Sujet Précédent Sujet Suivant

Comment virer le virus Roockit-gen ?

Fermé
scloob - 12 juin 2008 à 13:34
 scloob - 12 juin 2008 à 16:54
Bonjour,
je suis infecté par le virus Roockit-gen, je ne sais pas comment le spprimer, mes antivirus ne le détectent pas (avast + antispyware).
merci de m'aider...

5 réponses

Réponse 1 / 5
dadateite Messages postés 310 Date d'inscription lundi 10 décembre 2007 Statut Membre Dernière intervention 4 août 2014 180
12 juin 2008 à 14:24
va voir http://www.commentcamarche.net/forum/affich 5868387 virus rootkit gen
0
scloob
12 juin 2008 à 15:25
> voici mon rapport de hijackthis pour le virus Roockit-gen> =20> =20> =20> Logfile of Trend Micro HijackThis v2.0.2Scan saved at 15:04:22, on 12/06/20=> 08Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (=> 7.00.6000.16674)Boot mode: Normal> Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.=> exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\=> system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS=> \System32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXE=> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeC:\Program Files\Alwil S=> oftware\Avast4\ashServ.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system3=> 2\drivers\CDAC11BA.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Analo=> g Devices\SoundMAX\SMAgent.exeC:\Program Files\Alcohol Soft\Alcohol 52\Star=> Wind\StarWindService.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Fic=> hiers communs\Ulead Systems\DVD\ULCDRSvr.exeC:\Program Files\Alwil Software=> \Avast4\ashMaiSv.exeC:\Program Files\Alwil Software\Avast4\ashWebSv.exeC:\P=> rogram Files\Apoint2K\Apoint.exeC:\Program Files\Java\jre1.6.0_05\bin\jusch=> ed.exeC:\Program Files\HPQ\Quick Launch Buttons\EabServr.exeC:\WINDOWS\AGRS=> MMSG.exeC:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeC:\Program Files\iTunes\iTun=> esHelper.exeC:\Program Files\QuickTime\qttask.exeC:\WINDOWS\tsnpstd3.exeC:\=> Program Files\V-Gear LiveShow\LiveShow.exeC:\WINDOWS\vsnpstd3.exeC:\Program=> Files\Windows Defender\MSASCui.exeC:\Program Files\SPYWAREfighter\spftray.=> exeC:\Program Files\Skype\Phone\Skype.exeC:\WINDOWS\system32\ctfmon.exeC:\P=> rogram Files\Nokia\Nokia PC Suite 6\PCSuite.exeC:\documents and settings\ra=> phael\local settings\application data\uioekxf.exeC:\Program Files\CASIO\Pho=> to Loader\Plauto.exeC:\Program Files\Apoint2K\Apntex.exeC:\Program Files\iP=> od\bin\iPodService.exeC:\Program Files\SPYWAREfighter\spfprc.exeC:\Program => Files\PC Connectivity Solution\ServiceLayer.exeC:\Program Files\PC Connecti=> vity Solution\Transports\NclUSBSrv.exeC:\Program Files\PC Connectivity Solu=> tion\Transports\NclRSSrv.exeC:\Program Files\Alwil Software\Avast4\ashSimpl=> .exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Win=> dows Live\Messenger\usnsvc.exeC:\Program Files\Internet Explorer\IEXPLORE.E=> XEC:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginPr=> oxy.exeC:\Program Files\Trend Micro\monjack\monjack.exe> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =3D http://r=> echerche.neuf.fr/ie/default.htmlR1 - HKCU\Software\Microsoft\Internet Explo=> rer\Main,Search Page =3D https://actus.sfr.fr - HKCU\Software\Micros=> oft\Internet Explorer\Main,Start Page =3D http://home.neuf.fr/R1 - HKLM\Sof=> tware\Microsoft\Internet Explorer\Main,Default_Page_URL =3D http://go.micro=> soft.com/fwlink/?LinkId=3D69157R1 - HKLM\Software\Microsoft\Internet Explor=> er\Main,Default_Search_URL =3D https://actus.sfr.fr - HKLM\Software\=> Microsoft\Internet Explorer\Main,Search Page =3D http://go.microsoft.com/fw=> link/?LinkId=3D54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Sta=> rt Page =3D https://www.microsoft.com/fr-fr/?ref=go - HKLM\Softwar=> e\Microsoft\Internet Explorer\Search,SearchAssistant =3D http://recherche.n=> euf.fr/ie/default.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,W=> indow Title =3D Microsoft Internet ExplorerR0 - HKCU\Software\Microsoft\Int=> ernet Explorer\Toolbar,LinksFolderName =3D LiensO2 - BHO: Aide pour le lien=> d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program F=> iles\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: e-Car=> te Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C=> :\WINDOWS\system32\BhoECart.dll (file missing)O2 - BHO: Alcohol Toolbar Hel=> per - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Too=> lbar\v3.2.0.0\Alcohol_Toolbar.dllO2 - BHO: (no name) - {53707962-6F74-2D53-=> 2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: EoRezoBHO -=> {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoR=> ezobho.dll (file missing)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6=> EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: P=> rogramme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4=> ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared=> \Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {C6801317-9393-5A49=> -F600-2B0C2DDF1526} - C:\DOCUME~1\raphael\APPLIC~1\planpure\Dumbdale.exe (f=> ile missing)O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659=> B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dllO4 -=> HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exeO4 - HKLM\..\Run=> : [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HK=> LM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [Cpqset] C:\Program Fi=> les\HPQ\Default Settings\cpqset.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "=> C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [Update=> Manager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe=> " /rO4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Butt=> ons\EabServr.exe /StartO4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exeO4 - HKLM\.=> .\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorunO4 - HKLM=> \..\Run: [stnospy] C:\Program Files\SinEspias\no-spy.exe /autorunO4 - HKLM\=> ..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logonO4 - H=> KLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -sO4 - HKLM\..\R=> un: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [iTun=> esHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [Quic=> kTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..=> \Run: [eCarteBleue-PREM] "C:\Program Files\ECB-PREM.exe" /dontopenmycardsO=> 4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Read=> er 8.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd=> 3.exeO4 - HKLM\..\Run: [V-Gear LiveShow] "C:\Program Files\V-Gear LiveShow\=> LiveShow.exe" -mO4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exeO4 - HKL=> M\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe=> " -hideO4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfigh=> ter\spftray.exeO4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A5=> 6B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"O4 - => HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /mi=> nimizedO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HK=> CU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite=> .exe" -onlytrayO4 - HKCU\..\Run: [uioekxf] c:\documents and settings\raphae=> l\local settings\application data\uioekxf.exe uioekxfO4 - HKCU\..\Run: [WIN=> SOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINIO4 - HKCU\..\Run: [Per=> formance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe => -mO4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (U=> ser 'SERVICE LOCAL')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\syst=> em32\CTFMON.EXE (User 'SERVICE R=C9SEAU')O4 - HKUS\S-1-5-18\..\Run: [CTFMON=> .EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\R=> un: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')O4 - G=> lobal Startup: Supervision de Photo Loader.lnk =3D C:\Program Files\CASIO\P=> hoto Loader\Plauto.exeO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AA=> A5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra => 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C60850=> 1} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: (no na=> me) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnosti=> c\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd3=> 8-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.ex=> eO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:=> \Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Mes=> senger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenge=> r\msmsgs.exeO14 - IERESET.INF: START_PAGE_URL=3Dhttp://ie.redirect.hp.com/s=> vs/rdr?TYPE=3D3&tp=3Diehome&locale=3DFR_FR&c=3DQ105&bd=3Dpresario&pf=3Dlapt=> opO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advant=> age Validation Tool) - https://www.microsoft.com/fr-fr/?ref=go =3D0x409O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl => Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileShar=> ing/fr/filesharingctrl.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537}=> (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnP=> Upld.cabO16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.ki=> t.carpediem.fr/FanMarjolaine.exeO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5=> 519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/=> download/msnmessengersetupdownloader.cabO23 - Service: avast! iAVS4 Control=> Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avas=> t4\aswUpdSv.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Progra=> m Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner=> - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 => - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Sof=> tware\Avast4\ashWebSv.exeO23 - Service: C-DillaCdaC11BA - Macrovision - C:\=> WINDOWS\system32\drivers\CDAC11BA.EXEO23 - Service: HP WMI Interface (hpqwm=> i) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARE=> D\HPQWMI.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovi=> sion Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1=> 1\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - => C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Driver Helpe=> r Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23=> - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Soluti=> on\ServiceLayer.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Se=> rvice (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\S=> oundMAX\SMAgent.exeO23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\P=> rogram Files\SPYWAREfighter\spfprc.exeO23 - Service: StarWind iSCSI Service=> (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol So=> ft\Alcohol 52\StarWind\StarWindService.exeO23 - Service: Ulead Burning Help=> er (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers c=> ommuns\Ulead Systems\DVD\ULCDRSvr.exe> --End of file - 10880 bytes
0
scloob
12 juin 2008 à 16:09
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:04:22, on 12/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\tsnpstd3.exe
C:\Program Files\V-Gear LiveShow\LiveShow.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\documents and settings\raphael\local settings\application data\uioekxf.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\monjack\monjack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (file missing)
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C6801317-9393-5A49-F600-2B0C2DDF1526} - C:\DOCUME~1\raphael\APPLIC~1\planpure\Dumbdale.exe (file missing)
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun
O4 - HKLM\..\Run: [stnospy] C:\Program Files\SinEspias\no-spy.exe /autorun
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eCarteBleue-PREM] "C:\Program Files\ECB-PREM.exe" /dontopenmycards
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [V-Gear LiveShow] "C:\Program Files\V-Gear LiveShow\LiveShow.exe" -m
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [uioekxf] c:\documents and settings\raphael\local settings\application data\uioekxf.exe uioekxf
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=compaq-notebook.msn.com&ocid=HPDHP&pc=CPNTDF
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://11731.kit.carpediem.fr/FanMarjolaine.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 2 / 5
scloob
12 juin 2008 à 15:46
quelqu'un peut il m'aider avec le rapport de hijackthis envoyé ci dessus ?
merci
0
Réponse 3 / 5
scloob
12 juin 2008 à 16:14
s'il vous plait, quelqu'un peut il m'aider à résoudre mon problème ?
ci dessus mon rapport hijackthis...
merci beaucoup
0
Réponse 4 / 5
scloob
12 juin 2008 à 16:36
y a-t-il quelqu'un pour analyser mon rapport hijackthis (ci dessus, ne pas tenir compte du premier un peu brouillon) et m'aider à résoudre ce problème...
je ne sais plus quoi faire,
merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
scloob
12 juin 2008 à 16:54
up
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses
Comment supprimer le virus evo-gen
matmat -
matmat -

0 réponse
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses