Bonjour, j'ai contracté le virus face book voici le rapport de msn fix MSNFix 1.639-1 C:\Documents and Settings\therese\Bureau\msnfix\MSNFix Fix exécuté le 21/01/2008 - 23:12:04,51 By therese mode normal ************************ Recherche les fichiers présents ... C:\WINDOWS\system32\microsoft\backup.ftp ... C:\WINDOWS\system32\microsoft\backup.tftp ************************ Recherche les dossiers présents ... C:\Program Files\Temporary\ ************************ Suppression des fichiers .. OK ... C:\WINDOWS\system32\microsoft\backup.ftp .. OK ... C:\WINDOWS\system32\microsoft\backup.tftp ************************ Suppression des dossiers /!\ ... C:\Program Files\Temporary\ ************************ Nettoyage du registre ************************ Fichiers suspects /!\ ces fichiers nécessitent un avis expérimenté avant toute intervention [C:\m9w3l6u1g.exe] 50F31A79EF37407200276FEABAC02F0E Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21012008_23133878.zip ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: http://chan

Virusfacebook

Réponse 21 / 88

tesa
23 janv. 2008 à 19:22

je t'envoie le hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:49, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Defenza\pcd-as.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
C:\DOCUME~1\therese\APPLIC~1\ASKS~1\logonui.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {144CFC1B-6CD2-192C-ADCF-14A393F9AACE} - C:\WINDOWS\system32\cml.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PowSet] Wscript.exe //e:VBS C:\Drivers\Setpow.nec
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copie 1)" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\therese\APPLIC~1\ASKS~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 81.253.149.9 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 81.253.149.9 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Réponse 22 / 88

Saiyen75 Messages postés 2696 Date d'inscription jeudi 8 mars 2007 Statut Membre Dernière intervention 23 novembre 2014 184
23 janv. 2008 à 19:46

Fixe les lignes dans Hijackthis :

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\therese\APPLIC~1\ASKS~1\logonui.exe" -vt yazb

_____________________________________________________

J'attend les autres post.

++

Réponse 23 / 88

tesa
23 janv. 2008 à 20:32

je n'ai rien dans le rapport avg. C'est blanc
donc je ne peux rien envoyer

Réponse 24 / 88

Saiyen75 Messages postés 2696 Date d'inscription jeudi 8 mars 2007 Statut Membre Dernière intervention 23 novembre 2014 184
23 janv. 2008 à 20:49

Ok,
Fixe les ligne post <22> (si ce n'est pas fait)

Puis j'attend le rapport de OTMoveIt avant de te donner la suite.

Réponse 25 / 88

tesa
23 janv. 2008 à 21:06

excuse moi . Tu n'as pas de chance , je suis vraiment une nulité en informatique.
J'ai fixé les lignes du post 22. Ca c'est fait. Par contre pour otmoveit, j'ai le même problème je n'ai que l'heure. Aucun rapport.
Je suis vraiment désolée de ne pas être + performante.

Réponse 26 / 88

Saiyen75 Messages postés 2696 Date d'inscription jeudi 8 mars 2007 Statut Membre Dernière intervention 23 novembre 2014 184
23 janv. 2008 à 21:22

C'est pas grave, y'a pas de mal, vérifie quand meme si le rapport se trouve dans :
C:\_OTMoveIt\MovedFiles\(date du jour)
Si il n'y a pas de rapport dans ce dossier,

Il va falloir que tu la refasse, pour etre sur que ce fichier a bien était supprimé.

Refait la manipulation OTMoveIt :

= Copier le texte en gras:

C:\Program Files\Temporary\kerninst.exe

= Double-clic sur OTMoveIt.exe
= Dans le cadre de Gauche ==> clic-droit ==> coller
= Clic MoveIt!
= si redémarrage demandé==> Clic : YES
= Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller sur le forum.
-------

Une fois redémarré, repost un log hijackthis.

Réponse 27 / 88

tesa
23 janv. 2008 à 21:38

je t'envoie le rapport otmoveit

File/Folder C:\Program Files\Temporary\kerninst.exe not found.

Created on 01/23/2008 21:34:34

Réponse 28 / 88

tesa
23 janv. 2008 à 22:00

et voici le rapport du hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:55, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Defenza\pcd-as.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {144CFC1B-6CD2-192C-ADCF-14A393F9AACE} - C:\WINDOWS\system32\cml.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PowSet] Wscript.exe //e:VBS C:\Drivers\Setpow.nec
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copie 1)" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Réponse 29 / 88

Saiyen75 Messages postés 2696 Date d'inscription jeudi 8 mars 2007 Statut Membre Dernière intervention 23 novembre 2014 184
23 janv. 2008 à 22:00

Y a t'il toujours quelques chose dans C:\Program Files\Temporary\ ?

Tu n'as toujours pas d'antivirus, d'abord fait ce qui suit puis ensuite installe l'antivirus que je te conseil :

SDFix :

Télécharger sur le bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

= Double-clic SDFix.
= Clic Install

= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes).
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.

Pour démarrer en mode sans échec :

1/ -Démarrez Windows, ou s’il s’exécute, fermez Windows puis éteignez l'ordinateur.
2/ -Redémarrez l’ordinateur.
3/ -Au début du chargement du BIOS (mais pas trop tôt), commencez à appuyer sur la touche F8 de votre clavier plusieurs fois de suite. Procédez ainsi jusqu'à ce que le menu des options avancées de Windows apparaissent.
4/ -En utilisant les flèches de votre clavier, sélectionnez "Mode sans échec" dans le menu puis appuyez sur Entrée.

Une fois sous windows :

------
= Double-clic SDFix.
= Clic Install
= Double-clic sur le nouveau dossier SDFix qui est dans C:\
= Double-clic RunThis
= Presser Y
= A l’invitation ==> appuyer sur une touche pour redémarrer
= Redémarrage ( qui sera plus long ,car nettoyage en cours )
Continuer si un message d’erreurs apparaît ,dans ce cas aller directement au rapport dans SDfix
= apparition de Finished
= Appuyer sur une touche
= Dans SDFix , un rapport est généré, Report.txt
= Copier/Coller sur le forum.

_____________________________________________________

Pour installer Antivir :

Ouvre ce lien: http://www.commentcamarche.net/telecharger/telecharger 55 antivir , télécharge Antivir et installe le.

Lance Antivir, fais les mises à jours, puis lance un scan (si des virus sont découverts, mets les en quarantaine. Si tu ne peux pas alors supprime les).
A la fin du scan clique sur 'report', enregistre ce rapport sur le bureau (fichier => enregistrer sous), puis fait un copier/coller de ce rapport dans ton prochain message.

----> Relance ton PC

_____________________________________________________

Réponse 30 / 88

tesa
23 janv. 2008 à 22:04

je trouve bizarre qu'il n'y ai pas d'antivirus car j'ai un anti virus avec mon abonnement wanadoo. C'est prélevé tous les mois avec mon abonnement. Dois je installer quand même ton antivirus?

Réponse 31 / 88

Saiyen75 Messages postés 2696 Date d'inscription jeudi 8 mars 2007 Statut Membre Dernière intervention 23 novembre 2014 184
23 janv. 2008 à 22:22

Attend....

Réponse 32 / 88

Saiyen75 Messages postés 2696 Date d'inscription jeudi 8 mars 2007 Statut Membre Dernière intervention 23 novembre 2014 184
23 janv. 2008 à 22:33

Sinon ? Y a t'il toujours quelques chose dans C:\Program Files\Temporary\ ?

J'ai oublier de te faire fixer quelque chose :

Fixe les lignes dans Hijackthis :

Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe

_____________________________________________________

Pour l'antivirus, il y'a un antispyware, un anti pop-up, mais je ne vois pas d'antivirus.
Donc installe Antivir,
Pour le Sdfix, tu en es où ?

tiens moi au courrant.

Réponse 33 / 88

tesa
23 janv. 2008 à 22:47

Pour C:\program File\Temporary c'est maintenant vide

là je vais fixer la ligne dans hijackthis.

Pour le reste je vais attendre d'être plus tranquille ( je tiens un bar qui est encore ouvert).

Si tu n'es plus en ligne on verra demain matin.

merci

Réponse 34 / 88

Saiyen75 Messages postés 2696 Date d'inscription jeudi 8 mars 2007 Statut Membre Dernière intervention 23 novembre 2014 184
23 janv. 2008 à 22:54

Ok ça marche,
Je vais pas trop tarder je pense :)

Pour faire un petit résumé :

- Fix la ligne HjT
- Post le rapport SDFix
- Ensuite, Installe Antivir (puis fait le scan comme indiqué)
- Repost un hijackthis
_______________________

Je lirai tous ça demin matin
On est presque au bout ;)

Bonne nuit ++

Réponse 35 / 88

tesa
24 janv. 2008 à 14:13

bonjour ,
ca y est j'ai enfin eu le temps de faire le sdfix. Je t'envoie le rapport

SDFix: Version 1.131

Run by therese on 24/01/2008 at 13:38

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\therese\Bureau\SDFix\SDFix

Safe Mode:
Checking Services:

C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

Checking files:

Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe

Files copied to SDFix\Backups

Restoring files if backups are found

Final Check:

Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\DOCUME~1\THERESE\APPLIC~1\MICROS~1\WINDOWS\RAYIOU.EXE - Deleted
C:\Documents and Settings\therese\Application Data\WinTouch\wintouch.cfg - Deleted
C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe - Deleted
C:\Documents and Settings\therese\Application Data\WinTouch\WTUninstaller.exe - Deleted
C:\Program Files\Router\UnInstall.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\Program Files\.autoreg - Deleted
C:\Program Files\Fichiers communs\Carlson\carlton - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted

Folder C:\Documents and Settings\therese\Application Data\WinTouch - Removed
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Router - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\Fichiers communs\Carlson - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\explorer.exe
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 13:49:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7F3915FC73B65D117B2D00AA002A401F\Usage]
"feat.SystemPerm"=dword:38383f95

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Enabled:NAVBrowser"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"="C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe:*:Enabled:Livecom Player"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Orange Link\\Application\\Exe\\Orange Link.exe"="C:\\Program Files\\Orange Link\\Application\\Exe\\Orange Link.exe:*:Enabled:Orange Link"
"C:\\Program Files\\Orange Link\\Application\\eConfv4\\olinkp.exe"="C:\\Program Files\\Orange Link\\Application\\eConfv4\\olinkp.exe:*:Enabled:Orange Link Player"
"C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE:*:Enabled:Orange Link"
"C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\therese\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\therese\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE:*:Enabled:Orange Link"
"C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\therese\Bureau\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 12 Oct 2004 198 A.SHR --- "C:\BOOT.BAK"
Thu 18 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 15 Jan 2008 230,400 ..SHR --- "C:\WINDOWS\A?pPatch\j?vaw.exe"
Sun 20 Jan 2008 31,232 A.SHR --- "C:\_OTMoveIt\MovedFiles\WINDOWS\htssv32.exe"
Sun 7 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 20 Jan 2008 68,608 ..SHR --- "C:\Documents and Settings\therese\Application Data\?asks\logonui.exe"
Tue 20 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT4.tmp"

Finished!

Réponse 36 / 88

Saiyen75 Messages postés 2696 Date d'inscription jeudi 8 mars 2007 Statut Membre Dernière intervention 23 novembre 2014 184
24 janv. 2008 à 14:23

Salut,

Repost un log hijackthis please.

Réponse 37 / 88

tesa
24 janv. 2008 à 16:31

Slt,
je viens d'installer antivir et je t'envoie les rapports. J'ai mis un virus en quarantaine .
Là je m'occupe du hijackthis et te l'envoie.
Merci

Avira AntiVir PersonalEdition Classic
*************************************

Copyright © 2007 Avira GmbH.
All rights reserved.

Inhalt
******

0 Important information
1 System requirements
2 Important requirements for an installation
3 Incompatibilities with other programs
4 Support service
5 Contact address

0 Important information
***********************

Users who have up to now installed an ANSI version of the Avira
AntiVir PersonalEdition Classic software pack on a Microsoft Windows
NT, Microsoft Windows 2000 or Microsoft Windows XP operating system,
receive update information when attempting to update.

When updating, please proceed as follows:

1. Deinstall the installed version of the Avira AntiVir
PersonalEdition Classic.
2. Download a current software pack from the downoad section of the
Avira AntiVir PersonalEdition Classic website
https://www.avira.com/
3. Install this software pack on your computer.

1 System requirements
*********************

In order for Avira AntiVir PersonalEdition Classic to run properly,
the computer system must fulfill the following requirements:

- Computer: Pentium or higher, at least 133 MHz

- Operating system
- Microsoft Windows Vista or
- Microsoft Windows XP Home or Professional, or
- Microsoft Windows 2000, SP 4 recommended

Avira AntiVir PersonalEdition Classic also supports Microsoft Windows
XP x64 Edition.

The display of the program interfaces can differ, depending on the
operating system used.

- 30 MB free memory on the hard disk (more if quarantine is used)

- Min. 100 MB temporary memory on the hard disk

- Min. 25 MB of free main memory

- For all installations: Internet Explorer 5.0 or higher

- For the installation of Avira AntiVir PersonalEdition Classic:
administrator rights

Note
----

- If there is no Internet Explorer 5.0 or higher available on your
system, you can download it under the following address:

https://support.microsoft.com/en-us/office/internet-explorer-help-23360e49-9cd3-4dda-ba52-705336cc0de2?ui=en-US&rs=en-001&ad=US

2 Important requirements for an installation
********************************************

Ensure that the following requirements are fulfilled so that Avira
AntiVir PersonalEdition Classic works properly on your computer:

- System requirements fulfilled
- No other on-access scanner (also called Guard) installed
- Installer has administrator rights
- Internet/Intranet connection available
- All running programs on the computer exited

3 Incompatibilities with other programs
***************************************

Cygwin

If the Avira AntiVir PersonalEdition Classic runs on a system where
the product Cygwin is installed, you might encounter problems with
updating the Avira AntiVir PersonalEdition Classic. In a worst case
scenario you might not be able to update the Avira AntiVir
PersonalEdition Classic at all. Background to this behavior is the
fact that the cygwin process "cygrun.srv.exe" together with the
Microsoft Client/Server runtime server subsystem ("csrss.exe) causes
a complete load of the system once the update process of the Avira
AntiVir PersonalEdition Classic is started. It is therefore strongly
recommended to deinstall Cygwin before the Avira AntiVir
PersonalEdition Classic is installed.

4 Support service
*****************

If you have problems please try first to solve them using the
integrated help system and the user manual (Download at:
http://www.free-av.com). For harder problem, please feel free to
post a message to our bulletin board at https://support.avira.com/hc/de/community/topics or
to call our Support-Hotline.

Please also feel free to post bug reports, hints, feature requests
and anything else related to the Avira AntiVir PersonalEdition
Classic to this Bulletin Board.

Please note that technical inquiries can only be anserwered via our
Support-Forum or our Support-Hotline.

Support-Forum
-------------

...our forum is available for you at any time!

The forum, which is subdivided into clear categories offers you the
possibility to exchange yourself online with other users and our
employees of the customer support. An up-to-date, electronic
bulletin board that is coordinated by our moderators is available.
Our experience multiplies with the experience from the users of
AntiVir all over the world. Have a look on it without any
obligation...

https://support.avira.com/hc/de/community/topics

Support-Hotline
---------------

Germany: 0900 10 11 333 (1,99 Euro/Min*)
Austria: 0900 51 03 61 121 (2,16 Euro/Min*)
Switzerland: 0900 51 03 61 (4,23 CHF/Min*)

* Prices are subject to change.

Mo - Fr between 10 a.m. and 7 p.m.

5 Contact
*********

Avira GmbH
Lindauer Str. 21
D-88069 Tettnang
Germany

Internet: https://www.avira.com/

24.01.2008 15:59:22 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 15:59:22 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
24.01.2008 15:59:22 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\
24.01.2008 15:59:23 - Start the Update GUI... Displaymode: 0

24.01.2008 15:59:22 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 15:59:22 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
24.01.2008 15:59:22 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\
24.01.2008 15:59:23 - Start the Update GUI... Displaymode: 0

24.01.2008 15:59:38 - Keyfile: OK [FULL Mode]

24.01.2008 15:59:38 - Avira AntiVir PersonalEdition Classic

24.01.2008 16:00:03 - Master IDX file has changed
24.01.2008 16:00:13 - Keyfile: OK [FULL Mode]

24.01.2008 16:00:13 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/classic-nt-en.info.gz
24.01.2008 16:00:14 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/avadmin.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/wsctool.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:15 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/vdf.info.gz
24.01.2008 16:00:18 - Keyfile: OK [FULL Mode]

24.01.2008 16:00:18 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/specvir-nt.info.gz
24.01.2008 16:00:19 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/engine.info.gz
24.01.2008 16:00:19 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/engine-nt-en.info.gz
24.01.2008 16:00:21 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
24.01.2008 16:00:22 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll 1.2.10.20 < 1.2.10.21
24.01.2008 16:00:24 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 75
24.01.2008 16:00:27 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe 7.2.0.12 < 7.2.0.14
24.01.2008 16:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 7.2.0.13 < 7.2.0.16
24.01.2008 16:00:31 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 7.0.0.81 < 7.0.0.82
24.01.2008 16:00:34 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\ccguard.dll 7.0.1.34 < 7.0.1.35
24.01.2008 16:00:38 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\preupd.exe 7.0.0.34 < 7.0.0.36
24.01.2008 16:00:40 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\ Files: 1
24.01.2008 16:00:40 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
24.01.2008 16:00:41 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf 7.0.0.0 < 7.0.1.95
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf 7.0.0.1 < 7.0.2.0
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.0.2 < 7.0.2.42
24.01.2008 16:00:41 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
24.01.2008 16:00:41 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avewin32.dll 7.6.0.15 < 7.6.0.48
24.01.2008 16:00:41 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avpack32.dll 7.3.0.15 < 7.6.0.3
24.01.2008 16:00:41 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4
24.01.2008 16:00:41 - C:\WINDOWS\SYSTEM32\drivers\avipbb.sys 1.0.2.11 < 1.0.2.13
24.01.2008 16:00:42 - Minifilter is installed

24.01.2008 16:00:42 - Minifilter is possible

24.01.2008 16:00:42 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType

24.01.2008 16:00:42 - Initialize avnotify.exe

24.01.2008 16:00:43 - Starting avnotify.exe successful

24.01.2008 16:00:43 - Preparing to download files
24.01.2008 16:00:43 - 13 files need to be downloaded / copied from http://dl4.avgate.net/upd/
24.01.2008 16:00:43 - #1: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/updlib.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/updlib.dll
24.01.2008 16:00:45 - #2: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avcenter.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/avcenter.exe
24.01.2008 16:00:55 - #3: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avgnt.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/avgnt.exe
24.01.2008 16:00:58 - #4: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avguard.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/avguard.exe
24.01.2008 16:01:01 - #5: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/ccguard.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/ccguard.dll
24.01.2008 16:01:07 - #6: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/preupd.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/preupd.exe
24.01.2008 16:01:09 - #7: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/addr_file.html.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/addr_file.html
24.01.2008 16:01:09 - #8: Downloading and extracting http://dl4.avgate.net/upd/vdf/antivir1.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir1.vdf
24.01.2008 16:01:50 - #9: Downloading and extracting http://dl4.avgate.net/upd/vdf/antivir2.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir2.vdf
24.01.2008 16:02:05 - #10: Downloading and extracting http://dl4.avgate.net/upd/vdf/antivir3.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir3.vdf
24.01.2008 16:02:11 - #11: Downloading and extracting http://dl4.avgate.net/upd/engine/avewin32.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\avewin32.dll
24.01.2008 16:02:30 - #12: Downloading and extracting http://dl4.avgate.net/upd/engine/nt/avpack32.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\nt\avpack32.dll
24.01.2008 16:02:34 - #13: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avipbb.sys.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/avipbb.sys
24.01.2008 16:02:47 - Service AVEService is not installed

24.01.2008 16:02:47 - Service AntiVirMailService is not installed

24.01.2008 16:02:47 - Initialize fwinst.exe

24.01.2008 16:02:47 - Initialize fwinst.exe

24.01.2008 16:02:47 - Service AntiVirFirewallService is not installed

24.01.2008 16:02:47 - Service antivirwebservice is not installed

24.01.2008 16:02:47 - Status of service AntiVirService is running

24.01.2008 16:02:47 - Initialize avgnt.exe

24.01.2008 16:02:47 - Status of service AntiVirScheduler is running

24.01.2008 16:02:47 - Minifilter is installed

24.01.2008 16:02:47 - Minifilter is possible

24.01.2008 16:02:47 - Initialize avscan.exe

24.01.2008 16:02:47 - Initialize avconfig.cpl

24.01.2008 16:02:47 - Initialize avcenter.exe

24.01.2008 16:02:47 - shell extension is installed

24.01.2008 16:02:47 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

24.01.2008 16:02:47 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

24.01.2008 16:02:47 - Service AVEService is not installed

24.01.2008 16:02:47 - Service AntiVirMailService is not installed

24.01.2008 16:02:47 - Initialize fwinst.exe

24.01.2008 16:02:47 - Initialize fwinst.exe

24.01.2008 16:02:47 - Service AntiVirFirewallService is not installed

24.01.2008 16:02:47 - shell extension is installed

24.01.2008 16:02:47 - Initialize regsvr32.exe

24.01.2008 16:02:51 - shell extension removed successfully

24.01.2008 16:02:51 - avgnt.exe closed.

24.01.2008 16:02:51 - Status of service AntiVirScheduler is running

24.01.2008 16:03:00 - Service AntiVirScheduler successfully stopped

24.01.2008 16:03:00 - Status of service AntiVirService is running

24.01.2008 16:03:14 - Service AntiVirService successfully stopped

24.01.2008 16:03:14 - Starting to install
24.01.2008 16:03:15 - Processing module SELFUPDATE Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:23 - Current Direcory:C:\Program Files\Avira\AntiVir PersonalEdition Classic, About to execute C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\SelfUpdateTemp\update.exe --log-template="${DAY}.${MONTH}.${YEAR} ${HOUR}:${MINUTE}:${SECOND} - ${MSG}".Self Update helper
24.01.2008 16:03:28 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:28 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
24.01.2008 16:03:28 - Temp Directory: C:\WINDOWS\TEMP\Update_Temp\
24.01.2008 16:03:28 - Avira AntiVir PersonalEdition Classic

24.01.2008 16:03:28 - Self update: Copying file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/updlib.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
24.01.2008 16:03:28 - Executing original update application
24.01.2008 16:03:28 - Current Direcory:C:\Program Files\Avira\AntiVir PersonalEdition Classic, About to execute C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe --config-file="C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\update.conf" --install-path="C:\Program Files\Avira\AntiVir PersonalEdition Classic" --log-template="${DAY}.${MONTH}.${YEAR} ${HOUR}:${MINUTE}:${SECOND} - ${MSG}" --NoSelfUpdate "--TmpDir=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5" "--LogFile=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES\Upd-2008-01-24-15-59-17.log" "--TmpFilesList=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\ToRemove.txt".Executing original update application
24.01.2008 16:03:30 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:30 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
24.01.2008 16:03:30 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\
24.01.2008 16:03:31 - Start the Update GUI... Displaymode: 0

24.01.2008 16:03:31 - Avira AntiVir PersonalEdition Classic

24.01.2008 16:03:31 - Master IDX file has changed
24.01.2008 16:03:31 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/avadmin.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/wsctool.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/vdf.info.gz
24.01.2008 16:03:32 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/specvir-nt.info.gz
24.01.2008 16:03:32 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine.info.gz
24.01.2008 16:03:32 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine-nt-en.info.gz
24.01.2008 16:03:32 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
24.01.2008 16:03:32 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 75
24.01.2008 16:03:34 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\ Files: 1
24.01.2008 16:03:34 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
24.01.2008 16:03:34 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
24.01.2008 16:03:34 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
24.01.2008 16:03:34 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
24.01.2008 16:03:34 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
24.01.2008 16:03:34 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4
24.01.2008 16:03:35 - Minifilter is installed

24.01.2008 16:03:35 - Minifilter is possible

24.01.2008 16:03:35 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType

24.01.2008 16:03:35 - Preparing to download files
24.01.2008 16:03:35 - 12 files need to be downloaded / copied from http://dl1.avgate.net/upd/
24.01.2008 16:03:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\avcenter.exe.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\avgnt.exe.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\avguard.exe.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:36 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\ccguard.dll.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:36 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\preupd.exe.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:36 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\addr_file.html.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:36 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir1.vdf.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:37 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir2.vdf.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:37 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir3.vdf.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:37 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\avewin32.dll.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:38 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\nt\avpack32.dll.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:38 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\avipbb.sys.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:38 - Starting to install
24.01.2008 16:03:38 - Processing module MAIN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:38 - File C:\Documents and Settings\All Users\Application Data\addr_file.html will not be backed up because it doesn't exist
24.01.2008 16:03:38 - Processing module COMMAPPDATA Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\
24.01.2008 16:03:38 - Processing module VDF Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:39 - Processing module ENGINE Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:40 - Processing module ENGINE_NT_EN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:40 - Processing module DRV Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\
24.01.2008 16:03:40 - A total of 12 files were updated
24.01.2008 16:03:40 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress

24.01.2008 16:03:40 - Service AVEService is not installed

24.01.2008 16:03:40 - Service AntiVirMailService is not installed

24.01.2008 16:03:40 - Initialize fwinst.exe

24.01.2008 16:03:40 - Initialize fwinst.exe

24.01.2008 16:03:40 - Service AntiVirFirewallService is not installed

24.01.2008 16:03:40 - Service antivirwebservice is not installed

24.01.2008 16:03:40 - Status of service AntiVirService is stopped

24.01.2008 16:03:40 - Initialize avgnt.exe

24.01.2008 16:03:40 - Status of service AntiVirScheduler is stopped

24.01.2008 16:03:40 - Minifilter is installed

24.01.2008 16:03:40 - Minifilter is possible

24.01.2008 16:03:40 - Initialize avscan.exe

24.01.2008 16:03:40 - Initialize avconfig.cpl

24.01.2008 16:03:40 - Initialize avcenter.exe

24.01.2008 16:03:40 - shell extension is installed

24.01.2008 16:03:40 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

24.01.2008 16:03:40 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

24.01.2008 16:03:53 - Service AntiVirService successfully started

24.01.2008 16:03:55 - Starting avgnt.exe successful

24.01.2008 16:03:58 - Service AntiVirScheduler successfully started

24.01.2008 16:03:58 - shell extension is installed

24.01.2008 16:03:58 - Initialize regsvr32.exe

24.01.2008 16:04:05 - installation of shell extension successful

24.01.2008 16:04:05 - Cannot start the service antivirwebservice

24.01.2008 16:04:05 - Dialup: 0

24.01.2008 16:04:05 - Downloaded bytes: 6777409

24.01.2008 16:04:05 - Downloaded file(s): 13

24.01.2008 16:04:05 - Downloaded file(s): updlib.dll; avcenter.exe; avgnt.exe; avguard.exe; ccguard.dll; preupd.exe; addr_file.html; antivir1.vdf; antivir2.vdf; antivir3.vdf; avewin32.dll; avpack32.dll; avipbb.sys

24.01.2008 16:04:05 - Engine version local : 7.6.0.15

24.01.2008 16:04:05 - Engine version internet: 7.6.0.48

24.01.2008 16:04:05 - 0. VDF version local : 6.40.0.0

24.01.2008 16:04:05 - 0. VDF version internet: 6.40.0.0

24.01.2008 16:04:05 - 1. VDF version local : 7.0.0.0

24.01.2008 16:04:05 - 1. VDF version internet: 7.0.1.95

24.01.2008 16:04:05 - 2. VDF version local : 7.0.0.1

24.01.2008 16:04:05 - 2. VDF version internet: 7.0.2.0

24.01.2008 16:04:05 - 3. VDF version local : 7.0.0.2

24.01.2008 16:04:05 - 3. VDF version internet: 7.0.2.42

24.01.2008 16:04:05 - Required time: 00:34

24.01.2008 16:04:05 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate

24.01.2008 16:04:06 - Update finished successfully

Réponse 38 / 88

tesa
24 janv. 2008 à 16:33

je relis ce que j'ai envoyé et le début n'était pas à t'envoter désolée je suis vraiment quiche lol

Réponse 39 / 88

tesa
24 janv. 2008 à 16:38

en voulant aller sur poste de travail pour ouvrir les fichiers C:\ pour faire le hijacktis
une fenêtre s'est ouverte avec un sigal d'alerte
c'est un trojan horse TR/Dial.43341
j'ai 4 solutions
repair
move to quarantaine
delate
rename
access deny
ignore

je fais quoi?

Réponse 40 / 88

tesa
24 janv. 2008 à 18:18

En fait je l'ai mis en quarantaine et je t'envoie le rapport du dernier hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:02, on 24/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Defenza\pcd-as.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {144CFC1B-6CD2-192C-ADCF-14A393F9AACE} - C:\WINDOWS\system32\cml.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PowSet] Wscript.exe //e:VBS C:\Drivers\Setpow.nec
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copie 1)" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

Virusfacebook

88 réponses

Newsletters