biz

O15 - Trusted Zone: *.overpro.com

O15 - Trusted Zone: *.skoobidoo.com

O15 - Trusted Zone: *.slotchbar.com

O15 - Trusted Zone: *.sp2admin.biz

O15 - Trusted Zone: *.sp2fucked.biz

O15 - Trusted Zone: *.windupdates.com

O15 - Trusted Zone: *.horse-active.net (HKLM)

O15 - Trusted Zone: *.skoobidoo.com (HKLM)

O15 - Trusted Zone: *.slotchbar.com (HKLM)

O15 - Trusted Zone: *.windupdates.com (HKLM)

O15 - Trusted IP range: 64.62.171.156

O16 - DPF: Dexia netbanking - http://netbanking.dexia.be/PC//Dynamic/Sha...t//DexiaIIA.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110910364512

O16 - DPF: {B467A3AF-E45B-4B1B-9983-C035D988FB0F} - http://advnt01.com/dialer/belgio_ver10.CAB

O20 - Winlogon Notify: drct16 - drct16.dll (file missing)

O20 - Winlogon Notify: iexplore - i\ird.dll (file missing)

O21 - SSODL: NTDBGTOOL - {ED8D65C8-F7C4-4A1A-87EA-4B9602AB236F} - C:\WINDOWS\System32\rasaaddr.dll

O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netnn32.exe (file missing)

O23 - Service: Windows update Service (updater) - Unknown owner - C:\WINDOWS\System32\wisvcc.exe

Procède à ces manipulations en mode sans échec.

Poste un nouveau rapport.

snooky · le 15 mai 2005

@ tom_becket :

ton rapport est clean :mad2:

ZinZin · le 15 mai 2005

Suite a ma grosse galère ici... je post mon rapport hijackthis en esperant être aidé :mad2:

Logfile of HijackThis v1.99.1
Scan saved at 18:26 ZinZin, on 15/05/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Avast4\aswUpdSv.exe

F:\Program Files\Avast4\ashServ.exe

F:\WINDOWS\System32\svchost.exe

F:\PROGRA~1\Avast4\ashDisp.exe

F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

F:\Program Files\Razer\razertra.exe

F:\WINDOWS\Mixer.exe

F:\Program Files\MessengerPlus! 3\MsgPlus.exe

F:\Program Files\Razer\razerofa.exe

F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\Program Files\Razer\razerhid.exe

F:\Program Files\iTunes\iTunesHelper.exe

F:\Program Files\Avast4\ashWebSv.exe

F:\Program Files\Skype\Phone\Skype.exe

F:\Program Files\iPod\bin\iPodService.exe

F:\Program Files\MSN Messenger\msnmsgr.exe

F:\Program Files\Opera\Opera.exe

F:\Documents and Settings\Jimmy\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036

F3 - REG:win.ini: run=

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [razertra] F:\Program Files\Razer\razertra.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110729895109

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...489/mcfscan.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - F:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

@Snooky: si tu peu repondre dans mon post (ici) c'est cool :mad2: :mad2:

snooky · le 15 mai 2005

@ amnesiac :

Passe "]Clean Up[/b]

Scan , coche et fixe ces lignes avec Hijackthis :

O4 - HKLM\..\Run: [Microsoft Support Service] svcmgt.exe

O4 - HKLM\..\Run: [Microsoft Update Machine] winss.exe

O4 - HKLM\..\Run: [Microsoft Services] lssrv.exe

O4 - HKLM\..\Run: [Microsoft Update] vpc32.exe

O4 - HKLM\..\Run: [symantec Anti Virus] symantec32.exe

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunServices: [Microsoft Support Service] svcmgt.exe

O4 - HKLM\..\RunServices: [Microsoft Update Machine] winss.exe

O4 - HKLM\..\RunServices: [Microsoft Services] lssrv.exe

O4 - HKLM\..\RunServices: [Microsoft Update] vpc32.exe

O4 - HKLM\..\RunServices: [symantec Anti Virus] symantec32.exe

O4 - HKCU\..\Run: [Microsoft Support Service] svcmgt.exe

O4 - HKCU\..\Run: [Microsoft Update Machine] winss.exe

O4 - HKCU\..\Run: [symantec Anti Virus] symantec32.exe

O4 - HKCU\..\Run: [Microsoft Update] vpc32.exe

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

Reboot.

Passe en mode sans échec et désactive la restauration system.

Scan en ligne ici :

Les 5 processus en " gras " ne doivent plus apparaitrent sur ton pc.

Utilise " Delete a file on reboot " si encore présent sur ton pc.

( capture d'écran plus haut dans les posts )

Trojanscan

Poste un nouveau rapport pour vérification.

snooky · le 15 mai 2005

DE zinzin : ( pas de " quote " stp... :mad2: )

Logfile of HijackThis v1.99.1

Scan saved at 18:26 ZinZin, on 15/05/2005

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\Explorer.EXE

F:\WINDOWS\system32\spoolsv.exe

F:\Program Files\Avast4\aswUpdSv.exe

F:\Program Files\Avast4\ashServ.exe

F:\WINDOWS\System32\svchost.exe

F:\PROGRA~1\Avast4\ashDisp.exe

F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

F:\Program Files\Razer\razertra.exe

F:\WINDOWS\Mixer.exe

F:\Program Files\MessengerPlus! 3\MsgPlus.exe

F:\Program Files\Razer\razerofa.exe

F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\Program Files\Razer\razerhid.exe

F:\Program Files\iTunes\iTunesHelper.exe

F:\Program Files\Avast4\ashWebSv.exe

F:\Program Files\Skype\Phone\Skype.exe

F:\Program Files\iPod\bin\iPodService.exe

F:\Program Files\MSN Messenger\msnmsgr.exe

F:\Program Files\Opera\Opera.exe

F:\Documents and Settings\Jimmy\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.passport.com/ppsecure/md5auth.srf?lc=1036

F3 - REG:win.ini: run=

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r

O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [razertra] F:\Program Files\Razer\razertra.exe

O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe"

O4 - HKLM\..\Run: [ATIPTA] F:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [iTunesHelper] "F:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [skype] "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [MessengerPlus3] "F:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - F:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1110729895109

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...489/mcfscan.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - F:\Program Files\Avast4\aswUpdSv.exe

O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - F:\Program Files\Avast4\ashServ.exe

O23 - Service: avast! Web Scanner - Unknown owner - F:\Program Files\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - F:\Program Files\iPod\bin\iPodService.exe

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - F:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

snooky · le 15 mai 2005

@ zinzin :

Passe Clean Up

Fixer objet sur ces lignes :

F3 - REG:win.ini: run=

O4 - HKLM\..\Run: [sunJavaUpdateSched] F:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] F:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - F:\WINDOWS\web\related.htm

O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - F:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

Reboot.

Passe CWShredder

Scan en ligne ici : Trojanscan

Poste un nouveau rapport pour vérification.

ZinZin · le 15 mai 2005

J'ai fait tout ce que tu m'a dit....

Pour le scan en ligne il a rien trouver....

un nouveau rapport:

Logfile of HijackThis v1.99.1

Scan saved at 19:39 ZinZin, on 15/05/2005