Sujet Précédent Sujet Suivant

Virus récurents

Résolu/Fermé
philippe.strens Messages postés 15 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 21 août 2008 - 19 août 2008 à 21:38
buginformatik Messages postés 2163 Date d'inscription mardi 16 janvier 2007 Statut Contributeur Dernière intervention 21 avril 2011 - 22 août 2008 à 08:24
Bonjour, Bonsoir,
Je suis dans le caca depuis plusieurs jours. Aidez-moi SVP
Le PC fige aprés quelques secondes ou redémarre alors qu'il n'a pas fini son cycle d'ouverture.
Je suis parfois obligé de le relancer 10X !!!!!!

Virus trouvé par AVG:
I-Worm/bagle (Move to Virus Vault
Trojan Horse Downloader.Generic7.AGGE
J'ai pu utiliser CCleaner.
Impossible d'utiliser AVG Anti-spyware 7.5.
Message: "Echec de la connexion au service. réinstallez AVG Anti-spyware 7.5." (plusieurs essai infructueux)

Impossible de lancer HijackThis. ???? l'icone HijackThis.exe clignote !!!???
Message: "C\Docu........\.....\HijackThis.exe n'est pas une application Win32 valide."

Impossible de démarrer en mode sans Echec. Le PC se coupe et redémarre !!!???
Bit defender n'a rien trouvé ! et Trend Micro HouseCall a fontionné, mais le lendemain, rebelotte !!!!!!

Après lecture de quelques messages du FORUM, j'ai essayé Trojan Remover !
Voici le rapport ci dessous:

J'ai pu ensuite utiliser HijackThis.

J'espère être enfin tranquile.

Qu'en pensez-vous ?


***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
19/08/2008 21:16:23: Trojan Remover has been restarted
C:\WINDOWS\system32\drivers\srosa.sys has been renamed to C:\WINDOWS\system32\drivers\srosa.sys.vir
C:\WINDOWS\system32\drivers\hldrrr.exe has been renamed to C:\WINDOWS\system32\drivers\hldrrr.exe.vir
C:\WINDOWS\system32\drivers\mdelk.exe has been renamed to C:\WINDOWS\system32\drivers\mdelk.exe.vir
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\srosa - removed
=======================================================
=======================================================
Deleting the following registry value(s):
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[drvsyskit] - deleted
=======================================================
19/08/2008 21:16:23: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.1.2538. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 21:07:03 19 août 2008
Using Database v7106
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Perso\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Perso\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************************


************************************************************
21:07:03: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
21:07:03: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
21:07:03: ----- SCANNING FOR ROOTKIT SERVICES -----
C:\WINDOWS\system32\drivers\srosa.sys appears to be in-use/locked
Hidden Service Keyname: srosa
C:\WINDOWS\system32\drivers\srosa.sys - file ownership assigned to: PARENTS\Perso
C:\WINDOWS\system32\drivers\srosa.sys - file backed up to C:\WINDOWS\system32\drivers\srosa.sys.vir
C:\WINDOWS\system32\drivers\srosa.sys - file has been neutralised
File (not hidden): C:\WINDOWS\system32\drivers\srosa.sys has been marked for renaming during PC restart
----------

************************************************************
21:08:05: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1036288 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 8/01/2007
Modified: 9/07/2001
Company: Ahead Software Gmbh
--------------------
Value Name: ATIPTA
Value Data: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
339968 bytes
Created: 27/01/2007
Modified: 3/08/2004
Company: ATI Technologies, Inc.
--------------------
Value Name: HydraVisionViewport
Value Data: C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
364544 bytes
Created: 27/01/2007
Modified: 1/04/2003
Company: ATI Technologies Inc.
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: Norton Ghost 9.0
Value Data: C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
1122304 bytes
Created: 29/07/2004
Modified: 29/07/2004
Company: Symantec Corporation
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 8/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
Value Name: don't see
Value Data: C:\Program Files\Don't see!\don't see.exe
C:\Program Files\Don't see!\don't see.exe
434176 bytes
Created: 28/09/2004
Modified: 28/09/2004
Company: Arobas Site web : Http://Arobas-fr.com
--------------------
Value Name: SPAMfighter Agent
Value Data: "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
C:\Program Files\SPAMfighter\SFAgent.exe
308880 bytes
Created: 2/01/2008
Modified: 2/01/2008
Company: SPAMfighter ApS
--------------------
Value Name: RegistryMechanic
Value Data:
Blank entry: []
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1232152 bytes
Created: 4/07/2008
Modified: 4/07/2008
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: MSNBuster
Value Data: C:\Program Files\MSNBuster\MSNBuster.exe -d
C:\Program Files\MSNBuster\MSNBuster.exe
425984 bytes
Created: 26/01/2007
Modified: 14/02/2007
Company: DREN
--------------------
Value Name: !AVG Anti-Spyware
Value Data: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 11/06/2007
Modified: 11/06/2007
Company: GRISOFT s.r.o.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
909904 bytes
Created: 19/08/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
5724184 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
--------------------
Value Name: H/PC Connection Agent
Value Data: "E:\Mio\Active Synchro\wcescomm.exe"
E:\Mio\Active Synchro\wcescomm.exe
1289000 bytes
Created: 13/11/2006
Modified: 13/11/2006
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
21:10:11: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------

************************************************************
21:10:11: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
Hidden Registry Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ValueName: drvsyskit
Value: C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
704520 bytes
Created: 15/08/2008
Modified: 17/07/2006
Company:
C:\WINDOWS\system32\drivers\hldrrr.exe appears to be in-use/locked
C:\WINDOWS\system32\drivers\hldrrr.exe appears to contain: TROJAN.DOWNLOADER.BAGLE
C:\WINDOWS\system32\drivers\hldrrr.exe - this registry value could not be removed
C:\WINDOWS\system32\drivers\hldrrr.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\drivers\hldrrr.exe - file ownership assigned to: PARENTS\Perso
C:\WINDOWS\system32\drivers\hldrrr.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\drivers\hldrrr.exe - file backed up to C:\WINDOWS\system32\drivers\hldrrr.exe.vir
C:\WINDOWS\system32\drivers\hldrrr.exe - file has been neutralised
C:\WINDOWS\system32\drivers\hldrrr.exe - marked for renaming when the PC is restarted
----------

************************************************************
21:10:45: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
221696 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
--------------------

************************************************************
21:10:45: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
21:10:46: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
21:10:49: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AmdK7
ImagePath: system32\DRIVERS\amdk7.sys
C:\WINDOWS\system32\DRIVERS\amdk7.sys
41600 bytes
Created: 4/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 20/02/2003
Modified: 20/02/2003
Company: Microsoft Corporation
----------
Key: Ati HotKey Poller
ImagePath: %SystemRoot%\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
389120 bytes
Created: 3/08/2004
Modified: 3/08/2004
Company:
----------
Key: ATI Smart
ImagePath: C:\WINDOWS\system32\ati2sgag.exe
C:\WINDOWS\system32\ati2sgag.exe
516096 bytes
Created: 27/01/2007
Modified: 3/08/2004
Company:
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
873752 bytes
Created: 4/07/2008
Modified: 19/08/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
231192 bytes
Created: 4/07/2008
Modified: 4/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
96520 bytes
Created: 18/06/2008
Modified: 4/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
26824 bytes
Created: 8/01/2007
Modified: 4/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
76040 bytes
Created: 18/06/2008
Modified: 4/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: GEARSecurity
ImagePath: %SystemRoot%\System32\GEARSec.exe
C:\WINDOWS\System32\GEARSec.exe
53248 bytes
Created: 29/07/2004
Modified: 29/07/2004
Company: GEAR Software
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
270336 bytes
Created: 23/02/2001
Modified: 23/02/2001
Company: Microsoft Corporation
----------
Key: ms_mpu401
ImagePath: system32\drivers\msmpu401.sys
C:\WINDOWS\system32\drivers\msmpu401.sys
2944 bytes
Created: 8/01/2007
Modified: 18/08/2001
Company: Microsoft Corporation
----------
Key: Norton Ghost
ImagePath: C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
1269760 bytes
Created: 29/07/2004
Modified: 29/07/2004
Company: Symantec Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
9856 bytes
Created: 21/01/2008
Modified: 2/10/2002
Company: Padus, Inc.
----------
Key: Secdrv
ImagePath: system32\DRIVERS\secdrv.sys
C:\WINDOWS\system32\DRIVERS\secdrv.sys
27440 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company:
----------
Key: SiS7018
ImagePath: system32\drivers\ac97sis.sys
C:\WINDOWS\system32\drivers\ac97sis.sys
297728 bytes
Created: 8/01/2007
Modified: 17/08/2001
Company: Silicon Integrated Systems Corp.
----------
Key: sisagp
ImagePath: system32\DRIVERS\sisagp.sys
C:\WINDOWS\system32\DRIVERS\sisagp.sys
41088 bytes
Created: 8/01/2007
Modified: 4/08/2004
Company: Silicon Integrated Systems Corporation
----------
Key: SPAMfighter Update Service
ImagePath: "C:\Program Files\SPAMfighter\sfus.exe"
C:\Program Files\SPAMfighter\sfus.exe
184976 bytes
Created: 2/01/2008
Modified: 2/01/2008
Company: SPAMfighter ApS
----------
Key: SQTECH905C
ImagePath: System32\Drivers\Capt905c.sys
C:\WINDOWS\System32\Drivers\Capt905c.sys
34686 bytes
Created: 21/01/2008
Modified: 26/01/2006
Company: Service & Quality Technology.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{EDB08EE9-1695-44B0-8C2C-4506E2093A94}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 5/08/2004
Modified: 5/08/2004
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------

************************************************************
21:11:09: Scanning -----VXD ENTRIES-----

************************************************************
21:11:09: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: AtiExtEvent
DLL: Ati2evxx.dll
C:\WINDOWS\system32\Ati2evxx.dll
86016 bytes
Created: 3/08/2004
Modified: 3/08/2004
Company:
----------

************************************************************
21:11:10: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
99608 bytes
Created: 4/07/2008
Modified: 4/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: VIDEOTRANS
CLSID: {C8CA0A66-AF32-4D5E-879E-F0809ACEDC55}
File: [CLSID does not appear to reference a file]
----------

************************************************************
21:11:10: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {0561EC90-CE54-4f0c-9C55-E226110A740C}
File: C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll
65536 bytes
Created: 28/10/2006
Modified: 28/10/2006
Company:
----------
Key: {C91DBB77-D23C-4EC3-91B7-4E7FF914B194}
File: [CLSID does not appear to reference a file]

************************************************************
21:11:10: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
59032 bytes
Created: 18/12/2006
Modified: 18/12/2006
Company: Adobe Systems Incorporated
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
455960 bytes
Created: 4/07/2008
Modified: 5/07/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 8/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {A057A204-BACC-4D26-9990-79A187E2698E}
BHO: C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
2055960 bytes
Created: 4/07/2008
Modified: 4/07/2008
Company: AVG, Technologies CZ, s.r.o
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar2.dll
c:\program files\google\googletoolbar2.dll
-R- 2133056 bytes
Created: 12/01/2007
Modified: 17/11/2006
Company: Google Inc.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
734704 bytes
Created: 23/04/2008
Modified: 23/04/2008
Company: Google Inc.
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\Windows Live Toolbar\msntb.dll
C:\Program Files\Windows Live Toolbar\msntb.dll
546320 bytes
Created: 19/10/2007
Modified: 19/10/2007
Company: Microsoft Corporation
----------

************************************************************
21:11:11: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
21:11:11: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
21:11:11: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
21:11:11: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [avgrsstx.dll]
File: avgrsstx.dll
C:\WINDOWS\system32\avgrsstx.dll
10520 bytes
Created: 18/06/2008
Modified: 4/07/2008
Company: AVG Technologies CZ, s.r.o.
----------

************************************************************
21:11:12: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
21:11:12: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 8/01/2007
Modified: 2/01/2003
Company:
--------------------
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
29696 bytes
Created: 23/04/2008
Modified: 23/04/2008
Company: Adobe Systems Incorporated
Lancement rapide d'Adobe Reader.lnk - links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
--------------------
C:\Program Files\Microsoft Office\Office10\OSA.EXE
83360 bytes
Created: 13/02/2001
Modified: 13/02/2001
Company: Microsoft Corporation
Microsoft Office.lnk - links to C:\Program Files\Microsoft Office\Office10\OSA.EXE
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
21:11:13: Scanning ----- SCHEDULED TASKS -----
Taskname: Vérifier les mises à jour de Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
99856 bytes
Created: 19/10/2007
Modified: 19/10/2007
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 19/08/2008 21:27:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Perso
Comments: [blank]
----------

************************************************************
21:11:13: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
21:11:13: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Checking for specific malicious files:
C:\WINDOWS\system32\drivers\hldrrr.exe - file has already been neutralised
C:\WINDOWS\system32\drivers\mdelk.exe - Trojan.Downloader.Bagle
C:\WINDOWS\system32\drivers\mdelk.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\drivers\mdelk.exe - file ownership assigned to: PARENTS\Perso
C:\WINDOWS\system32\drivers\mdelk.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\drivers\mdelk.exe - file backed up to C:\WINDOWS\system32\drivers\mdelk.exe.vir
C:\WINDOWS\system32\drivers\mdelk.exe - file has been neutralised
C:\WINDOWS\system32\drivers\mdelk.exe - marked for renaming when the PC is restarted
C:\WINDOWS\system32\drivers\srosa.sys - file has already been neutralised
----------
Desktop Wallpaper: C:\Documents and Settings\Perso\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
C:\Documents and Settings\Perso\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
5760054 bytes
Created: 6/07/2008
Modified: 6/08/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
C:\Documents and Settings\Perso\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
5760054 bytes
Created: 6/07/2008
Modified: 6/08/2008
Company:
----------
Additional checks completed

************************************************************
21:11:34: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[12 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[63 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[35 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[57 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[47 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[132 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[29 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[42 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[49 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
[28 loaded modules in total]
--------------------
C:\WINDOWS\System32\GEARSec.exe
[7 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
[19 loaded modules in total]
--------------------
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
[41 loaded modules in total]
--------------------
C:\Program Files\SPAMfighter\sfus.exe
[38 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE
[121 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
[13 loaded modules in total]
--------------------
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[31 loaded modules in total]
--------------------
C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
[24 loaded modules in total]
--------------------
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
[34 loaded modules in total]
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[18 loaded modules in total]
--------------------
C:\Program Files\Don't see!\don't see.exe
[56 loaded modules in total]
--------------------
C:\Program Files\SPAMfighter\SFAgent.exe
[61 loaded modules in total]
--------------------
C:\Program Files\MSNBuster\MSNBuster.exe
[36 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe
[23 loaded modules in total]
--------------------
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
[66 loaded modules in total]
--------------------
E:\Mio\Active Synchro\wcescomm.exe
[43 loaded modules in total]
--------------------
E:\Mio\ACTIVE~1\rapimgr.exe
[43 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
[119 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
[38 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
[44 loaded modules in total]
--------------------
C:\Documents and Settings\Perso\Application Data\Simply Super Software\Trojan Remover\bpc17.exe
FileSize: 2540096
[This is a Trojan Remover component]
[26 loaded modules in total]
--------------------

************************************************************
21:12:19: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
21:12:19: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
21:12:19: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
21:12:19: Scanning ------ %TEMP% DIRECTORY ------
************************************************************
21:12:37: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
************************************************************
21:12:53: Scanning ------ ROOT DIRECTORY ------

************************************************************
21:12:54: ------ Scan for other files to remove ------
No malware-related files found to remove

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.google.com/toolbar/ie8/sidebar.html
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.be/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKCU\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 21:12:54 19 août 2008
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
19/08/2008 21:12:58: restart commenced
************************************************************


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:04, on 19/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Don't see!\don't see.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
E:\Mio\Active Synchro\wcescomm.exe
E:\Mio\ACTIVE~1\rapimgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [don't see] C:\Program Files\Don't see!\don't see.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSNBuster] C:\Program Files\MSNBuster\MSNBuster.exe -d
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Mio\Active Synchro\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Mio\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Mio\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Mio\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Perso\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

16 réponses

Réponse 1 / 16
Utilisateur anonyme
19 août 2008 à 21:40
et vive trojan remover
0
Réponse 2 / 16
buginformatik Messages postés 2163 Date d'inscription mardi 16 janvier 2007 Statut Contributeur Dernière intervention 21 avril 2011 54
19 août 2008 à 21:41
On va réparer l'accès au mode sans échec en téléchargeant l'utilitaire suivant : https://download.bleepingcomputer.com/sUBs/SafeBootKeyRepair.exe

Tu as toujours des problèmes de redémarrages intenpestifs ??
0
Réponse 3 / 16
Utilisateur anonyme
19 août 2008 à 21:44
ou sinon tu as ca http://www.assistepc.com/forum/reparer-le-mode-sans-echec-de-windows-vt867.html
0
buginformatik Messages postés 2163 Date d'inscription mardi 16 janvier 2007 Statut Contributeur Dernière intervention 21 avril 2011 54
19 août 2008 à 21:45
aussi
0
Réponse 4 / 16
philippe.strens Messages postés 15 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 21 août 2008
19 août 2008 à 22:29
Merci pour votre aide !
Je répare le démarage sans échec, je fait un test et je reviens !
a toutTT
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
philippe.strens Messages postés 15 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 21 août 2008
19 août 2008 à 22:41
Voilà !

Démarage sans échec est réparé ! Merci buginformatik

Plus de redémarage intempestif ou écran figé pour l'instant. C'est encourageant !
0
Réponse 6 / 16
buginformatik Messages postés 2163 Date d'inscription mardi 16 janvier 2007 Statut Contributeur Dernière intervention 21 avril 2011 54
20 août 2008 à 10:24
Met internet à jour : https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

ensuite par ssécurité fait un scan avec Bitdefender

scan online possible uniquement avec Internet explorer :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=31584&page=1

et tu postera le rapport ici !
0
Réponse 7 / 16
philippe.strens Messages postés 15 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 21 août 2008
20 août 2008 à 11:53
Bitdefender n'a trouvé aucun problème !
Le rapport est une page blanche !

voici le dernier rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:10, on 20/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Don't see!\don't see.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
E:\Mio\Active Synchro\wcescomm.exe
E:\Mio\ACTIVE~1\rapimgr.exe
C:\Documents and Settings\Perso\Mes documents\eMule\eMule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [don't see] C:\Program Files\Don't see!\don't see.exe
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSNBuster] C:\Program Files\MSNBuster\MSNBuster.exe -d
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Mio\Active Synchro\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Mio\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Mio\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Mio\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Perso\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
0
Réponse 8 / 16
buginformatik Messages postés 2163 Date d'inscription mardi 16 janvier 2007 Statut Contributeur Dernière intervention 21 avril 2011 54
20 août 2008 à 12:06
Ouvre hijakcthis et coche :
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Perso\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)

Puis fix checked

Et puis c'est finit donc, Voilà sur ce on va finir avec un petit logiciel qui s'apelle toolscleaner, qui va supprimer les applications liées à la désinfection : http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

Tu supprimes tout ce qu'il trouve (c'est parfois un peu long) et tu peux utiliser l'option facultative de nettoyage des fichiers temporaires (ferme internet avant)


Puis tu vas Poster le rapport (TCleaner.txt) qui se trouve à la racine du disque dur (C:\)
(poste de travail ==> double clique sur C: et tu cherches le document TCleaner.txt, tu fais "édition", "sélectionner tout" ensuite tu cliques sur "édition" puis "copier"

Tu colles ce rapport sur le forum stp
0
Réponse 9 / 16
philippe.strens Messages postés 15 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 21 août 2008
20 août 2008 à 12:18
Voilà !


Merci pour ton aide efficace !


-->- Recherche:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Perso\Bureau\Phil\HijackThis.lnk: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\RECYCLER\S-1-5-21-299502267-746137067-1060284298-1003\Dc4\HijackThis.lnk: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Perso\Bureau\Phil\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\RECYCLER\S-1-5-21-299502267-746137067-1060284298-1003\Dc4\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
buginformatik Messages postés 2163 Date d'inscription mardi 16 janvier 2007 Statut Contributeur Dernière intervention 21 avril 2011 54
20 août 2008 à 12:21
Tu désinstaller toolscleaner
0
Réponse 10 / 16
buginformatik Messages postés 2163 Date d'inscription mardi 16 janvier 2007 Statut Contributeur Dernière intervention 21 avril 2011 54
20 août 2008 à 12:23
Je te conseille de télécharger Spybot Search and Destroy, qui effectue un travail complémentaire à ton antivirus : https://www.safer-networking.org/download/

Fait un scans une fois par mois, n'oublie pas de le mettre à jour régulièrement, et surtout de vacciner ton ordinateur dès l'installation

Voici un tuto rapide pour une meilleure prise en main : https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
0
Réponse 11 / 16
philippe.strens Messages postés 15 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 21 août 2008
20 août 2008 à 16:56
OK je vais m'y mettre.

J'ai encore un autre problème de commande.

Les autres sessions ne peuvent plus se fermer.
Les commande : demarrer / fermer la session ou arrêter l'ordinateur / fermeture de session windows apparaissent bien, mais rien ne se passe !

MSN Buster: petit programme qui limitait le temps de connection de mes enfants est donc inutile !
0
Réponse 12 / 16
philippe.strens Messages postés 15 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 21 août 2008
20 août 2008 à 19:26
Voilà, j'ai utilisé Spybot Search and Destroy.

Il a encore trouvé Bagle et des spyware sur les autres sessions.

Plus rien au redémarrage !

C'et ti fini maintenant ????
0
Réponse 13 / 16
buginformatik Messages postés 2163 Date d'inscription mardi 16 janvier 2007 Statut Contributeur Dernière intervention 21 avril 2011 54
20 août 2008 à 19:44
C'est finit ! Voilà deux derniers conseils pour plus de confort :

Pour redonner un peu de punch à ton PC n'hésite pas à faire une défragmentation :

Allez dans le menu Démarrer, puis Programmes, Accessoires et Outils système. Sélectionnez l'application Défragmenteur de disque dans la liste

Juste avant de l'opé, coupe la veille de ton PC (via le clique driot sur le bureau etc...) pour ne pas interrompre l'opération !


Dernier conseil : Va sur ton poste de travail, clique droit sur C:, puis propriétés, choisis l'onglet outils, puis fait une vérification des erreurs et coche les deux cases.
Tu devra redémarrer ton PC et te laisser guider lors du balayage (qui s'effectue avant d'entrer dans sa session, donc pas de panique)

/!\ attention aux fichiers téléchargés sur Emule /!\
Notamment ne JAMAIS télécharger des fichiers .exe

Résolu ? http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu
0
philippe.strens Messages postés 15 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 21 août 2008
21 août 2008 à 17:03
Tout semble fonctionner sauf pour 2 sessions qui ne se fermes pas.
La commande de fermeture de session ne donne rien !?
0
Réponse 14 / 16
philippe.strens Messages postés 15 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 21 août 2008
21 août 2008 à 17:10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:05:16, on 21/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Don't see!\don't see.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe
E:\Mio\Active Synchro\wcescomm.exe
E:\Mio\ACTIVE~1\rapimgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [don't see] C:\Program Files\Don't see!\don't see.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [MSNBuster] C:\Program Files\MSNBuster\MSNBuster.exe -d
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\PROGRA~1\WINDOW~4\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Mio\Active Synchro\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.75\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.09\AMVConverter\grab.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.09\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Mio\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Mio\ACTIVE~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Mio\ACTIVE~1\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
0
Réponse 15 / 16
buginformatik Messages postés 2163 Date d'inscription mardi 16 janvier 2007 Statut Contributeur Dernière intervention 21 avril 2011 54
21 août 2008 à 17:30
Hum nan mais ça ne vient pas de virus je pense (rapport clean)

Regarde par cic : Démarrer / Panneau de configuration / Performances et maintenance / Outils d'administration /
- Services -

Recherche dans la liste :

"Compatibilité avec le changement rapide d'utilisateur"

Vérifie dans la colonne : Type de démarrage

4 choix possibles : Automatique, Manuel, Activé, Désactivé

Le service doit être sur "Automatique".

S'il ne l'est pas, clic droit sur la ligne / Propriétés :
Puis dans l'espace "Type de démarrage" : Automatique.
0
Réponse 16 / 16
philippe.strens Messages postés 15 Date d'inscription mardi 19 août 2008 Statut Membre Dernière intervention 21 août 2008
21 août 2008 à 22:50
Bien vu !
Il était en Manuel.

UN GRAND MERCIi pour tout;
0
buginformatik Messages postés 2163 Date d'inscription mardi 16 janvier 2007 Statut Contributeur Dernière intervention 21 avril 2011 54
22 août 2008 à 08:24
Je t'en prit !!

A++
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
Supprimer notifications myavids.com sous Android.
Guy72 -
Liline -

7 réponses