Aide : rapport hijackthis

Ox0_Pierro -  
 Utilisateur anonyme -
Bonjour, depuis quelque temps, mon ordi a des problèmes(ouvertuve de pubs répétitifs, update impossible avec Windows Update,etc.), et j'en cherche la cause. J'ai analysé mon ordi avec AVG, Avast, je l'ai nettoyé, enfin je pense que le problème serait peut-être régler avec HijackThis. Si quelqu'un peut analyser mon rapport S.v.p. Merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:38:45, on 2009-03-14
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIALA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Netscape Accélérateur\slipcore.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Pierre\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Pierre\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp-consumer.my.aol.qc.ca/?icid=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-consumer.my.aol.qc.ca/?icid=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Netscape Accélérateur\PBHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Netscape Accélérateur\components\NOWImaging.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\dapieloader.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P27 "EPSON Stylus CX5800F Series" /O6 "USB001" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX5800F Series (Copie 1)] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIALA.EXE /P37 "EPSON Stylus CX5800F Series (Copie 1)" /O6 "USB002" /M "Stylus CX5800F"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\Windows\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\Netscape Accélérateur\slipcore.exe"
O4 - HKLM\..\Run: [SSA.exe] "C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe" /AUTORUN
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\EmoDio\SMSTray.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Pierre\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - Global Startup: PalTalk.lnk = C:\Program Files\Paltalk Messenger\paltalk.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - (no file)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{C3FB936F-D1B5-468A-90E6-923F93769487}: NameServer = 85.255.112.77,85.255.112.206
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.77,85.255.112.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.77,85.255.112.206
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

69 réponses

Précédent
Réponse 41 / 69
Ox0_Pierro
 
Es-tu la Gen-hackman?
0
Réponse 42 / 69
Utilisateur anonyme
 
---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :

OtMoveIt 3

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:services

:files
C:\Nostale(Global)


:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d5d20c5-45ec-11dd-87ba-001d6031bc03}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84a16107-57f4-11dd-9c64-001d6031bc03}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=-

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]



---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

ensuite :

Passer de Avast à AntiVir :

Désinstalle via Ajout/Suppression de Programmes (si présents) :

* Avast!


Télécharge et exécute le Désinstalleur d'Avast!. : Desinstaller
Ceci effacera la majorité des traces du produit Avast! d'Alwil Software.

Télécharge Ccleaner sur ton Bureau. : Ccleaner

* Clique sur "download the latest version"
* Installe-le en laissant seulement les options suivantes cochées :

- Ajouter un raccourci sur le Bureau
- Contrôler automatiquement les mises à jour de CCleaner

* Lance le Nettoyage
* Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

plus de precision sur la configuration de ccleaner te seront donnees plus tard


Aide : Comment utiliser CCleaner.: tuto

***************

Télécharge AntiVir sur ton Bureau.: Antivir en Francais

* Double clique sur l'exécutable téléchargé pour lancer l'installation.
* À la fin de l'installation, clique sur Finish.
* Ouvre Antivir, assure-toi qu’il soit bien à jour !
* Dans l'onglet Protection Locale, choisis Contrôler.
* Active la recherche de rootkits via le + de Recherche de Rootkits, puis dans Sélection manuelle, coche tout (tes partitions de disque dur).
* Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
* Poste moi le rapport généré : Pour cela, clique sur l'onglet Aperçu, puis choisis Rapports, tu trouveras son rapport..
* Sélectionne le rapport et clique sur l'icône "Afficher le fichier de rapport du rapport sélectionné.


Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

Pourquoi changer ? Avast vs Antivir.:Avast Vs Antivir

Aide : Comment installer et utiliser AntiVir.

Tuto Antivir

Configuration de Antivir (Merci a Nico):

clic droit sur son icone dans la barre des taches et séléctionner Configurer Antivir.

cocher la case : Mode Expert.

=> Cliquer sur Scanner dans le volet de gauche :

> Dans "Fichiers" séléctionner Tous les fichiers.

> Dans procédure de recherche, cocher Autoriser l'arrêt, et dans "priorité scanner" séléctionner Elevé.

> Dans "Autres réglages" cocher toutes les cases.

NE SURTOUT PAS OUBLIER LA RECHERCHE DES ROOTKIT QUI EST TRES IMPORTANTE !

=> Cliquer sur "Recherche" dans le volet de gauche et appliquer les mêmes paramètres que précédemment.

=> Dérouler "Recherche" en cliquant sur le +. Cliquer sur "Heuristique" :

> Cocher "Heuristique de MacroVirus" et "Heuristique fichier Win32" avec degré d'indentification ELEVE !

=> Dans le volet de gauche, dérouler "Guard" puis dérouler "Recherche" :

> Cocher "Heuristique de MacroVirus" et "Heuristique fichier Win32" avec degré d'identification ELEVE !


0
Réponse 43 / 69
Ox0_Pierro
 
Voici le rapport OTMoveit3 :

EN PASSANT encore.. ; dans le rapport, ils disent que "Files" et "registry" étaient "not founded" parce que j'ai dû faire le truc deux fois parce que la premiere fois mon ordinateur avait planter encore au moment des "Commands". Cependant, je sais qu'ils ne sont plus là et qu'ils ont ete moved/deleted sucessfully)

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\Nostale(Global) not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d5d20c5-45ec-11dd-87ba-001d6031bc03}\\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84a16107-57f4-11dd-9c64-001d6031bc03}\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Launcher not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
Windows Temp folder emptied.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03152009_114010

Files moved on Reboot...
DllUnregisterServer procedure not found in C:\Windows\temp\logishrd\LVPrcInj01.dll
C:\Windows\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
0
Réponse 44 / 69
Utilisateur anonyme
 
ok continues avec Antivir et donne le rapport stp

lis bien la config
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 69
Ox0_Pierro
 
Dois-je desinstaller Avast? avant de mettre Avira Antivir? et faire un scan?
0
Réponse 46 / 69
Utilisateur anonyme
 
oui tout est indiqué comment faire . De la sorte ,tu seras bien mieux protegé.
0
Réponse 47 / 69
Ox0_Pierro
 
Est-ce normal aussi que je ne peux pas faire une mise a jour dans avira antivir? Il indique
Status : Internet connection falied.
0
Réponse 48 / 69
Utilisateur anonyme
 
Telecharge maintenant FindyKill sur ton bureau :

FindyKill

--> Lance l installation avec les parametres par default

--> Au menu principal,choisi l option 1 (Recherche)

--> Post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 49 / 69
Ox0_Pierro
 
Bon j'ai reussi a faire un update de Antivir avec un manuel update. Presentement je fais un scan.

Voici le rapport de Findykill :


############################## [ FindyKill V4.720 ]

# User : Pierre (Administrateurs) # PC-DE-PIERRE
# Update on 12/03/09 by Chiquitine29
# Start at: 12:47:48 | 2009-03-15

# Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
# Microsoft© Windows VistaT dition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 364,65 Go (185,43 Go free) [HP] # NTFS
# D:\ # Disque fixe local # 7,96 Go (727,71 Mo free) [Recovery] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible

############################## [ Processus actifs ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\Dwm.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorService.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\spool\drivers\w32x86\3\E_FATIALA.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Netscape Accélérateur\slipcore.exe
C:\Program Files\Bell\Sympatico Security Advisor\SSA.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Samsung\EmoDio\SMSTray.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Users\Pierre\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\rundll32.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## [ Fichiers / Dossiers infectieux C:\ ]


################## [ C:\Windows ]


################## [ C:\Windows\system32 ]


################## [ C:\Windows\system32\drivers ]


################## [ C:\.. Application Data ... ]


################## [ Registre / Clés infectieuses ]



################## [ Recherche dans supports amovibles]


# Contenu de l'autorun : D:\autorun.inf

[autorun]
;khqnfxhtzemtoltxymcnebhjjlwviaianetbznznplmescefreuydtzmvrangbakikqytedfjinqfvujvpzjxvzmrgjsunhtxqyn
shellexecute="RECYCLER\S-9-3-22-100001671-100007628-100001293-8593.com d:\"
;iyqtuuxhkmxzguaxqcmxkvuckglxcswodrmbkieelbkvlsvrwglbid
shell\Open\command="RECYCLER\S-9-3-22-100001671-100007628-100001293-8593.com d:\"
;elwbuoruxefrzjbtcuebdugbybmvvwchdpaqlujiimhqdatzvllcpdzribmypaxidmdl
shell=Open

# Presence des fichiers :

Found ! [2009-03-09 19:34][-r-hs----] - D:\autorun.inf

################## [ Registre / Mountpoint2 ]

# -> Not found !

################## [ ! Fin du rapport # FindyKill V4.720 ! ]
0
Réponse 50 / 69
Utilisateur anonyme
 
ok tu pourras faire l option 2 une fois le scan de antivir terminé


Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir


--> Fais clic droit sur le raccourci FindyKill sur ton bureau

--> Au menu principal,choisi l option 2 (Suppression)


/!\ il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du message "nettoyage effectué"

/!\ Ne te sert pas du pc durant la suppression , ton bureau ne sera pas accessible c est normal !

-------> ensuite post le rapport FindyKill.txt

Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
0
Réponse 51 / 69
Ox0_Pierro
 
Ok alors quand j'aurais fini de faire mon scan Antivir, je dois brancher ma clé USB et faire un scan de ça ou quoi?
0
Réponse 52 / 69
Utilisateur anonyme
 
de findykill oui :)
0
Réponse 53 / 69
Ox0_Pierro
 
Bon mon scan n'est toujours pas fini -_-', mais ce que je voulais savoir c'est qu'apres mon scan complet antivir de mon ordinateur, est ce que je scan ma clé USB avec Antivir ou je démarre le truc de findykill tout de suite?
0
Réponse 54 / 69
Utilisateur anonyme
 
tu peux scanner ta cle avec antivir tout seule et ensuite findykill
0
Réponse 55 / 69
Ox0_Pierro
 
Ok merci. J'envois le rapport de Antivir tout de suite apres qu'il est fini..
0
Réponse 56 / 69
Utilisateur anonyme
 
ok :P
0
Réponse 57 / 69
Ox0_Pierro
 
Bon voici enfin le rapport du scan Antivir (apres 5h de scan..):



Avira AntiVir Personal
Report file date: 15 mars 2009 12:46

Scanning for 1297221 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-PIERRE

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-18 13:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 12:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 17:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 12:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 16:29:38
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2009-02-11 00:32:40
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 2009-03-11 12:29:32
ANTIVIR3.VDF : 7.1.2.171 61952 Bytes 2009-03-13 21:16:38
Engineversion : 8.2.0.114
AEVDF.DLL : 8.1.1.0 106868 Bytes 2009-01-30 20:56:18
AESCRIPT.DLL : 8.1.1.63 364923 Bytes 2009-03-13 00:28:02
AESCN.DLL : 8.1.1.8 127346 Bytes 2009-03-05 22:22:54
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-05 12:43:26
AEPACK.DLL : 8.1.3.10 397686 Bytes 2009-03-04 21:43:28
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2009-02-27 00:56:12
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 2009-03-05 22:22:54
AEHELP.DLL : 8.1.2.2 119158 Bytes 2009-02-27 00:56:12
AEGEN.DLL : 8.1.1.28 336244 Bytes 2009-03-13 00:28:02
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-15 15:49:36
AECORE.DLL : 8.1.6.6 176501 Bytes 2009-02-17 21:00:12
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-15 15:49:34
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 13:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 14:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 17:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 16:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 13:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 17:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 22:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 17:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 17:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 18:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 18:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 15 mars 2009 12:46

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'FindyKill.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'wlmail.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VideoAcceleratorEngine.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'DAP.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'VideoAccelerator.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'SSA.exe' - '1' Module(s) have been scanned
Scan process 'slipcore.exe' - '1' Module(s) have been scanned
Scan process 'ACDaemon.exe' - '1' Module(s) have been scanned
Scan process 'HpqSRmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIALA.EXE' - '1' Module(s) have been scanned
Scan process 'OSD.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'AWC.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VideoAcceleratorService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'npkcmsvc.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'ACService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
88 processes with 88 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '65' files ).


Starting the file scan:

Begin scan in 'C:\' <HP>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Alice Greenfingers 2\AliceGreenfingers2.exe.BAK
[DETECTION] Is the TR/Dldr.Agent.apzy Trojan
[NOTE] The file was deleted!
C:\Program Files\Bejeweled 2 Deluxe\WinBej2.exe
[DETECTION] Is the TR/Agent.274432.H Trojan
[NOTE] The file was deleted!
C:\Program Files\Diner Dash 2\dinerdash2.exe.backup
[DETECTION] Is the TR/Dldr.Agent.adla.1 Trojan
[NOTE] The file was deleted!
C:\Program Files\Operation Mania\Operation Mania.exe
[DETECTION] Is the TR/Agent.286720.M Trojan
[NOTE] The file was deleted!
C:\Program Files\Operation Mania\Operation Mania.exe.BAK
[DETECTION] Is the TR/Agent.286720.H Trojan
[NOTE] The file was deleted!
C:\Users\Pierre\Documents\Downloads\Adobe CS4\adobe-master-cs4-keygen.exe
[DETECTION] Is the TR/Dldr.BZW Trojan
[NOTE] The file was deleted!
C:\Users\Pierre\Downloads\Jeux\AliceGreenfingers2Setup.exe
[DETECTION] Contains recognition pattern of the DR/Dldr.Agent.apzy.1 dropper
[NOTE] The file was deleted!
C:\Users\Pierre\Downloads\Roms\pazn_95@hotmail.com.dap
[DETECTION] Contains recognition pattern of the DR/Poison.qmf dropper
[NOTE] The file was deleted!
C:\Users\Public\Incomplete\T-1010769-papergansta lady gaga.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Public\Incomplete\T-1010769-wonderful lady gaga.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Public\Incomplete\T-3263249-paper gansta lady gaga.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Public\Incomplete\T-3545425-papergansta lady gaga.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Public\Incomplete\T-3545427-lady gaga wonderful (high bitrate).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Public\Incomplete\T-3545427-papergansta lady gaga (256k 44800).mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Public\Incomplete\T-3545427-papergansta lady gaga - high quality.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Public\Incomplete\T-3877634-paper gangsta lady gaga - greatest hits.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Public\Incomplete\T-3877634-paper gansta lady gaga - greatest hits.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Public\Incomplete\T-5088466-lady gaga wonderful[256k quality].snd
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Public\Incomplete\T-5088466-paper gansta lady gaga.snd
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Visiteurs\Documents\LimeWire\Incomplete\Preview-T-3877633-tinh yeu cao thuong pham quynh.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Visiteurs\Documents\LimeWire\Incomplete\Preview-T-5745425-tinh yeu cao thuong.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Visiteurs\Documents\LimeWire\Incomplete\T-3877633-tinh yeu cao thuong pham quynh.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Users\Visiteurs\Documents\LimeWire\Incomplete\T-5745425-tinh yeu cao thuong.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was deleted!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Recovery>


End of the scan: 15 mars 2009 18:03
Used time: 5:17:10 Hour(s)

The scan has been done completely.

50412 Scanning directories
2209653 Files were scanned
23 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
23 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
2209628 Files not concerned
13783 Archives were scanned
6 Warnings
23 Notes

Je vais faire un scan de ma clé USB et jenvoie le rapport
0
Réponse 58 / 69
Ox0_Pierro
 
Voici le scan de ma clé USB :


Avira AntiVir Personal
Report file date: 15 mars 2009 18:10

Scanning for 1297221 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: Pierre
Computer name: PC-DE-PIERRE

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-18 13:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 12:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 17:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 12:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 16:29:38
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2009-02-11 00:32:40
ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 2009-03-11 12:29:32
ANTIVIR3.VDF : 7.1.2.171 61952 Bytes 2009-03-13 21:16:38
Engineversion : 8.2.0.114
AEVDF.DLL : 8.1.1.0 106868 Bytes 2009-01-30 20:56:18
AESCRIPT.DLL : 8.1.1.63 364923 Bytes 2009-03-13 00:28:02
AESCN.DLL : 8.1.1.8 127346 Bytes 2009-03-05 22:22:54
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-05 12:43:26
AEPACK.DLL : 8.1.3.10 397686 Bytes 2009-03-04 21:43:28
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 2009-02-27 00:56:12
AEHEUR.DLL : 8.1.0.104 1634679 Bytes 2009-03-05 22:22:54
AEHELP.DLL : 8.1.2.2 119158 Bytes 2009-02-27 00:56:12
AEGEN.DLL : 8.1.1.28 336244 Bytes 2009-03-13 00:28:02
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-15 15:49:36
AECORE.DLL : 8.1.6.6 176501 Bytes 2009-02-17 21:00:12
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-15 15:49:34
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 13:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 14:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-07-31 17:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 16:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 13:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 17:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 22:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 17:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 17:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 18:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 18:34:37

Configuration settings for the scan:
Jobname..........................: ShlExt
Configuration file...............: C:\Users\Pierre\AppData\Local\Temp\c1010e93.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: K:,
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 15 mars 2009 18:10

Starting the file scan:

Begin scan in 'K:\' <USB>


End of the scan: 15 mars 2009 18:10
Used time: 00:03 Minute(s)

The scan has been done completely.

1 Scanning directories
67 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
67 Files not concerned
2 Archives were scanned
0 Warnings
0 Notes
0
Réponse 59 / 69
Utilisateur anonyme
 
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
????????

pour la clé c est bon

la suite ?
0
Réponse 60 / 69
Ox0_Pierro
 
Voici le rapport de Findykill :


############################## [ FindyKill V4.720 ]

# User : Pierre () # PC-DE-PIERRE
# Update on 12/03/09 by Chiquitine29
# Start at: 20:44:45 | 2009-03-15

# Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
# Microsoft© Windows VistaT dition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
# Internet Explorer 7.0.6001.18000
# Windows Firewall Status : Disabled

# C:\ # Disque fixe local # 364,65 Go (184,66 Go free) [HP] # NTFS
# D:\ # Disque fixe local # 7,96 Go (727,96 Mo free) [Recovery] # NTFS
# E:\ # Disque CD-ROM
# F:\ # Disque CD-ROM
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque amovible
# J:\ # Disque amovible

############################## [ Active Processes ]

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## [ Infected Files / Folders C:\ ]


################## [ C:\Windows ]


################## [ C:\Windows\system32 ]


################## [ C:\Windows\system32\drivers ]


################## [ C:\.. Application Data ... ]


################## [ Registry / Infected keys ]


################## [ Cleaning Removable drives ]

# Deleting files :


################## [ Registry / Mountpoint2 ]

# -> Not found !

################## [ Searching Other Infections ]

# -> Nothing found.

################## [ ! End of Report # FindyKill V4.720 ! ]
0