Se connecter / S'enregistrer
Votre question

changement avast pour antivir : nouveaux virus trouvés [RESOLU]

Tags :
  • Antivir
  • Sécurité
Dernière réponse : dans Sécurité et virus
20 Décembre 2007 17:12:44

merci angeldark, donc pour mon pc antivir m'a detecté des fichiers infectieux. Qu'en penses tu ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:14, on 2007-12-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Remotty] C:\Program Files\Remotty\Remotty.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 7241 bytes

Autres pages sur : changement avast antivir nouveaux virus trouves resolu

20 Décembre 2007 17:13:24



AntiVir PersonalEdition Classic
Report file date: 2007-12-19 19:46

Scanning for 981231 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: DIEUX

Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 13:51:38
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 2007-12-14 13:51:38
ANTIVIR3.VDF : 7.0.1.121 117760 Bytes 2007-12-19 13:51:38
AVEWIN32.DLL : 7.6.0.45 3084800 Bytes 2007-12-19 13:51:38
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: 2007-12-19 19:46

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'thunderbird.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wcourier.exe' - '1' Module(s) have been scanned
Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'brss01a.exe' - '1' Module(s) have been scanned
Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP100\A0013434.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP100\A0013453.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP101\A0013499.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP101\A0013527.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP101\A0013570.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP102\A0013605.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP102\A0013622.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP102\A0013693.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP103\A0013797.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP103\A0013930.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP104\A0013969.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP106\A0014040.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP107\A0014120.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP108\A0014185.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP108\A0014232.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP109\A0014331.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP110\A0014440.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP111\A0014474.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP111\A0014507.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP112\A0014530.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP112\A0014577.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP113\A0014687.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP114\A0014794.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP115\A0014910.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP116\A0014969.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP117\A0015041.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP117\A0015094.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP118\A0015171.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP119\A0015262.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP120\A0015313.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP121\A0015421.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP122\A0015746.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP122\A0015767.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP123\A0015790.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP123\A0015869.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP124\A0015932.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP124\A0015951.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP125\A0016016.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP126\A0016126.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP127\A0016229.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP128\A0016349.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP129\A0016458.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP130\A0016506.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP131\A0016590.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP132\A0016731.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP133\A0016751.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP134\A0016891.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP135\A0016939.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP136\A0017025.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP136\A0017075.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP137\A0017096.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP137\A0017113.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP137\A0018113.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP138\A0018128.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP138\A0018138.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP139\A0018172.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP139\A0018262.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP95\A0013070.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP96\A0013171.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP97\A0013232.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP98\A0013280.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP98\A0013323.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\System Volume Information\_restore{86E17F14-D695-406A-A68D-83A0B5D6B662}\RP99\A0013359.dll
[DETECTION] Is the Trojan horse TR/Gorshok.A
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'


End of the scan: 2007-12-19 20:30
Used time: 44:05 min

The scan has been done completely.

5915 Scanning directories
359329 Files were scanned
63 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
63 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
359266 Files not concerned
1739 Archives were scanned
2 Warnings
1 Notes

a b 8 Sécurité
20 Décembre 2007 17:18:50

Re,

Désactive tes protections résidentes (antivirus...) ![/#f]

  • Télécharge [#ff0000]combofix.exe
  • (par sUBs) sur ton Bureau.
  • Double clique combofix.exe.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    Contenus similaires
    20 Décembre 2007 17:23:38

    merci :
    ComboFix 07-12-20.1 - Utilisateur 2007-12-20 17:22:32.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.405 [GMT 1:00]
    Running from: D:\Mes Documents\Mes fichiers reçus\ComboFix.exe
    * Created a new restore point
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-11-20 to 2007-12-20 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-19 14:50 . 2007-12-19 14:50 <REP> d-------- C:\Program Files\Avira
    2007-12-19 14:50 . 2007-12-19 14:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2007-12-11 23:11 . 2007-12-11 23:11 <REP> d-------- C:\Program Files\CCleaner
    2007-12-07 14:45 . 2007-12-07 14:45 16,574 --a------ C:\WINDOWS\EPISMF00.SWB
    2007-12-07 14:45 . 2007-12-07 14:45 6,718 --a------ C:\WINDOWS\EPISMF07.SWB
    2007-11-28 20:35 . 2007-11-28 20:35 <REP> d-------- C:\Documents and Settings\Utilisateur\DoctorWeb

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-20 12:13 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2007-12-20 10:48 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Hamachi
    2007-12-18 18:28 --------- d-----w C:\Program Files\Weather Watcher
    2007-12-16 18:45 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\Azureus
    2007-12-11 12:17 --------- d-----w C:\Program Files\Azureus
    2007-12-05 19:10 --------- d-----w C:\Documents and Settings\Utilisateur\Application Data\OpenOffice.org2
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-11-18 09:59 --------- d-----w C:\Program Files\Teamspeak2 server
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-06 22:24 --------- d-----w C:\Program Files\QuickTime
    2007-11-06 22:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-11-06 22:23 --------- d-----w C:\Program Files\Apple Software Update
    2007-11-06 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2007-10-30 18:59 --------- d-----w C:\Program Files\Hamachi
    2007-10-30 18:58 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
    2007-08-24 11:00 56 --sh--r C:\WINDOWS\system32\CF7CE98A61.sys
    2007-08-24 11:00 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-08-17 19:17]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-08-29 04:30]
    "Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
    "SMSERIAL"="sm56hlpr.exe" [2005-05-27 00:12 C:\WINDOWS\sm56hlpr.exe]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-19 03:07]
    "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 15:55]
    "Wireless Console 2"="C:\Program Files\ASUS\Wireless Console 2\wcourier.exe" [2005-08-23 12:45]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
    "Remotty"="C:\Program Files\Remotty\Remotty.exe" []
    "SetDefPrt"="C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 17:02]
    "RTHDCPL"="RTHDCPL.EXE" [2005-10-14 16:51 C:\WINDOWS\RTHDCPL.exe]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-10 14:55]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-19 14:51]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
    C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-08-18 11:38 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=wbsys.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Contrôleur d’état.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Contrôleur d’état.lnk
    backup=C:\WINDOWS\pss\Contrôleur d’état.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Utilisateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
    path=C:\Documents and Settings\Utilisateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk
    backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
    C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WinVNC4"=2 (0x2)

    R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 18:54]
    R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys [2004-04-22 14:03]
    S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2004-10-15 11:50]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f7aa99e-a269-11dc-80ae-001731229abf}]
    \Shell\AutoRun\command - RAVMON.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d13836aa-9426-11dc-808f-001731229abf}]
    \Shell\AutoRun\command - RavMon.exe
    \Shell\explore\Command - RavMon.exe -e
    \Shell\open\Command - RavMon.exe

    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-20 17:24:13
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\Program Files\Stardock\Object Desktop\WindowBlinds\tray.dll
    .
    Completion time: 2007-12-20 17:25:10
    .
    2007-12-12 21:22:34 --- E O F ---
    a b 8 Sécurité
    20 Décembre 2007 17:26:01

    Re,

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
    20 Décembre 2007 17:30:46

    20/12/2007 a 17:31:43,87

    *** Recherche des fichiers dans C:
    C:\autorun.inf FOUND

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !
    a b 8 Sécurité
    20 Décembre 2007 17:35:33

    Re,

    Redémarre en mode sans échec

    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 2 puis patiente.

    Redémarre normalement.

    Poste le rapport clean : C:\rapport_clean.txt
    20 Décembre 2007 17:44:17

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 20/12/2007 a 17:40:52,15

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:
    tentative de suppression de C:\autorun.inf
    Impossible de supprimer C:\autorun.inf

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32

    *** Suppression des fichiers dans C:\Program Files

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    20 Décembre 2007 17:45:56

    c'est quoi cet autorun.inf ?
    a b 8 Sécurité
    20 Décembre 2007 18:05:34

    Un infection :D 

    Pour supprimer cette infection, suis cette procédure.
    20 Décembre 2007 23:47:21

    ca y est
    un autre hijackthis ?

    bonne nuit
    a b 8 Sécurité
    21 Décembre 2007 10:59:20

    Oui :) 
    21 Décembre 2007 11:43:30

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:44:56, on 21/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
    C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Mozilla Thunderbird\thunderbird.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HiJackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1036
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\ASUS\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Remotty] C:\Program Files\Remotty\Remotty.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

    --
    End of file - 7225 bytes
    a b 8 Sécurité
    21 Décembre 2007 11:47:30

    Et maintenant ?
    21 Décembre 2007 11:49:28

    et maintenant quoi ? :p 
    a b 8 Sécurité
    21 Décembre 2007 11:52:30

    Bah c'est mieux ?
    21 Décembre 2007 11:53:40

    bein j'avais pas de symptomes, c'est juste que le scan d'antivir détectait des virus, sinon je n'avais rien remarqué de spécial.
    je peux rescanner avec antivir peut etre

    merci
    21 Décembre 2007 21:54:07

    j'ai rescanné et antivir n'a rien détecté. Je ferme le topic

    merci angeldrak et bonnes fetes
    a b 8 Sécurité
    21 Décembre 2007 22:16:44

    Bonne fêtes :) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS