Page firefox infectée: findclick.de
Résolu
caema
Messages postés
45
Date d'inscription
Statut
Membre
Dernière intervention
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Depuis quelques temps, mon firefox ne veut plus afficher ma page google. En lieu et place je me retrouve sans cesse avec une page findclick.de
Malgré mon NOD à jour et divers antispyware, je n'arrive pas à éradiquer seule ce virus.
Pourriez-vous m'aider?
D'avance merci
Depuis quelques temps, mon firefox ne veut plus afficher ma page google. En lieu et place je me retrouve sans cesse avec une page findclick.de
Malgré mon NOD à jour et divers antispyware, je n'arrive pas à éradiquer seule ce virus.
Pourriez-vous m'aider?
D'avance merci
A voir également:
- Page firefox infectée: findclick.de
- Supprimer page word - Guide
- Exporter marque page firefox - Guide
- Video downloadhelper firefox - Télécharger - Outils pour navigateurs
- Telecharger firefox - Télécharger - Navigateurs
- Mettre google en page d'accueil firefox - Guide
91 réponses
Logfile of random's system information tool 1.06 (written by random/random)
Run by Chris at 2009-12-11 15:49:08
Microsoft Windows 7 Édition Intégrale
System drive C: has 60 GB (25%) free of 238 GB
Total RAM: 2047 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:27, on 11/12/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Users\Chris\Desktop\RSIT.exe
C:\Program Files (x86)\Utilitaires\HiJackThis\Chris.exe
C:\Program Files (x86)\Utilitaires\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.domainmarkt.de/findclick.de/direct
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.domainmarkt.de/findclick.de/direct
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.domainmarkt.de/findclick.de/direct
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Chris\AppData\Local\Temp\rsvp.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Chuck] C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe"
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\Users\Chris\AppData\Roaming\MICROS~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\Windows\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Chris\AppData\Local\Temp\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Windows\dllhst3g.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] C:\Users\Chris\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'Système')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [IEudinit] C:\Users\Chris\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\Utilitaires\ma-config.com\maconfservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Run by Chris at 2009-12-11 15:49:08
Microsoft Windows 7 Édition Intégrale
System drive C: has 60 GB (25%) free of 238 GB
Total RAM: 2047 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:49:27, on 11/12/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Users\Chris\Desktop\RSIT.exe
C:\Program Files (x86)\Utilitaires\HiJackThis\Chris.exe
C:\Program Files (x86)\Utilitaires\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.domainmarkt.de/findclick.de/direct
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.domainmarkt.de/findclick.de/direct
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.domainmarkt.de/findclick.de/direct
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Chris\AppData\Local\Temp\rsvp.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Chuck] C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe"
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\Users\Chris\AppData\Roaming\MICROS~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\Windows\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Chris\AppData\Local\Temp\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Windows\dllhst3g.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] C:\Users\Chris\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'Système')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [IEudinit] C:\Users\Chris\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\Utilitaires\ma-config.com\maconfservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
•- Hijackthis - Outil de diagnostic et réparation
télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
1° Fermer toutes les fenêtres.
2° Lancer HijackThis et choisir Open the misc tools section, puis choisir l'option Main, s'assurer que "Make backups before fixing items" est activé.
3° selectionne seulement les lignes ci dessous (en les cochant sur la case de gauche de chaque ligne à fixer) :
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\Users\Chris\AppData\Roaming\MICROS~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\Windows\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Chris\AppData\Local\Temp\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] C:\Users\Chris\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'Système')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [IEudinit] C:\Users\Chris\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'Default user')
4° Au menu principal, choisir do a scan only, puis cocher la case devant les lignes à corriger et cliquer en bas sur Fix Checked.
5° A la fin du Scan, cliquer sur Save log,
le rapport sera généré dans le dossier initialement créé pour installer HijackThis
puis supprime ces fichiers en manuel :
c:\users\chris\appdata\roaming\micros~1\dllhst3g.exe
c:\windows\dllhst3g.exe
c:\windows\ieudinit.exe
C:\ProgramData\rkfree
C:\Windows\clipsrv.exe
fais une mise à jour d'avira (s'il n'est pas déjà à jour), configure le comme ceci puis lance un scan complet de ton pc :
• Configuration de Antivir :
clic droit sur son icône dans la barre des taches et sélectionner Configurer Antivir.
cocher la case : Mode Expert( en haut à gauche de la fenêtre)..
=> Cliquer sur Scanner dans le volet de gauche :
> Dans "Fichiers" sélectionner Tous les fichiers.
> Dans procédure de recherche, cocher Autoriser l'arrêt, et dans "priorité scanner" sélectionner Moyen.
> Dans "Autres réglages" cocher toutes les cases.
NE SURTOUT PAS OUBLIER LA RECHERCHE DES ROOTKIT QUI EST TRES IMPORTANTE !
=> Cliquer sur "Recherche" dans le volet de gauche et appliquer les mêmes paramètres que précédemment.
=> Dérouler "Recherche" en cliquant sur le +. Cliquer sur "Heuristique" :
> Cocher "Heuristique de MacroVirus" et "Heuristique fichier Win32" avec degré d'indentification MOYEN !
=> Dans le volet de gauche, dérouler "Guard" :
coche : contrôler pendant la lecture et l’écriture, puis à côté : tous les fichiers.
aide en images :
https://www.commentcamarche.net/faq/16831-tutoriel-configuration-optimale-d-antivir-personal#2-la-configuration
Tuto configuration en vidéo (merci à Nico pour la vidéo) :
http://sd-1.archive-host.com/membres/up/829108531491024/video-Antivir.zip
poste le rapport d'avira sur ton prochain message
merci
télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
1° Fermer toutes les fenêtres.
2° Lancer HijackThis et choisir Open the misc tools section, puis choisir l'option Main, s'assurer que "Make backups before fixing items" est activé.
3° selectionne seulement les lignes ci dessous (en les cochant sur la case de gauche de chaque ligne à fixer) :
O4 - HKLM\..\Policies\Explorer\Run: [DllHst] C:\Users\Chris\AppData\Roaming\MICROS~1\dllhst3g.exe /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\Windows\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Chris\AppData\Local\Temp\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [IEudinit] C:\Users\Chris\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'Système')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [IEudinit] C:\Users\Chris\LOCALS~1\APPLIC~1\ieudinit.exe /waitservice (User 'Default user')
4° Au menu principal, choisir do a scan only, puis cocher la case devant les lignes à corriger et cliquer en bas sur Fix Checked.
5° A la fin du Scan, cliquer sur Save log,
le rapport sera généré dans le dossier initialement créé pour installer HijackThis
puis supprime ces fichiers en manuel :
c:\users\chris\appdata\roaming\micros~1\dllhst3g.exe
c:\windows\dllhst3g.exe
c:\windows\ieudinit.exe
C:\ProgramData\rkfree
C:\Windows\clipsrv.exe
fais une mise à jour d'avira (s'il n'est pas déjà à jour), configure le comme ceci puis lance un scan complet de ton pc :
• Configuration de Antivir :
clic droit sur son icône dans la barre des taches et sélectionner Configurer Antivir.
cocher la case : Mode Expert( en haut à gauche de la fenêtre)..
=> Cliquer sur Scanner dans le volet de gauche :
> Dans "Fichiers" sélectionner Tous les fichiers.
> Dans procédure de recherche, cocher Autoriser l'arrêt, et dans "priorité scanner" sélectionner Moyen.
> Dans "Autres réglages" cocher toutes les cases.
NE SURTOUT PAS OUBLIER LA RECHERCHE DES ROOTKIT QUI EST TRES IMPORTANTE !
=> Cliquer sur "Recherche" dans le volet de gauche et appliquer les mêmes paramètres que précédemment.
=> Dérouler "Recherche" en cliquant sur le +. Cliquer sur "Heuristique" :
> Cocher "Heuristique de MacroVirus" et "Heuristique fichier Win32" avec degré d'indentification MOYEN !
=> Dans le volet de gauche, dérouler "Guard" :
coche : contrôler pendant la lecture et l’écriture, puis à côté : tous les fichiers.
aide en images :
https://www.commentcamarche.net/faq/16831-tutoriel-configuration-optimale-d-antivir-personal#2-la-configuration
Tuto configuration en vidéo (merci à Nico pour la vidéo) :
http://sd-1.archive-host.com/membres/up/829108531491024/video-Antivir.zip
poste le rapport d'avira sur ton prochain message
merci
bonjour,
je transfère ton poste ici :
Avira AntiVir Personal
Report file date: samedi 12 décembre 2009 14:57
Scanning for 1265407 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista 64 Bit
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : Chris
Computer name : CHRIS-PC
Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 8/11/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 06:35:52
VBASE001.VDF : 7.10.0.1 2048 Bytes 6/11/2009 06:35:56
VBASE002.VDF : 7.10.0.2 2048 Bytes 6/11/2009 06:35:58
VBASE003.VDF : 7.10.0.3 2048 Bytes 6/11/2009 06:36:02
VBASE004.VDF : 7.10.0.4 2048 Bytes 6/11/2009 06:36:04
VBASE005.VDF : 7.10.0.5 2048 Bytes 6/11/2009 06:36:08
VBASE006.VDF : 7.10.0.6 2048 Bytes 6/11/2009 06:36:12
VBASE007.VDF : 7.10.0.7 2048 Bytes 6/11/2009 06:36:16
VBASE008.VDF : 7.10.0.8 2048 Bytes 6/11/2009 06:36:18
VBASE009.VDF : 7.10.0.9 2048 Bytes 6/11/2009 06:36:22
VBASE010.VDF : 7.10.0.10 2048 Bytes 6/11/2009 06:36:30
VBASE011.VDF : 7.10.0.11 2048 Bytes 6/11/2009 06:36:34
VBASE012.VDF : 7.10.0.12 2048 Bytes 6/11/2009 06:36:38
VBASE013.VDF : 7.10.0.13 2048 Bytes 6/11/2009 06:36:40
VBASE014.VDF : 7.10.0.14 2048 Bytes 6/11/2009 06:36:44
VBASE015.VDF : 7.10.0.15 2048 Bytes 6/11/2009 06:36:46
VBASE016.VDF : 7.10.0.16 2048 Bytes 6/11/2009 06:36:48
VBASE017.VDF : 7.10.0.17 2048 Bytes 6/11/2009 06:36:50
VBASE018.VDF : 7.10.0.18 2048 Bytes 6/11/2009 06:36:54
VBASE019.VDF : 7.10.0.19 2048 Bytes 6/11/2009 06:36:56
VBASE020.VDF : 7.10.0.20 2048 Bytes 6/11/2009 06:36:58
VBASE021.VDF : 7.10.0.21 2048 Bytes 6/11/2009 06:37:00
VBASE022.VDF : 7.10.0.22 2048 Bytes 6/11/2009 06:37:04
VBASE023.VDF : 7.10.0.23 2048 Bytes 6/11/2009 06:37:06
VBASE024.VDF : 7.10.0.24 2048 Bytes 6/11/2009 06:37:10
VBASE025.VDF : 7.10.0.25 2048 Bytes 6/11/2009 06:37:12
VBASE026.VDF : 7.10.0.26 2048 Bytes 6/11/2009 06:37:14
VBASE027.VDF : 7.10.0.27 2048 Bytes 6/11/2009 06:37:16
VBASE028.VDF : 7.10.0.28 2048 Bytes 6/11/2009 06:37:18
VBASE029.VDF : 7.10.0.29 2048 Bytes 6/11/2009 06:37:20
VBASE030.VDF : 7.10.0.30 2048 Bytes 6/11/2009 06:37:22
VBASE031.VDF : 7.10.0.33 2048 Bytes 6/11/2009 06:37:24
Engineversion : 8.2.1.59
AEVDF.DLL : 8.1.1.2 106867 Bytes 8/11/2009 06:38:52
AESCRIPT.DLL : 8.1.2.43 528764 Bytes 8/11/2009 06:38:48
AESCN.DLL : 8.1.2.5 127346 Bytes 8/11/2009 06:38:46
AESBX.DLL : 8.1.1.1 246132 Bytes 8/11/2009 06:38:44
AERDL.DLL : 8.1.3.2 479604 Bytes 8/11/2009 06:38:42
AEPACK.DLL : 8.2.0.3 422261 Bytes 8/11/2009 06:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 8/11/2009 06:38:38
AEHEUR.DLL : 8.1.0.178 2093431 Bytes 8/11/2009 06:38:34
AEHELP.DLL : 8.1.7.0 237940 Bytes 8/11/2009 06:38:30
AEGEN.DLL : 8.1.1.71 364916 Bytes 8/11/2009 06:38:28
AEEMU.DLL : 8.1.1.0 393587 Bytes 8/11/2009 06:38:26
AECORE.DLL : 8.1.8.2 184694 Bytes 8/11/2009 06:38:24
AEBB.DLL : 8.1.0.3 53618 Bytes 8/11/2009 06:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 11:25:47
Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: c:\program files (x86)\avira\antivir desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, A:, F:, G:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: on
Optimised scan......................: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Start of the scan: samedi 12 décembre 2009 14:57
Initiating scan of system files:
Signed -> 'C:\Windows\system32\svchost.exe'
Signed -> 'C:\Windows\system32\winlogon.exe'
Signed -> 'C:\Windows\explorer.exe'
Signed -> 'C:\Windows\system32\smss.exe'
Signed -> 'C:\Windows\system32\wininet.DLL'
Signed -> 'C:\Windows\system32\wsock32.DLL'
Signed -> 'C:\Windows\system32\ws2_32.DLL'
Signed -> 'C:\Windows\system32\services.exe'
Signed -> 'C:\Windows\system32\lsass.exe'
Signed -> 'C:\Windows\system32\csrss.exe'
Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signed -> 'C:\Windows\system32\spoolsv.exe'
Signed -> 'C:\Windows\system32\alg.exe'
Signed -> 'C:\Windows\system32\wuauclt.exe'
Signed -> 'C:\Windows\system32\advapi32.DLL'
Signed -> 'C:\Windows\system32\user32.DLL'
Signed -> 'C:\Windows\system32\gdi32.DLL'
Signed -> 'C:\Windows\system32\kernel32.DLL'
Signed -> 'C:\Windows\system32\ntdll.DLL'
Signed -> 'C:\Windows\system32\ntoskrnl.exe'
Signed -> 'C:\Windows\system32\ctfmon.exe'
The system files were scanned ('21' files)
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '0' Module(s) have been scanned
Scan process 'msiexec.exe' - '0' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'wuauclt.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '0' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'fchuck.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '0' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'egui.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'dwm.exe' - '0' Module(s) have been scanned
Scan process 'ekrn.exe' - '1' Module(s) have been scanned
Scan process 'taskhost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
16 processes with 16 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Starting to scan executable files (registry).
C:\Users\Chris\AppData\Local\Temp\rsvp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
The registry was scanned ( '25' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\MSN Hack v2.1 All.exe
[DETECTION] Contains recognition pattern of the SPR/Blackmess.A program
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$R9KJ3LY.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RDZKU0C.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RHB6WRI.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RIYWQ62.zip
[0] Archive type: ZIP
--> Craagle/Craagle.exe
[DETECTION] Contains recognition pattern of the ADSPY/Craagle.B.8 adware or spyware
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RY7LHX1.exe
[DETECTION] Contains recognition pattern of the ADSPY/Craagle.B.8 adware or spyware
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RYCYEGI.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Kill'em\Quarantine\clipsrv.exe.Kill'em
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Kill'em\Quarantine\rsvp.exe.Kill'em
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Program Files\UlisesSoft\nodlogin.exe
[DETECTION] Is the TR/HackAV.CU Trojan
C:\Users\Chris\AppData\Local\ieudinit.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Local\logman.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Local\Microsoft\clipsrv.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Local\Microsoft\dllhst3g.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Local\Microsoft\mstsc.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Local\Temp\clipsrv.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Local\Temp\rsvp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Roaming\cisvc.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Windows\system\cmstp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Documents>
Begin scan in 'E:\' <Téléchargements>
E:\HACK\Bifrost_1.2.1d.rar
[0] Archive type: RAR
--> Bifrost 1.2.1d\Bifrost.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.Gen back-door program
--> Bifrost 1.2.1d\Server.exe
[DETECTION] Contains recognition pattern of the DR/bvb.SAG dropper
--> Bifrost 1.2.1d\Server.zip
[1] Archive type: ZIP
--> Server.exe
[DETECTION] Contains recognition pattern of the DR/bvb.SAG dropper
E:\HACK\msn hack 2\MSN Hack v2.1 All.exe
[DETECTION] Contains recognition pattern of the SPR/MSNHack.B program
E:\HACK\msn hack 3\MSN Password Grabber.exe
[DETECTION] Contains recognition pattern of the SPR/MSNHack.C program
E:\HACK\Script MSN hack\Script a envoyé a la victime\Avast 2.3 Protection Windows Live Messenger ©.plsc
[0] Archive type: ZIP
--> huhu_ctrl.js
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
--> lock.exe
[DETECTION] Is the TR/MustHave.A Trojan
--> sin.exe
[DETECTION] Is the TR/Agent.17902 Trojan
--> mdr.exe
[DETECTION] Is the TR/PSW.MSN.myf Trojan
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: Le périphérique n’est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n’est pas prêt.
Begin scan in 'G:\' <Tropico 3>
Beginning disinfection:
C:\Users\Chris\AppData\Local\Temp\rsvp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b99abd2.qua'!
C:\MSN Hack v2.1 All.exe
[DETECTION] Contains recognition pattern of the SPR/Blackmess.A program
[NOTE] The file was moved to '4b71abb2.qua'!
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$R9KJ3LY.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b5cabb1.qua'!
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RDZKU0C.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b67abb1.qua'!
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RHB6WRI.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b6babb1.qua'!
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RIYWQ62.zip
[NOTE] The file was moved to '4b6cabb1.qua'!
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RY7LHX1.exe
[DETECTION] Contains recognition pattern of the ADSPY/Craagle.B.8 adware or spyware
[NOTE] The file was moved to '4b7cabb1.qua'!
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RYCYEGI.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4fb5d2f2.qua'!
C:\Kill'em\Quarantine\clipsrv.exe.Kill'em
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b8cabcb.qua'!
C:\Kill'em\Quarantine\rsvp.exe.Kill'em
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4c59e56b.qua'!
C:\Program Files\UlisesSoft\nodlogin.exe
[DETECTION] Is the TR/HackAV.CU Trojan
[NOTE] The file was moved to '4b87abce.qua'!
C:\Users\Chris\AppData\Local\ieudinit.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b98abc4.qua'!
C:\Users\Chris\AppData\Local\logman.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b8aabce.qua'!
C:\Users\Chris\AppData\Local\Microsoft\clipsrv.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4f4708d4.qua'!
C:\Users\Chris\AppData\Local\Microsoft\dllhst3g.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b8fabcb.qua'!
C:\Users\Chris\AppData\Local\Microsoft\mstsc.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b97abd2.qua'!
C:\Users\Chris\AppData\Local\Temp\clipsrv.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4c4506dc.qua'!
C:\Users\Chris\AppData\Local\Temp\rsvp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The driver could not be initialized.
[NOTE] The file is scheduled for deleting after reboot.
C:\Users\Chris\AppData\Roaming\cisvc.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b96abd1.qua'!
C:\Windows\system\cmstp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b96abd5.qua'!
E:\HACK\Bifrost_1.2.1d.rar
[NOTE] The file was moved to '4b89abd1.qua'!
E:\HACK\msn hack 2\MSN Hack v2.1 All.exe
[DETECTION] Contains recognition pattern of the SPR/MSNHack.B program
[NOTE] The file was moved to '4b71abbc.qua'!
E:\HACK\msn hack 3\MSN Password Grabber.exe
[DETECTION] Contains recognition pattern of the SPR/MSNHack.C program
[NOTE] The file was moved to '40fc32f5.qua'!
E:\HACK\Script MSN hack\Script a envoyé a la victime\Avast 2.3 Protection Windows Live Messenger ©.plsc
[NOTE] The file was moved to '4b84abdf.qua'!
End of the scan: samedi 12 décembre 2009 15:40
Used time: 42:05 Minute(s)
The scan has been done completely.
19605 Scanned directories
302203 Files were scanned
29 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
23 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
302171 Files not concerned
2176 Archives were scanned
4 Warnings
26 Notes
Donne moi des nouvelles de ton pc sur ton prochain message
merci
je transfère ton poste ici :
Avira AntiVir Personal
Report file date: samedi 12 décembre 2009 14:57
Scanning for 1265407 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista 64 Bit
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : Chris
Computer name : CHRIS-PC
Version information:
BUILD.DAT : 9.0.0.415 21609 Bytes 8/11/2009 10:00:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:33
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:52
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6/11/2009 06:35:52
VBASE001.VDF : 7.10.0.1 2048 Bytes 6/11/2009 06:35:56
VBASE002.VDF : 7.10.0.2 2048 Bytes 6/11/2009 06:35:58
VBASE003.VDF : 7.10.0.3 2048 Bytes 6/11/2009 06:36:02
VBASE004.VDF : 7.10.0.4 2048 Bytes 6/11/2009 06:36:04
VBASE005.VDF : 7.10.0.5 2048 Bytes 6/11/2009 06:36:08
VBASE006.VDF : 7.10.0.6 2048 Bytes 6/11/2009 06:36:12
VBASE007.VDF : 7.10.0.7 2048 Bytes 6/11/2009 06:36:16
VBASE008.VDF : 7.10.0.8 2048 Bytes 6/11/2009 06:36:18
VBASE009.VDF : 7.10.0.9 2048 Bytes 6/11/2009 06:36:22
VBASE010.VDF : 7.10.0.10 2048 Bytes 6/11/2009 06:36:30
VBASE011.VDF : 7.10.0.11 2048 Bytes 6/11/2009 06:36:34
VBASE012.VDF : 7.10.0.12 2048 Bytes 6/11/2009 06:36:38
VBASE013.VDF : 7.10.0.13 2048 Bytes 6/11/2009 06:36:40
VBASE014.VDF : 7.10.0.14 2048 Bytes 6/11/2009 06:36:44
VBASE015.VDF : 7.10.0.15 2048 Bytes 6/11/2009 06:36:46
VBASE016.VDF : 7.10.0.16 2048 Bytes 6/11/2009 06:36:48
VBASE017.VDF : 7.10.0.17 2048 Bytes 6/11/2009 06:36:50
VBASE018.VDF : 7.10.0.18 2048 Bytes 6/11/2009 06:36:54
VBASE019.VDF : 7.10.0.19 2048 Bytes 6/11/2009 06:36:56
VBASE020.VDF : 7.10.0.20 2048 Bytes 6/11/2009 06:36:58
VBASE021.VDF : 7.10.0.21 2048 Bytes 6/11/2009 06:37:00
VBASE022.VDF : 7.10.0.22 2048 Bytes 6/11/2009 06:37:04
VBASE023.VDF : 7.10.0.23 2048 Bytes 6/11/2009 06:37:06
VBASE024.VDF : 7.10.0.24 2048 Bytes 6/11/2009 06:37:10
VBASE025.VDF : 7.10.0.25 2048 Bytes 6/11/2009 06:37:12
VBASE026.VDF : 7.10.0.26 2048 Bytes 6/11/2009 06:37:14
VBASE027.VDF : 7.10.0.27 2048 Bytes 6/11/2009 06:37:16
VBASE028.VDF : 7.10.0.28 2048 Bytes 6/11/2009 06:37:18
VBASE029.VDF : 7.10.0.29 2048 Bytes 6/11/2009 06:37:20
VBASE030.VDF : 7.10.0.30 2048 Bytes 6/11/2009 06:37:22
VBASE031.VDF : 7.10.0.33 2048 Bytes 6/11/2009 06:37:24
Engineversion : 8.2.1.59
AEVDF.DLL : 8.1.1.2 106867 Bytes 8/11/2009 06:38:52
AESCRIPT.DLL : 8.1.2.43 528764 Bytes 8/11/2009 06:38:48
AESCN.DLL : 8.1.2.5 127346 Bytes 8/11/2009 06:38:46
AESBX.DLL : 8.1.1.1 246132 Bytes 8/11/2009 06:38:44
AERDL.DLL : 8.1.3.2 479604 Bytes 8/11/2009 06:38:42
AEPACK.DLL : 8.2.0.3 422261 Bytes 8/11/2009 06:38:40
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 8/11/2009 06:38:38
AEHEUR.DLL : 8.1.0.178 2093431 Bytes 8/11/2009 06:38:34
AEHELP.DLL : 8.1.7.0 237940 Bytes 8/11/2009 06:38:30
AEGEN.DLL : 8.1.1.71 364916 Bytes 8/11/2009 06:38:28
AEEMU.DLL : 8.1.1.0 393587 Bytes 8/11/2009 06:38:26
AECORE.DLL : 8.1.8.2 184694 Bytes 8/11/2009 06:38:24
AEBB.DLL : 8.1.0.3 53618 Bytes 8/11/2009 06:38:20
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:59
AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:02
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 5/12/2008 09:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/02/2009 07:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 5/12/2008 09:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:39:58
RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 11:25:47
Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: c:\program files (x86)\avira\antivir desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, E:, A:, F:, G:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: on
Optimised scan......................: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,
Start of the scan: samedi 12 décembre 2009 14:57
Initiating scan of system files:
Signed -> 'C:\Windows\system32\svchost.exe'
Signed -> 'C:\Windows\system32\winlogon.exe'
Signed -> 'C:\Windows\explorer.exe'
Signed -> 'C:\Windows\system32\smss.exe'
Signed -> 'C:\Windows\system32\wininet.DLL'
Signed -> 'C:\Windows\system32\wsock32.DLL'
Signed -> 'C:\Windows\system32\ws2_32.DLL'
Signed -> 'C:\Windows\system32\services.exe'
Signed -> 'C:\Windows\system32\lsass.exe'
Signed -> 'C:\Windows\system32\csrss.exe'
Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signed -> 'C:\Windows\system32\spoolsv.exe'
Signed -> 'C:\Windows\system32\alg.exe'
Signed -> 'C:\Windows\system32\wuauclt.exe'
Signed -> 'C:\Windows\system32\advapi32.DLL'
Signed -> 'C:\Windows\system32\user32.DLL'
Signed -> 'C:\Windows\system32\gdi32.DLL'
Signed -> 'C:\Windows\system32\kernel32.DLL'
Signed -> 'C:\Windows\system32\ntdll.DLL'
Signed -> 'C:\Windows\system32\ntoskrnl.exe'
Signed -> 'C:\Windows\system32\ctfmon.exe'
The system files were scanned ('21' files)
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '0' Module(s) have been scanned
Scan process 'msiexec.exe' - '0' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'wuauclt.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '0' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '0' Module(s) have been scanned
Scan process 'fchuck.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'DTLite.exe' - '1' Module(s) have been scanned
Scan process 'SUPERANTISPYWARE.EXE' - '1' Module(s) have been scanned
Scan process 'sidebar.exe' - '0' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'egui.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'dwm.exe' - '0' Module(s) have been scanned
Scan process 'ekrn.exe' - '1' Module(s) have been scanned
Scan process 'taskhost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '0' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '0' Module(s) have been scanned
Scan process 'winlogon.exe' - '0' Module(s) have been scanned
Scan process 'lsm.exe' - '0' Module(s) have been scanned
Scan process 'lsass.exe' - '0' Module(s) have been scanned
Scan process 'services.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'wininit.exe' - '0' Module(s) have been scanned
Scan process 'csrss.exe' - '0' Module(s) have been scanned
Scan process 'smss.exe' - '0' Module(s) have been scanned
16 processes with 16 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Starting to scan executable files (registry).
C:\Users\Chris\AppData\Local\Temp\rsvp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
The registry was scanned ( '25' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\MSN Hack v2.1 All.exe
[DETECTION] Contains recognition pattern of the SPR/Blackmess.A program
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$R9KJ3LY.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RDZKU0C.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RHB6WRI.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RIYWQ62.zip
[0] Archive type: ZIP
--> Craagle/Craagle.exe
[DETECTION] Contains recognition pattern of the ADSPY/Craagle.B.8 adware or spyware
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RY7LHX1.exe
[DETECTION] Contains recognition pattern of the ADSPY/Craagle.B.8 adware or spyware
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RYCYEGI.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Kill'em\Quarantine\clipsrv.exe.Kill'em
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Kill'em\Quarantine\rsvp.exe.Kill'em
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Program Files\UlisesSoft\nodlogin.exe
[DETECTION] Is the TR/HackAV.CU Trojan
C:\Users\Chris\AppData\Local\ieudinit.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Local\logman.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Local\Microsoft\clipsrv.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Local\Microsoft\dllhst3g.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Local\Microsoft\mstsc.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Local\Temp\clipsrv.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Local\Temp\rsvp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Users\Chris\AppData\Roaming\cisvc.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Windows\system\cmstp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Documents>
Begin scan in 'E:\' <Téléchargements>
E:\HACK\Bifrost_1.2.1d.rar
[0] Archive type: RAR
--> Bifrost 1.2.1d\Bifrost.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Bifrose.Gen back-door program
--> Bifrost 1.2.1d\Server.exe
[DETECTION] Contains recognition pattern of the DR/bvb.SAG dropper
--> Bifrost 1.2.1d\Server.zip
[1] Archive type: ZIP
--> Server.exe
[DETECTION] Contains recognition pattern of the DR/bvb.SAG dropper
E:\HACK\msn hack 2\MSN Hack v2.1 All.exe
[DETECTION] Contains recognition pattern of the SPR/MSNHack.B program
E:\HACK\msn hack 3\MSN Password Grabber.exe
[DETECTION] Contains recognition pattern of the SPR/MSNHack.C program
E:\HACK\Script MSN hack\Script a envoyé a la victime\Avast 2.3 Protection Windows Live Messenger ©.plsc
[0] Archive type: ZIP
--> huhu_ctrl.js
[DETECTION] Contains recognition pattern of the HTML/Rce.Gen HTML script virus
--> lock.exe
[DETECTION] Is the TR/MustHave.A Trojan
--> sin.exe
[DETECTION] Is the TR/Agent.17902 Trojan
--> mdr.exe
[DETECTION] Is the TR/PSW.MSN.myf Trojan
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: Le périphérique n’est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n’est pas prêt.
Begin scan in 'G:\' <Tropico 3>
Beginning disinfection:
C:\Users\Chris\AppData\Local\Temp\rsvp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b99abd2.qua'!
C:\MSN Hack v2.1 All.exe
[DETECTION] Contains recognition pattern of the SPR/Blackmess.A program
[NOTE] The file was moved to '4b71abb2.qua'!
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$R9KJ3LY.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b5cabb1.qua'!
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RDZKU0C.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b67abb1.qua'!
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RHB6WRI.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b6babb1.qua'!
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RIYWQ62.zip
[NOTE] The file was moved to '4b6cabb1.qua'!
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RY7LHX1.exe
[DETECTION] Contains recognition pattern of the ADSPY/Craagle.B.8 adware or spyware
[NOTE] The file was moved to '4b7cabb1.qua'!
C:\$Recycle.Bin\S-1-5-21-865406627-3469746096-798578228-1001\$RYCYEGI.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4fb5d2f2.qua'!
C:\Kill'em\Quarantine\clipsrv.exe.Kill'em
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b8cabcb.qua'!
C:\Kill'em\Quarantine\rsvp.exe.Kill'em
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4c59e56b.qua'!
C:\Program Files\UlisesSoft\nodlogin.exe
[DETECTION] Is the TR/HackAV.CU Trojan
[NOTE] The file was moved to '4b87abce.qua'!
C:\Users\Chris\AppData\Local\ieudinit.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b98abc4.qua'!
C:\Users\Chris\AppData\Local\logman.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b8aabce.qua'!
C:\Users\Chris\AppData\Local\Microsoft\clipsrv.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4f4708d4.qua'!
C:\Users\Chris\AppData\Local\Microsoft\dllhst3g.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b8fabcb.qua'!
C:\Users\Chris\AppData\Local\Microsoft\mstsc.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b97abd2.qua'!
C:\Users\Chris\AppData\Local\Temp\clipsrv.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4c4506dc.qua'!
C:\Users\Chris\AppData\Local\Temp\rsvp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK library.
[NOTE] The driver could not be initialized.
[NOTE] The file is scheduled for deleting after reboot.
C:\Users\Chris\AppData\Roaming\cisvc.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b96abd1.qua'!
C:\Windows\system\cmstp.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to '4b96abd5.qua'!
E:\HACK\Bifrost_1.2.1d.rar
[NOTE] The file was moved to '4b89abd1.qua'!
E:\HACK\msn hack 2\MSN Hack v2.1 All.exe
[DETECTION] Contains recognition pattern of the SPR/MSNHack.B program
[NOTE] The file was moved to '4b71abbc.qua'!
E:\HACK\msn hack 3\MSN Password Grabber.exe
[DETECTION] Contains recognition pattern of the SPR/MSNHack.C program
[NOTE] The file was moved to '40fc32f5.qua'!
E:\HACK\Script MSN hack\Script a envoyé a la victime\Avast 2.3 Protection Windows Live Messenger ©.plsc
[NOTE] The file was moved to '4b84abdf.qua'!
End of the scan: samedi 12 décembre 2009 15:40
Used time: 42:05 Minute(s)
The scan has been done completely.
19605 Scanned directories
302203 Files were scanned
29 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
23 Files were moved to quarantine
0 Files were renamed
3 Files cannot be scanned
302171 Files not concerned
2176 Archives were scanned
4 Warnings
26 Notes
Donne moi des nouvelles de ton pc sur ton prochain message
merci
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
coucou,
est ce que le poste passe ?
peu importe , j'ai vu le rapport d'avira, dis moi comment va le pc et ton fierfox ?
est ce que le poste passe ?
peu importe , j'ai vu le rapport d'avira, dis moi comment va le pc et ton fierfox ?
Oui, le poste passe!
Quand à firefox, je viens de redémarrer le pc pour voir quoi,et apparement google est de retour.. Grand merci en tout cas!
J'aurai une petite question: vous me conseillez de garder avira? ou mon NOD32 à jour?
Quand à firefox, je viens de redémarrer le pc pour voir quoi,et apparement google est de retour.. Grand merci en tout cas!
J'aurai une petite question: vous me conseillez de garder avira? ou mon NOD32 à jour?
Logfile of random's system information tool 1.06 (written by random/random)
Run by Chris at 2009-12-13 15:52:00
Microsoft Windows 7 Édition Intégrale
System drive C: has 53 GB (22%) free of 238 GB
Total RAM: 2047 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:15, on 13/12/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe
C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Utilitaires\Winamp\winamp.exe
C:\Program Files (x86)\Utilitaires\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Chris\Desktop\RSIT.exe
C:\Program Files (x86)\Utilitaires\HiJackThis\Chris.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.domainmarkt.de/findclick.de/direct
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.domainmarkt.de/findclick.de/direct
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.domainmarkt.de/findclick.de/direct
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Chris\AppData\Local\Temp\rsvp.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Chuck] C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe"
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Windows\dllhst3g.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\Utilitaires\ma-config.com\maconfservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Run by Chris at 2009-12-13 15:52:00
Microsoft Windows 7 Édition Intégrale
System drive C: has 53 GB (22%) free of 238 GB
Total RAM: 2047 MB (47% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:15, on 13/12/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe
C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Utilitaires\Winamp\winamp.exe
C:\Program Files (x86)\Utilitaires\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Chris\Desktop\RSIT.exe
C:\Program Files (x86)\Utilitaires\HiJackThis\Chris.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.domainmarkt.de/findclick.de/direct
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.domainmarkt.de/findclick.de/direct
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.domainmarkt.de/findclick.de/direct
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Chris\AppData\Local\Temp\rsvp.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Chuck] C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe"
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Windows\dllhst3g.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\Utilitaires\ma-config.com\maconfservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
bon,
il est là :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.findclick.de/?l=fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w.ww.findclick.de/?l=fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w.ww.findclick.de/?l=fr
(j'ai cassé volontairement les liens).
il est défini comme ton moteur de recherche par défaut !!!
maintenant, utilise ce que notre ami jorginho67, que je salue au passage, a préconisé pour changé cette page :
https://forums.commentcamarche.net/forum/affich-15552680-page-firefox-infectee-findclick-de#2
il est là :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.findclick.de/?l=fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://w.ww.findclick.de/?l=fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w.ww.findclick.de/?l=fr
(j'ai cassé volontairement les liens).
il est défini comme ton moteur de recherche par défaut !!!
maintenant, utilise ce que notre ami jorginho67, que je salue au passage, a préconisé pour changé cette page :
https://forums.commentcamarche.net/forum/affich-15552680-page-firefox-infectee-findclick-de#2
Voilà, c'est chose faite. page changée sur firefox, et sur internet explorer. Pour le moment ça semble fonctionner ;-)
ok, on passe à la suite et fin :-)
télécharges Ccleaner à partir de cette adresse
https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
/!\Utilisateur de Vista et Windows 7 : Clique droit sur le logo de Ccliner, « exécuter en tant qu’Administrateur »
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
pour aider si besion tutoriel: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ou plus ici: http://www.lescofofides.fr/forum/viewtopic.php?f=30&t=96
• pour supprimer les outils de désinfection :
Télécharge OTC de Old Timer.
http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/
Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
Clique sur le bouton "CleanUp!" .
Sélectionne Oui lorsque la demande " processus de nettoyage?" s'affiche.
Si tu es invité à redémarrer le PC au cours de l'assainissement, sélectionne Oui.
L'outil va se supprimer lui-même une fois la fin de l'opération.
Sinon, supprime les manuellement
supprime les points de restauration système pour purger les éventuelles infections :
https://www.commentcamarche.net/informatique/windows/147-restaurer-windows-avec-les-points-de-restauration/
fais un nouveau point de restauration système, ça peut servire ;-)
donne moi des nouvelles du pc pour voir si tout foçnctionne correctement :-)
télécharges Ccleaner à partir de cette adresse
https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
/!\Utilisateur de Vista et Windows 7 : Clique droit sur le logo de Ccliner, « exécuter en tant qu’Administrateur »
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
pour aider si besion tutoriel: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ou plus ici: http://www.lescofofides.fr/forum/viewtopic.php?f=30&t=96
• pour supprimer les outils de désinfection :
Télécharge OTC de Old Timer.
http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/
Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur.
Clique sur le bouton "CleanUp!" .
Sélectionne Oui lorsque la demande " processus de nettoyage?" s'affiche.
Si tu es invité à redémarrer le PC au cours de l'assainissement, sélectionne Oui.
L'outil va se supprimer lui-même une fois la fin de l'opération.
Sinon, supprime les manuellement
supprime les points de restauration système pour purger les éventuelles infections :
https://www.commentcamarche.net/informatique/windows/147-restaurer-windows-avec-les-points-de-restauration/
fais un nouveau point de restauration système, ça peut servire ;-)
donne moi des nouvelles du pc pour voir si tout foçnctionne correctement :-)
Voilà, j'ai fait strictement tout ce qui était demandé. Quand je redémarre le pc, findclick revient...
J'y comprends rien, c comme si les procédures que j'ai fait ne servaient à rien
J'y comprends rien, c comme si les procédures que j'ai fait ne servaient à rien
bonjour,
ok, on va voir ça :-)
• - Hijackthis - Outil de diagnostic et réparation
télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://www.tutoriaux-excalibur.com/hijackthis.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
ok, on va voir ça :-)
• - Hijackthis - Outil de diagnostic et réparation
télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://www.tutoriaux-excalibur.com/hijackthis.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:19:39, on 14/12/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe
C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Utilitaires\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Utilitaires\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.domainmarkt.de/findclick.de/direct
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.domainmarkt.de/findclick.de/direct
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.domainmarkt.de/findclick.de/direct
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Chris\AppData\Local\Temp\rsvp.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Chuck] C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe"
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Windows\dllhst3g.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\Utilitaires\ma-config.com\maconfservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Scan saved at 17:19:39, on 14/12/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe
C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Utilitaires\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Utilitaires\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.domainmarkt.de/findclick.de/direct
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.domainmarkt.de/findclick.de/direct
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.domainmarkt.de/findclick.de/direct
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Chris\AppData\Local\Temp\rsvp.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Chuck] C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe"
O4 - HKCU\..\Policies\Explorer\Run: [DllHst] C:\Windows\dllhst3g.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\Utilitaires\ma-config.com\maconfservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
1° Fermer toutes les fenêtres.
2° Lancer HijackThis et choisir Open the misc tools section, puis choisir l'option Main, s'assurer que "Make backups before fixing items" est activé.
3° selectionne seulement les lignes ci dessous (en les cochant sur la case de gauche de chaque ligne à fixer) :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.domainmarkt.de/findclick.de/direct
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.domainmarkt.de/findclick.de/direct
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.domainmarkt.de/findclick.de/direct
4° Au menu principal, choisir do a scan only, puis cocher la case devant les lignes à corriger et cliquer en bas sur Fix Checked.
5° A la fin du Scan, cliquer sur Save log,
le rapport sera généré dans le dossier initialement créé pour installer HijackThis
redemarre ton pc et donne moi des nouvelles ;-)
2° Lancer HijackThis et choisir Open the misc tools section, puis choisir l'option Main, s'assurer que "Make backups before fixing items" est activé.
3° selectionne seulement les lignes ci dessous (en les cochant sur la case de gauche de chaque ligne à fixer) :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.domainmarkt.de/findclick.de/direct
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.domainmarkt.de/findclick.de/direct
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.domainmarkt.de/findclick.de/direct
4° Au menu principal, choisir do a scan only, puis cocher la case devant les lignes à corriger et cliquer en bas sur Fix Checked.
5° A la fin du Scan, cliquer sur Save log,
le rapport sera généré dans le dossier initialement créé pour installer HijackThis
redemarre ton pc et donne moi des nouvelles ;-)
Toujours pareil, au redémarrage ça revient...
Voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:31, on 14/12/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe
C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Utilitaires\HiJackThis\HiJackThis.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\Utilitaires\ma-config.com\maconfservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
Voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:31, on 14/12/2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe
C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Utilitaires\HiJackThis\HiJackThis.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SASWINLO.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files (x86)\Utilitaires\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\Utilitaires\ma-config.com\maconfservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
on va tenter ceci, à voir si ça fonctionne !!!
• /!\ Utilisateur de Vista et windows 7 : Ne pas oublier de désactiver l’UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
Télécharge Smitfraudfix : (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
/!\Utilisateur de Vista et windows 7 : Clique droit sur le logo de smithfarudfix, « exécuter en tant qu’Administrateur »
Exécute le, Double click sur Smitfraudfix.exe choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
Tuto:http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm
Note :
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus
• /!\ Utilisateur de Vista et windows 7 : Ne pas oublier de désactiver l’UAC juste le temps de désinfection de ton pc, il sera à réactiver plus tard :
Tuto : https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac
Télécharge Smitfraudfix : (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
/!\Utilisateur de Vista et windows 7 : Clique droit sur le logo de smithfarudfix, « exécuter en tant qu’Administrateur »
Exécute le, Double click sur Smitfraudfix.exe choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
Tuto:http://pagesperso-orange.fr/rginformatique/section%20virus/smitfraudfix.htm
Note :
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus
SmitFraudFix v2.424
Rapport fait à 18:21:44,84, lun. 14/12/2009
Executé à partir de C:\Users\Chris\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.1.7600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files (x86)\Utilitaires\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files (x86)\Utilitaires\ESET Smart Security\egui.exe
C:\Windows\system32\svchost.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chris\Desktop\SmitfraudFix\Policies.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chris
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chris\AppData\Local\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chris\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chris\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files (x86)
voilà le log...
Rapport fait à 18:21:44,84, lun. 14/12/2009
Executé à partir de C:\Users\Chris\Desktop\SmitfraudFix
OS: Microsoft Windows [version 6.1.7600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files (x86)\Utilitaires\ESET Smart Security\x86\ekrn.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files (x86)\Utilitaires\ESET Smart Security\egui.exe
C:\Windows\system32\svchost.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Utilitaires\SuperAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Utilitaires\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Utilitaires\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Chris\AppData\Roaming\SHL Setup\fchuck.exe
C:\Program Files (x86)\Utilitaires\µTorrent\uTorrent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Utilitaires\Winamp\winampa.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Chris\Desktop\SmitfraudFix\Policies.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chris
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chris\AppData\Local\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chris\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Chris\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files (x86)
voilà le log...
