Trojent TR/Agent.qla : SOS
chkouby
-
chkouby -
chkouby -
Bonjour,
Avant toute chose, je tiens à préciser que je suis une novice en informatique ... mais je comprends quand même quand on m'explique ;-)
Je trouve que mon ordinateur rame un peu depuis quelques jours et j'ai donc fait un scan avec AVIRA. Il m'a detecté 2 trojants TR/Agent.qla que j'ai mis en quarantaine (cf le rapport que j'ai collé à la suite de mon message). Il a également trouvé 2 "warnings" mais je ne sais pas ce que c'est.
Mais je me demande si c'est suffisant et surtout si je n'ai pas d'autres virus et autres dans mon ordinateur. Comment est-ce que je peux faire pour bien vérifier et nettoyer tout cela ? Est-ce que le trojant est inactif maintenant ?
Merci par avance !
Avira AntiVir Personal
Report file date: vendredi 20 février 2009 10:44
Scanning for 1256036 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NOM-A3B76CFC09D
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 27/11/2008 14:32:11
AVSCAN.DLL : 8.1.4.0 40705 Bytes 24/07/2008 11:01:37
LUKE.DLL : 8.1.4.5 164097 Bytes 24/07/2008 11:01:38
LUKERES.DLL : 8.1.4.0 12033 Bytes 24/07/2008 11:01:38
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 13:52:27
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 11:51:48
ANTIVIR2.VDF : 7.1.2.13 2048 Bytes 11/02/2009 11:51:48
ANTIVIR3.VDF : 7.1.2.48 213504 Bytes 19/02/2009 11:51:44
Engineversion : 8.2.0.83
AEVDF.DLL : 8.1.1.0 106868 Bytes 02/02/2009 14:31:57
AESCRIPT.DLL : 8.1.1.47 348539 Bytes 15/02/2009 11:51:53
AESCN.DLL : 8.1.1.7 127347 Bytes 15/02/2009 11:51:52
AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 13:55:01
AEPACK.DLL : 8.1.3.8 397684 Bytes 05/02/2009 15:24:35
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 11/12/2008 19:58:08
AEHEUR.DLL : 8.1.0.94 1606006 Bytes 18/02/2009 11:51:49
AEHELP.DLL : 8.1.2.0 119159 Bytes 27/11/2008 14:32:11
AEGEN.DLL : 8.1.1.17 332148 Bytes 18/02/2009 11:51:48
AEEMU.DLL : 8.1.0.9 393588 Bytes 27/10/2008 11:06:58
AECORE.DLL : 8.1.6.6 176501 Bytes 18/02/2009 11:51:47
AEBB.DLL : 8.1.0.3 53618 Bytes 27/10/2008 11:06:44
AVWINLL.DLL : 1.0.0.12 15105 Bytes 24/07/2008 11:01:37
AVPREF.DLL : 8.0.2.0 38657 Bytes 24/07/2008 11:01:37
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 10:35:53
AVREG.DLL : 8.0.0.1 33537 Bytes 24/07/2008 11:01:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 24/07/2008 11:01:36
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 24/07/2008 11:01:38
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 24/07/2008 11:01:32
RCTEXT.DLL : 8.0.52.0 86273 Bytes 24/07/2008 11:01:33
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 20 février 2009 10:44
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'Aero Sidebar Longhorn.exe' - '1' Module(s) have been scanned
Scan process 'PSNGive.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'PsnLite.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'AliceAgent.exe' - '1' Module(s) have been scanned
Scan process 'SearchSettings.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIACE.EXE' - '1' Module(s) have been scanned
Scan process 'FuncKey.exe' - '1' Module(s) have been scanned
Scan process 'PM.exe' - '1' Module(s) have been scanned
Scan process 'fscp.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'fspadsvr.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'odClientService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '61' files ).
Starting the file scan:
Begin scan in 'C:\' <n01528>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\DNA\btdna.exe
[DETECTION] Is the TR/Agent.qla Trojan
[NOTE] The file was moved to '4a0280d4.qua'!
C:\System Volume Information\_restore{DF9F85A4-6F7D-4225-B331-ED321708564F}\RP419\A0100622.exe
[DETECTION] Is the TR/Agent.qla Trojan
[NOTE] The file was moved to '49cf8394.qua'!
End of the scan: vendredi 20 février 2009 11:35
Used time: 51:07 Minute(s)
The scan has been done completely.
6140 Scanning directories
333557 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
333553 Files not concerned
8457 Archives were scanned
2 Warnings
2 Notes
Avant toute chose, je tiens à préciser que je suis une novice en informatique ... mais je comprends quand même quand on m'explique ;-)
Je trouve que mon ordinateur rame un peu depuis quelques jours et j'ai donc fait un scan avec AVIRA. Il m'a detecté 2 trojants TR/Agent.qla que j'ai mis en quarantaine (cf le rapport que j'ai collé à la suite de mon message). Il a également trouvé 2 "warnings" mais je ne sais pas ce que c'est.
Mais je me demande si c'est suffisant et surtout si je n'ai pas d'autres virus et autres dans mon ordinateur. Comment est-ce que je peux faire pour bien vérifier et nettoyer tout cela ? Est-ce que le trojant est inactif maintenant ?
Merci par avance !
Avira AntiVir Personal
Report file date: vendredi 20 février 2009 10:44
Scanning for 1256036 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: NOM-A3B76CFC09D
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 27/11/2008 14:32:11
AVSCAN.DLL : 8.1.4.0 40705 Bytes 24/07/2008 11:01:37
LUKE.DLL : 8.1.4.5 164097 Bytes 24/07/2008 11:01:38
LUKERES.DLL : 8.1.4.0 12033 Bytes 24/07/2008 11:01:38
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 13:52:27
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 11:51:48
ANTIVIR2.VDF : 7.1.2.13 2048 Bytes 11/02/2009 11:51:48
ANTIVIR3.VDF : 7.1.2.48 213504 Bytes 19/02/2009 11:51:44
Engineversion : 8.2.0.83
AEVDF.DLL : 8.1.1.0 106868 Bytes 02/02/2009 14:31:57
AESCRIPT.DLL : 8.1.1.47 348539 Bytes 15/02/2009 11:51:53
AESCN.DLL : 8.1.1.7 127347 Bytes 15/02/2009 11:51:52
AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 13:55:01
AEPACK.DLL : 8.1.3.8 397684 Bytes 05/02/2009 15:24:35
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 11/12/2008 19:58:08
AEHEUR.DLL : 8.1.0.94 1606006 Bytes 18/02/2009 11:51:49
AEHELP.DLL : 8.1.2.0 119159 Bytes 27/11/2008 14:32:11
AEGEN.DLL : 8.1.1.17 332148 Bytes 18/02/2009 11:51:48
AEEMU.DLL : 8.1.0.9 393588 Bytes 27/10/2008 11:06:58
AECORE.DLL : 8.1.6.6 176501 Bytes 18/02/2009 11:51:47
AEBB.DLL : 8.1.0.3 53618 Bytes 27/10/2008 11:06:44
AVWINLL.DLL : 1.0.0.12 15105 Bytes 24/07/2008 11:01:37
AVPREF.DLL : 8.0.2.0 38657 Bytes 24/07/2008 11:01:37
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 10:35:53
AVREG.DLL : 8.0.0.1 33537 Bytes 24/07/2008 11:01:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 24/07/2008 11:01:36
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 24/07/2008 11:01:38
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 24/07/2008 11:01:32
RCTEXT.DLL : 8.0.52.0 86273 Bytes 24/07/2008 11:01:33
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 20 février 2009 10:44
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'Aero Sidebar Longhorn.exe' - '1' Module(s) have been scanned
Scan process 'PSNGive.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'PsnLite.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'AliceAgent.exe' - '1' Module(s) have been scanned
Scan process 'SearchSettings.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIACE.EXE' - '1' Module(s) have been scanned
Scan process 'FuncKey.exe' - '1' Module(s) have been scanned
Scan process 'PM.exe' - '1' Module(s) have been scanned
Scan process 'fscp.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'fspadsvr.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'odClientService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '61' files ).
Starting the file scan:
Begin scan in 'C:\' <n01528>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\DNA\btdna.exe
[DETECTION] Is the TR/Agent.qla Trojan
[NOTE] The file was moved to '4a0280d4.qua'!
C:\System Volume Information\_restore{DF9F85A4-6F7D-4225-B331-ED321708564F}\RP419\A0100622.exe
[DETECTION] Is the TR/Agent.qla Trojan
[NOTE] The file was moved to '49cf8394.qua'!
End of the scan: vendredi 20 février 2009 11:35
Used time: 51:07 Minute(s)
The scan has been done completely.
6140 Scanning directories
333557 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
333553 Files not concerned
8457 Archives were scanned
2 Warnings
2 Notes
A voir également:
- Trojent TR/Agent.qla : SOS
- Sennheiser tr 4200 problème - Forum TV & Vidéo
- Sennheiser tr 120 mode d'emploi - Forum TV & Vidéo
- Tr signification ✓ - Forum Loisirs / Divertissements
- Sennheiser RS 120 II - Forum Casque et écouteurs
- Wap tr - Télécharger - Divers TV & Vidéo
1 réponse
Juste de nouvelles précisions, j'ai fait un scan avec hijackthis et voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:20, on 20/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Hotkey Management\FuncKey.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\DOCUME~1\geant\LOCALS~1\Temp\{617B1A06-0666-4248-8FE5-101A46E9E82C}\Aero Sidebar Longhorn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454039 14
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Aero Sidebar.lnk = C:\Documents and Settings\geant\Bureau\Aero Sidebar Longhorn.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{173D24F7-4202-4AD9-B735-4C094FCC6D17}: NameServer = 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{173D24F7-4202-4AD9-B735-4C094FCC6D17}: NameServer = 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{173D24F7-4202-4AD9-B735-4C094FCC6D17}: NameServer = 213.36.80.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:20, on 20/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
C:\Program Files\Power Manager\PM.exe
C:\Program Files\Hotkey Management\FuncKey.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\DOCUME~1\geant\LOCALS~1\Temp\{617B1A06-0666-4248-8FE5-101A46E9E82C}\Aero Sidebar Longhorn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com/fsc/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/fsc/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [fscp] C:\Program Files\AVC Finger-sensing Pad Driver\fscp.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [FuncKey] "C:\Program Files\Hotkey Management\FuncKey.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKCU\..\Run: [fsc-reminder.exe] C:\WINDOWS\reminder\fsc-reminder.exe 2454039 14
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Aero Sidebar.lnk = C:\Documents and Settings\geant\Bureau\Aero Sidebar Longhorn.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{173D24F7-4202-4AD9-B735-4C094FCC6D17}: NameServer = 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{173D24F7-4202-4AD9-B735-4C094FCC6D17}: NameServer = 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{173D24F7-4202-4AD9-B735-4C094FCC6D17}: NameServer = 213.36.80.1
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FspadSvc - Unknown owner - C:\Program Files\AVC Finger-sensing Pad Driver\fspadsvr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Odyssey Client for Fujitsu Siemens Computers (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
tjs personne ?