comment supprimer Win32:Trojan-gen

lenzo13 · le 10 Aoû 2008 07:48

Bonjour, j' ai un virus sur mon ordinateur mais je ne sais pas comment le supprimer, est ce que je dois mettre les cd de réinstalation ou alors il y aune autre solution ?

Merci de m' aider !!!

lenzo13 · le 10 Aoû 2008 07:59

Voila le résultat de hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:56:55, on 10/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:Windowssystem32 askeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:WindowsSystem32mobsync.exe
C:Program FilesWindows DefenderMSASCui.exe
C:hpsupporthpsysdrv.exe
C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
C:WindowsRtHDVCpl.exe
C:WindowsSystem32jureg.exe
C:Program FilesHPHP Software UpdatehpwuSchd2.exe
C:Program FilesAlwil SoftwareAvast4ashDisp.exe
C:WindowsWindowsMobilewmdc.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Windowssystem32schtasks.exe
c:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
C:WindowsSystem32p2phost.exe
C:Windowsehomeehtray.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:WindowsSystem32spooldriversw32x863E_FATICLE.EXE
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
C:Windowsehomeehmsas.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesOpenOffice.org 2.3programsoffice.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesOpenOffice.org 2.3programsoffice.BIN
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program FilesInternet Explorerieuser.exe
C:Program FilesHPSmart Web Printinghpswp_clipbook.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:hpkbdkbd.exe
C:Program FilesInternet Exploreriexplore.exe
C:Windowssystem32MacromedFlashFlashUtil9f.exe
C:Windowssystem32conime.exe
C:Program FilesHewlett-PackardHP AdvisorSSDK04.exe
C:UserslenzoDesktopouana.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://search.conduit.com?SearchSource= ... =CT1098640
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:Program FilesAskTBarSrchAstt1.binA5SRCHAS.DLL
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfre0.dll
F2 - REG:system.ini: UserInit=C:Windowssystem32ezShellStart.exe
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:Program FilesHPSmart Web Printinghpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03inssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:Program FilesAskTBarSrchAstt1.binA5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.1.1119.1736swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfre0.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:Program FilesAskTBarar1.binASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:Program FilesAskTBarar1.binASKTBAR.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfre0.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [hpsysdrv] c:hpsupporthpsysdrv.exe
O4 - HKLM..Run: [KBD] C:HPKBDKbdStub.EXE
O4 - HKLM..Run: [OsdMaestro] "C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe"
O4 - HKLM..Run: [IAAnotif] "C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe"
O4 - HKLM..Run: [StartCCC] c:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [CCUTRAYICON] FactoryMode
O4 - HKLM..Run: [HP Health Check Scheduler] c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [SunJavaUpdateReg] "C:Windowssystem32jureg.exe"
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 - HKLM..Run: [NBKeyScan] "C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
O4 - HKLM..Run: [Anti-Blaxx Manager] C:Program FilesAnti-Blaxx 1.18Anti-Blaxx.exe
O4 - HKLM..RunOnce: [Launcher] %WINDIR%SMINSTlauncher.exe
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU..Run: [HPAdvisor] C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe autoRun
O4 - HKCU..Run: [CollaborationHost] C:Windowssystem32p2phost.exe -s
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesNeroLibNMBgMonitor.exe"
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [EPSON Stylus Photo RX585 Series] C:Windowssystem32spoolDRIVERSW32X863E_FATICLE.EXE /FU "C:WindowsTEMPE_S1D5F.tmp" /EF "HKCU"
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKCU..Run: [ISUSPM] "C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe" -scheduler
O4 - HKCU..Run: [AlcoholAutomount] "C:Program FilesAlcohol SoftAlcohol 120axcmd.exe" /automount
O4 - HKUSS-1-5-18..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:Program FilesOpenOffice.org 2.3programquickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imaginginhpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03inssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03inssv.dll
O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/stat ... rtdgi1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resourc ... dfr-fr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:Program FilesIntelIntelDHCCUAlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: DQLWinService - Unknown owner - C:Program FilesCommon FilesIntelIntelDHNMSAdpPluginsDQLWinService.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:Windowssystem32ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:Program FilesIntelIntelDHIntel Media ServerToolsIntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:Program FilesIntelIntelDHIntel Media ServerMedia ServerinISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:Program FilesIntelIntelDHIntel Media ServerMedia Serverinmediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:Program FilesIntelIntelDHIntel Media ServerShellsMCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:Program FilesIntelIntelDHIntel Media ServerShellsRemote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:Program FilesCommon FilesSureThing Sharedstllssvr.exe

--
End of file - 13554 bytes
Que dois-je faire maintenant ?

Merci de m' aider

Skynet · le 10 Aoû 2008 16:28

Salut,

piiooooufffffff, j'ai lu ton rapport 2 fois avant de te dire quoi supprimer et
après des recherches, tu dois virer ces lignes :

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://search.conduit.com?SearchSource= ... =CT1098640

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:Program FilesAskTBarSrchAstt1.binA5SRCHAS.DLL

F2 - REG:system.ini: UserInit=C:Windowssystem32ezShellStart.exe

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O13 - Gopher Prefix:

O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:Windowssystem32ezNTSvc.exe

rsv700 · le 10 Aoû 2008 17:36

Skynet,

Suis en formation.

Suite à votre réponse, j'ai arpenté le net et constaté que certain aidant après le Fix des lignes concernant les infections:
-A5SRCHAS.DLL
-ezShellStart.exe
-ezNTSvc.exe

Soit, laissaient la .dll et les 2 .exe sur le disque dur ou
proposaient de les retracer pour les supprimer.
Dans le cas de ezNTSvc.exe qui est un service pour ceux qui cherchaient à supprimer l'.exe Désactivaient d'abord ce service.

Bref, est-il préférable de laisser ou non ces fichiers sur le disque dur, ou est-ce sans conséquence.

Merci.

Skynet · le 10 Aoû 2008 19:07

Je me suis posé la même question et effectivement je préfère les laisser.

Pour prendre l'exemple de ezNTSvc.exe :

Description

ezntsvc.exe is a EasyBits Magic Desktop Services for Windows NT from EasyBits Software Corp.
ezNTSvc.exe is located in the folder C:WindowsSystem32.

Mais :

Important: Some malware camouflage themselves as ezNTSvc.exe, particularly if they are located in c:windows or c:windowssystem32 folder.

Donc un scan des fichiers en question sur : http://www.virustotal.com/fr/
écartera tous les doutes

.

lenzo13 · le 10 Aoû 2008 22:21

Merci pour vos réponses, si je supprime ces cinq ligne sa cera bon ?

lenzo13 · le 10 Aoû 2008 22:30

je suis entrain de scaner les fichiers avec virus total je vous tiens au couran !!!

lenzo13 · le 10 Aoû 2008 22:35

Fichier A5SRCHAS.DLL_ reçu le 2008.08.10 23:33:06 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 12/36 (33.34%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: ___.
L'heure estimée de démarrage est entre ___ et ___ .
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.9.0 2008.08.08 -
AntiVir 7.8.

lenzo13 · le 10 Aoû 2008 22:37

Fichier ezShellStart.exe_ reçu le 2008.08.10 23:35:56 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

Résultat: 0/36 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 38 et 55 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.9.0 2008.08.08 -
AntiVir 7.8.1.19 2008.08.09 -
Authentium 5.1.0.4 2008.08.10 -
Avast 4.8.1195.0 2008.08.09 -
AVG 8.0.0.156 2008.08.10 -
BitDefender 7.2 2008.08.10 -
CAT-QuickHeal 9.50 2008.08.08 -
ClamAV 0.93.1 2008.08.10 -
DrWeb 4.44.0.09170 2008.08.10 -
eSafe 7.0.17.0 2008.08.10 -
eTrust-Vet 31.6.6021 2008.08.08 -
Ewido 4.0 2008.08.10 -
F-Prot 4.4.4.56 2008.08.10 -
F-Secure 7.60.13501.0 2008.08.10 -
Fortinet 3.14.0.0 2008.08.10 -
GData 2.0.7306.1023 2008.08.10 -
Ikarus T3.1.1.34.0 2008.08.10 -
K7AntiVirus 7.10.408 2008.08.09 -
Kaspersky 7.0.0.125 2008.08.10 -
McAfee 5357 2008.08.08 -
Microsoft 1.3807 2008.08.10 -
NOD32v2 3344 2008.08.10 -
Norman 5.80.02 2008.08.08 -
Panda 9.0.0.4 2008.08.10 -
PCTools 4.4.2.0 2008.08.10 -
Prevx1 V2 2008.08.10 -
Rising 20.56.41.00 2008.08.08 -
Sophos 4.32.0 2008.08.10 -
Sunbelt 3.1.1538.1 2008.08.09 -
Symantec 10 2008.08.10 -
TheHacker 6.2.96.395 2008.08.08 -
TrendMicro 8.700.0.1004 2008.08.08 -
VBA32 3.12.8.3 2008.08.10 -
ViRobot 2008.8.8.1329 2008.08.08 -
VirusBuster 4.5.11.0 2008.08.10 -
Webwasher-Gateway 6.6.2 2008

lenzo13 · le 10 Aoû 2008 22:41

ezNTSvc.exe

Pour celui la il n' y a rien non plus pas de virus.

Quelles lignes je dois supprimer alors.

Merci pour votre aide !!!!!

Skynet · le 11 Aoû 2008 01:11

Supprimes quand même les 6 lignes.

Ne t'inquiètes pas, tu n'effaces en rien ces fichiers avec cette manipulation.

N'oublies pas de redémarrer ton PC ensuite.

lenzo13 · le 11 Aoû 2008 08:17

Voila le résultat du scan, j' ai supprimé les 6 lignes, est ce qu' il n' y a plus de virus ? Merci de m' aider !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14:51, on 11/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:Windowssystem32 askeng.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:hpsupporthpsysdrv.exe
C:hpKBDKbdStub.exe
C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
c:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
C:WindowsRtHDVCpl.exe
C:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
C:WindowsSystem32jureg.exe
C:Program FilesHPHP Software UpdatehpwuSchd2.exe
C:Windowssystem32schtasks.exe
C:Program FilesAlwil SoftwareAvast4ashDisp.exe
C:Program FilesAdobeReader 8.0Reader eader_sl.exe
C:WindowsWindowsMobilewmdc.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
C:WindowsSystem32p2phost.exe
C:Windowsehomeehtray.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:WindowsSystem32spooldriversw32x863E_FATICLE.EXE
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
C:WindowsSystem32mobsync.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesOpenOffice.org 2.3programsoffice.exe
C:Windowsehomeehmsas.exe
C:Program FilesOpenOffice.org 2.3programsoffice.BIN
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesInternet Explorerieuser.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesHPSmart Web Printinghpswp_clipbook.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:Windowssystem32MacromedFlashFlashUtil9f.exe
C:UserslenzoDesktopouana.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfre0.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:Program FilesAskTBarSrchAstt1.binA5SRCHAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:Program FilesHPSmart Web Printinghpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03inssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:Program FilesAskTBarSrchAstt1.binA5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.1.1119.1736swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfre0.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:Program FilesAskTBarar1.binASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:Program FilesAskTBarar1.binASKTBAR.DLL
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfre0.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [hpsysdrv] c:hpsupporthpsysdrv.exe
O4 - HKLM..Run: [KBD] C:HPKBDKbdStub.EXE
O4 - HKLM..Run: [OsdMaestro] "C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe"
O4 - HKLM..Run: [IAAnotif] "C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe"
O4 - HKLM..Run: [StartCCC] c:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [CCUTRAYICON] FactoryMode
O4 - HKLM..Run: [HP Health Check Scheduler] c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [SunJavaUpdateReg] "C:Windowssystem32jureg.exe"
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 - HKLM..Run: [NBKeyScan] "C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
O4 - HKLM..Run: [Anti-Blaxx Manager] C:Program FilesAnti-Blaxx 1.18Anti-Blaxx.exe
O4 - HKLM..RunOnce: [Launcher] %WINDIR%SMINSTlauncher.exe
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU..Run: [HPAdvisor] C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe autoRun
O4 - HKCU..Run: [CollaborationHost] C:Windowssystem32p2phost.exe -s
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesNeroLibNMBgMonitor.exe"
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [EPSON Stylus Photo RX585 Series] C:Windowssystem32spoolDRIVERSW32X863E_FATICLE.EXE /FU "C:WindowsTEMPE_S1D5F.tmp" /EF "HKCU"
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKCU..Run: [ISUSPM] "C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe" -scheduler
O4 - HKCU..Run: [AlcoholAutomount] "C:Program FilesAlcohol SoftAlcohol 120axcmd.exe" /automount
O4 - HKUSS-1-5-18..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:Program FilesOpenOffice.org 2.3programquickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imaginginhpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03inssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03inssv.dll
O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/stat ... rtdgi1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resourc ... dfr-fr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:Program FilesIntelIntelDHCCUAlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: DQLWinService - Unknown owner - C:Program FilesCommon FilesIntelIntelDHNMSAdpPluginsDQLWinService.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:Windowssystem32ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:Program FilesIntelIntelDHIntel Media ServerToolsIntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:Program FilesIntelIntelDHIntel Media ServerMedia ServerinISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:Program FilesIntelIntelDHIntel Media ServerMedia Serverinmediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:Program FilesIntelIntelDHIntel Media ServerShellsMCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:Program FilesIntelIntelDHIntel Media ServerShellsRemote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:Program FilesCommon FilesSureThing Sharedstllssvr.exe

--
End of file - 13354 bytes

Skynet · le 11 Aoû 2008 08:45

Ok, tu vas démarrer ton PC en mode sans échec et tu vas recocher ces 2 lignes, + 1 autre que j'avais omise :

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:Program FilesAskTBarSrchAstt1.binA5SRCHAS.DLL

O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:Windowssystem32ezNTSvc.exe

O4 - HKLM..RunOnce: [Launcher] %WINDIR%SMINSTlauncher.exe

Toujours en mode sans échec tu regardes dans Ajout et Suppression de Programmes et
supprimes tout ce qui peut se rapporter à AskTBar ou MyWebSearch.

Ensuite tu te rends via ton explorateur à : C:Program FilesAskTBar
et tu supprimes le dossier AskTBar.

Tu redémarres en mode normal et tu repostes un rapport.

lenzo13 · le 11 Aoû 2008 12:20

Voilà le rapport, j' ai supprimé les 3 lignes et j' ai supprimé le dossier asktbar, dans la liste de mes programmes il n' y avait rien qui se rapportait a asktbar ou mywebsearch.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:44, on 11/08/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:Windowssystem32Dwm.exe
C:Windowssystem32 askeng.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:hpsupporthpsysdrv.exe
C:hpKBDKbdStub.exe
C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe
C:Program FilesIntelIntel Matrix Storage ManagerIAAnotif.exe
C:WindowsRtHDVCpl.exe
C:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
C:WindowsSystem32jureg.exe
C:Program FilesHPHP Software UpdatehpwuSchd2.exe
C:Program FilesAlwil SoftwareAvast4ashDisp.exe
c:Program FilesATI TechnologiesATI.ACECore-StaticMOM.EXE
C:Program FilesAdobeReader 8.0Reader eader_sl.exe
C:Windowssystem32schtasks.exe
C:WindowsWindowsMobilewmdc.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe
C:WindowsSystem32p2phost.exe
C:WindowsSystem32mobsync.exe
C:Windowsehomeehtray.exe
C:Program FilesWindows LiveMessengermsnmsgr.exe
C:Program FilesCommon FilesNeroLibNMBgMonitor.exe
C:WindowsSystem32spooldriversw32x863E_FATICLE.EXE
C:Program FilesDAEMON Tools Litedaemon.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe
C:Program FilesATI TechnologiesATI.ACECore-StaticCCC.exe
C:Windowsehomeehmsas.exe
C:Program FilesCommon FilesNeroLibNMIndexStoreSvr.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
C:Program FilesOpenOffice.org 2.3programsoffice.exe
C:Program FilesOpenOffice.org 2.3programsoffice.BIN
C:Program FilesInternet Explorerieuser.exe
C:Program FilesInternet Exploreriexplore.exe
C:Program FilesHPSmart Web Printinghpswp_clipbook.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLLoginProxy.exe
C:UserslenzoDesktopouana.exe
C:Windowssystem32MacromedFlashFlashUtil9f.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfre0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:Program FilesHPSmart Web Printinghpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.6.0_03inssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:Program FilesAskTBarSrchAstt1.binA5SRCHAS.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier2.1.1119.1736swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfre0.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:Program FilesAskTBarar1.binASKTBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program FilesWindows Live Toolbarmsntb.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:Program FilesAskTBarar1.binASKTBAR.DLL (file missing)
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:Program Filesfree-downloads.net bfre0.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [hpsysdrv] c:hpsupporthpsysdrv.exe
O4 - HKLM..Run: [KBD] C:HPKBDKbdStub.EXE
O4 - HKLM..Run: [OsdMaestro] "C:Program FilesHewlett-PackardOn-Screen OSD IndicatorOSD.exe"
O4 - HKLM..Run: [IAAnotif] "C:Program FilesIntelIntel Matrix Storage ManagerIaanotif.exe"
O4 - HKLM..Run: [StartCCC] c:Program FilesATI TechnologiesATI.ACECore-StaticCLIStart.exe
O4 - HKLM..Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM..Run: [CCUTRAYICON] FactoryMode
O4 - HKLM..Run: [HP Health Check Scheduler] c:Program FilesHewlett-PackardHP Health CheckHPHC_Scheduler.exe
O4 - HKLM..Run: [SunJavaUpdateReg] "C:Windowssystem32jureg.exe"
O4 - HKLM..Run: [HP Software Update] C:Program FilesHPHP Software UpdateHPWuSchd2.exe
O4 - HKLM..Run: [avast!] C:PROGRA~1ALWILS~1Avast4ashDisp.exe
O4 - HKLM..Run: [NeroFilterCheck] C:Program FilesCommon FilesNeroLibNeroCheck.exe
O4 - HKLM..Run: [NBKeyScan] "C:Program FilesNeroNero8Nero BackItUpNBKeyScan.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Windows Mobile Device Center] %windir%WindowsMobilewmdc.exe
O4 - HKLM..Run: [Anti-Blaxx Manager] C:Program FilesAnti-Blaxx 1.18Anti-Blaxx.exe
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU..Run: [HPAdvisor] C:Program FilesHewlett-PackardHP AdvisorHPAdvisor.exe autoRun
O4 - HKCU..Run: [CollaborationHost] C:Windowssystem32p2phost.exe -s
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesWindows LiveMessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesNeroLibNMBgMonitor.exe"
O4 - HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 - HKCU..Run: [EPSON Stylus Photo RX585 Series] C:Windowssystem32spoolDRIVERSW32X863E_FATICLE.EXE /FU "C:WindowsTEMPE_S1D5F.tmp" /EF "HKCU"
O4 - HKCU..Run: [DAEMON Tools Lite] "C:Program FilesDAEMON Tools Litedaemon.exe" -autorun
O4 - HKCU..Run: [ISUSPM] "C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe" -scheduler
O4 - HKCU..Run: [AlcoholAutomount] "C:Program FilesAlcohol SoftAlcohol 120axcmd.exe" /automount
O4 - HKUSS-1-5-18..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [msnmsgr] "C:Program FilesWindows LiveMessengermsnmsgr.exe" /background (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:Program FilesOpenOffice.org 2.3programquickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imaginginhpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:Program FilesGoogleGoogle UpdaterGoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:Program FilesWindows Live Toolbarmsntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03inssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program FilesJavajre1.6.0_03inssv.dll
O9 - Extra button: @C:WindowsWindowsMobileINetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra 'Tools' menuitem: @C:WindowsWindowsMobileINetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:WindowsWindowsMobileINetRepl.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:Program FilesHPSmart Web Printinghpswp_extensions.dll
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/stat ... rtdgi1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resourc ... dfr-fr.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:Program FilesIntelIntelDHCCUAlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:Program FilesAlwil SoftwareAvast4aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:Windowssystem32Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:Program FilesAlwil SoftwareAvast4ashWebSv.exe
O23 - Service: DQLWinService - Unknown owner - C:Program FilesCommon FilesIntelIntelDHNMSAdpPluginsDQLWinService.exe
O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:Windowssystem32ezNTSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:Program FilesHewlett-PackardHP Health Checkhphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:Program FilesIntelIntel Matrix Storage ManagerIaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:Program FilesIntelIntelDHIntel Media ServerToolsIntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:Program FilesIntelIntelDHIntel Media ServerMedia ServerinISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:Program FilesIntelIntelDHIntel Media ServerMedia Serverinmediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:Program FilesIntelIntelDHIntel Media ServerShellsMCLServiceATL.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:Program FilesNeroNero8Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesNeroLibNMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:Program FilesIntelIntelDHIntel Media ServerShellsRemote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:Program FilesCommon FilesRoxio Shared9.0SharedCOMRoxMediaDB9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:Program FilesCommon FilesSureThing Sharedstllssvr.exe

--
End of file - 13209 bytes

Skynet · le 11 Aoû 2008 12:44

Ok,

Il reste quelques traces sans importances puisque c'est marqué "file missing" à chaque fois à la fin.
Si tu peux les effacer tant mieux, sinon c'est pas grave

:

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:Program FilesAskTBarSrchAstt1.binA5SRCHAS.DLL (file missing)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:Program FilesAskTBarar1.binASKTBAR.DLL (file missing)
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:Program FilesAskTBarar1.binASKTBAR.DLL (file missing)

Il y a toujours cette ligne qui revient et c'est normal vu que le service est actif :

O23 - Service: EasyBits Magic Desktop Services for Windows NT (ezntsvc) - EasyBits Software Corp. - C:Windowssystem32ezNTSvc.exe

On n'y touche plus. Par contre tu as quoi comme antivirus ?

Peux-tu faire un scan en ligne et poster le rapport pour être définitivement sûr :

http://www.bitdefender.fr/scan_fr/scan8/ie.html

comment supprimer Win32:Trojan-gen

comment supprimer Win32:Trojan-gen

Sujets similaires

Qui est en ligne