Virusfacebook
Fermé
tesa
-
21 janv. 2008 à 23:24
Saiyen75 Messages postés 2696 Date d'inscription jeudi 8 mars 2007 Statut Membre Dernière intervention 23 novembre 2014 - 28 janv. 2008 à 20:33
Saiyen75 Messages postés 2696 Date d'inscription jeudi 8 mars 2007 Statut Membre Dernière intervention 23 novembre 2014 - 28 janv. 2008 à 20:33
88 réponses
je t'envoie le hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:49, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Defenza\pcd-as.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
C:\DOCUME~1\therese\APPLIC~1\ASKS~1\logonui.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {144CFC1B-6CD2-192C-ADCF-14A393F9AACE} - C:\WINDOWS\system32\cml.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PowSet] Wscript.exe //e:VBS C:\Drivers\Setpow.nec
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copie 1)" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\therese\APPLIC~1\ASKS~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 81.253.149.9 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 81.253.149.9 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:49, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Defenza\pcd-as.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
C:\DOCUME~1\therese\APPLIC~1\ASKS~1\logonui.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {144CFC1B-6CD2-192C-ADCF-14A393F9AACE} - C:\WINDOWS\system32\cml.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PowSet] Wscript.exe //e:VBS C:\Drivers\Setpow.nec
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copie 1)" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\therese\APPLIC~1\ASKS~1\logonui.exe" -vt yazb
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 81.253.149.9 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 81.253.149.9 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Saiyen75
Messages postés
2696
Date d'inscription
jeudi 8 mars 2007
Statut
Membre
Dernière intervention
23 novembre 2014
184
23 janv. 2008 à 19:46
23 janv. 2008 à 19:46
Fixe les lignes dans Hijackthis :
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\therese\APPLIC~1\ASKS~1\logonui.exe" -vt yazb
_____________________________________________________
J'attend les autres post.
++
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sra] "C:\DOCUME~1\therese\APPLIC~1\ASKS~1\logonui.exe" -vt yazb
_____________________________________________________
J'attend les autres post.
++
Saiyen75
Messages postés
2696
Date d'inscription
jeudi 8 mars 2007
Statut
Membre
Dernière intervention
23 novembre 2014
184
23 janv. 2008 à 20:49
23 janv. 2008 à 20:49
Ok,
Fixe les ligne post <22> (si ce n'est pas fait)
Puis j'attend le rapport de OTMoveIt avant de te donner la suite.
Fixe les ligne post <22> (si ce n'est pas fait)
Puis j'attend le rapport de OTMoveIt avant de te donner la suite.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
excuse moi . Tu n'as pas de chance , je suis vraiment une nulité en informatique.
J'ai fixé les lignes du post 22. Ca c'est fait. Par contre pour otmoveit, j'ai le même problème je n'ai que l'heure. Aucun rapport.
Je suis vraiment désolée de ne pas être + performante.
J'ai fixé les lignes du post 22. Ca c'est fait. Par contre pour otmoveit, j'ai le même problème je n'ai que l'heure. Aucun rapport.
Je suis vraiment désolée de ne pas être + performante.
Saiyen75
Messages postés
2696
Date d'inscription
jeudi 8 mars 2007
Statut
Membre
Dernière intervention
23 novembre 2014
184
23 janv. 2008 à 21:22
23 janv. 2008 à 21:22
C'est pas grave, y'a pas de mal, vérifie quand meme si le rapport se trouve dans :
C:\_OTMoveIt\MovedFiles\(date du jour)
Si il n'y a pas de rapport dans ce dossier,
Il va falloir que tu la refasse, pour etre sur que ce fichier a bien était supprimé.
Refait la manipulation OTMoveIt :
= Copier le texte en gras:
C:\Program Files\Temporary\kerninst.exe
= Double-clic sur OTMoveIt.exe
= Dans le cadre de Gauche ==> clic-droit ==> coller
= Clic MoveIt!
= si redémarrage demandé==> Clic : YES
= Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller sur le forum.
-------
Une fois redémarré, repost un log hijackthis.
C:\_OTMoveIt\MovedFiles\(date du jour)
Si il n'y a pas de rapport dans ce dossier,
Il va falloir que tu la refasse, pour etre sur que ce fichier a bien était supprimé.
Refait la manipulation OTMoveIt :
= Copier le texte en gras:
C:\Program Files\Temporary\kerninst.exe
= Double-clic sur OTMoveIt.exe
= Dans le cadre de Gauche ==> clic-droit ==> coller
= Clic MoveIt!
= si redémarrage demandé==> Clic : YES
= Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller sur le forum.
-------
Une fois redémarré, repost un log hijackthis.
je t'envoie le rapport otmoveit
File/Folder C:\Program Files\Temporary\kerninst.exe not found.
Created on 01/23/2008 21:34:34
File/Folder C:\Program Files\Temporary\kerninst.exe not found.
Created on 01/23/2008 21:34:34
et voici le rapport du hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:55, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Defenza\pcd-as.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {144CFC1B-6CD2-192C-ADCF-14A393F9AACE} - C:\WINDOWS\system32\cml.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PowSet] Wscript.exe //e:VBS C:\Drivers\Setpow.nec
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copie 1)" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:55, on 23/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Defenza\pcd-as.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {144CFC1B-6CD2-192C-ADCF-14A393F9AACE} - C:\WINDOWS\system32\cml.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PowSet] Wscript.exe //e:VBS C:\Drivers\Setpow.nec
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copie 1)" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Saiyen75
Messages postés
2696
Date d'inscription
jeudi 8 mars 2007
Statut
Membre
Dernière intervention
23 novembre 2014
184
23 janv. 2008 à 22:00
23 janv. 2008 à 22:00
Y a t'il toujours quelques chose dans C:\Program Files\Temporary\ ?
Tu n'as toujours pas d'antivirus, d'abord fait ce qui suit puis ensuite installe l'antivirus que je te conseil :
SDFix :
Télécharger sur le bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
= Double-clic SDFix.
= Clic Install
= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes).
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
Pour démarrer en mode sans échec :
1/ -Démarrez Windows, ou s’il s’exécute, fermez Windows puis éteignez l'ordinateur.
2/ -Redémarrez l’ordinateur.
3/ -Au début du chargement du BIOS (mais pas trop tôt), commencez à appuyer sur la touche F8 de votre clavier plusieurs fois de suite. Procédez ainsi jusqu'à ce que le menu des options avancées de Windows apparaissent.
4/ -En utilisant les flèches de votre clavier, sélectionnez "Mode sans échec" dans le menu puis appuyez sur Entrée.
Une fois sous windows :
------
= Double-clic SDFix.
= Clic Install
= Double-clic sur le nouveau dossier SDFix qui est dans C:\
= Double-clic RunThis
= Presser Y
= A l’invitation ==> appuyer sur une touche pour redémarrer
= Redémarrage ( qui sera plus long ,car nettoyage en cours )
Continuer si un message d’erreurs apparaît ,dans ce cas aller directement au rapport dans SDfix
= apparition de Finished
= Appuyer sur une touche
= Dans SDFix , un rapport est généré, Report.txt
= Copier/Coller sur le forum.
_____________________________________________________
Pour installer Antivir :
Ouvre ce lien: http://www.commentcamarche.net/telecharger/telecharger 55 antivir , télécharge Antivir et installe le.
Lance Antivir, fais les mises à jours, puis lance un scan (si des virus sont découverts, mets les en quarantaine. Si tu ne peux pas alors supprime les).
A la fin du scan clique sur 'report', enregistre ce rapport sur le bureau (fichier => enregistrer sous), puis fait un copier/coller de ce rapport dans ton prochain message.
----> Relance ton PC
_____________________________________________________
Tu n'as toujours pas d'antivirus, d'abord fait ce qui suit puis ensuite installe l'antivirus que je te conseil :
SDFix :
Télécharger sur le bureau :
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
= Double-clic SDFix.
= Clic Install
= Redémarrer en mode Sans Échec (le démarrage peut prendre plusieurs minutes).
Attention, pas d’accès à internet dans ce mode. Enregistrer ou imprimer les consignes.
Pour démarrer en mode sans échec :
1/ -Démarrez Windows, ou s’il s’exécute, fermez Windows puis éteignez l'ordinateur.
2/ -Redémarrez l’ordinateur.
3/ -Au début du chargement du BIOS (mais pas trop tôt), commencez à appuyer sur la touche F8 de votre clavier plusieurs fois de suite. Procédez ainsi jusqu'à ce que le menu des options avancées de Windows apparaissent.
4/ -En utilisant les flèches de votre clavier, sélectionnez "Mode sans échec" dans le menu puis appuyez sur Entrée.
Une fois sous windows :
------
= Double-clic SDFix.
= Clic Install
= Double-clic sur le nouveau dossier SDFix qui est dans C:\
= Double-clic RunThis
= Presser Y
= A l’invitation ==> appuyer sur une touche pour redémarrer
= Redémarrage ( qui sera plus long ,car nettoyage en cours )
Continuer si un message d’erreurs apparaît ,dans ce cas aller directement au rapport dans SDfix
= apparition de Finished
= Appuyer sur une touche
= Dans SDFix , un rapport est généré, Report.txt
= Copier/Coller sur le forum.
_____________________________________________________
Pour installer Antivir :
Ouvre ce lien: http://www.commentcamarche.net/telecharger/telecharger 55 antivir , télécharge Antivir et installe le.
Lance Antivir, fais les mises à jours, puis lance un scan (si des virus sont découverts, mets les en quarantaine. Si tu ne peux pas alors supprime les).
A la fin du scan clique sur 'report', enregistre ce rapport sur le bureau (fichier => enregistrer sous), puis fait un copier/coller de ce rapport dans ton prochain message.
----> Relance ton PC
_____________________________________________________
je trouve bizarre qu'il n'y ai pas d'antivirus car j'ai un anti virus avec mon abonnement wanadoo. C'est prélevé tous les mois avec mon abonnement. Dois je installer quand même ton antivirus?
Saiyen75
Messages postés
2696
Date d'inscription
jeudi 8 mars 2007
Statut
Membre
Dernière intervention
23 novembre 2014
184
23 janv. 2008 à 22:22
23 janv. 2008 à 22:22
Attend....
Saiyen75
Messages postés
2696
Date d'inscription
jeudi 8 mars 2007
Statut
Membre
Dernière intervention
23 novembre 2014
184
23 janv. 2008 à 22:33
23 janv. 2008 à 22:33
Sinon ? Y a t'il toujours quelques chose dans C:\Program Files\Temporary\ ?
J'ai oublier de te faire fixer quelque chose :
Fixe les lignes dans Hijackthis :
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
_____________________________________________________
Pour l'antivirus, il y'a un antispyware, un anti pop-up, mais je ne vois pas d'antivirus.
Donc installe Antivir,
Pour le Sdfix, tu en es où ?
tiens moi au courrant.
J'ai oublier de te faire fixer quelque chose :
Fixe les lignes dans Hijackthis :
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\therese\Application Data\Microsoft\Windows\rayiou.exe
_____________________________________________________
Pour l'antivirus, il y'a un antispyware, un anti pop-up, mais je ne vois pas d'antivirus.
Donc installe Antivir,
Pour le Sdfix, tu en es où ?
tiens moi au courrant.
Pour C:\program File\Temporary c'est maintenant vide
là je vais fixer la ligne dans hijackthis.
Pour le reste je vais attendre d'être plus tranquille ( je tiens un bar qui est encore ouvert).
Si tu n'es plus en ligne on verra demain matin.
merci
là je vais fixer la ligne dans hijackthis.
Pour le reste je vais attendre d'être plus tranquille ( je tiens un bar qui est encore ouvert).
Si tu n'es plus en ligne on verra demain matin.
merci
Saiyen75
Messages postés
2696
Date d'inscription
jeudi 8 mars 2007
Statut
Membre
Dernière intervention
23 novembre 2014
184
23 janv. 2008 à 22:54
23 janv. 2008 à 22:54
Ok ça marche,
Je vais pas trop tarder je pense :)
Pour faire un petit résumé :
- Fix la ligne HjT
- Post le rapport SDFix
- Ensuite, Installe Antivir (puis fait le scan comme indiqué)
- Repost un hijackthis
_______________________
Je lirai tous ça demin matin
On est presque au bout ;)
Bonne nuit ++
Je vais pas trop tarder je pense :)
Pour faire un petit résumé :
- Fix la ligne HjT
- Post le rapport SDFix
- Ensuite, Installe Antivir (puis fait le scan comme indiqué)
- Repost un hijackthis
_______________________
Je lirai tous ça demin matin
On est presque au bout ;)
Bonne nuit ++
bonjour ,
ca y est j'ai enfin eu le temps de faire le sdfix. Je t'envoie le rapport
SDFix: Version 1.131
Run by therese on 24/01/2008 at 13:38
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\therese\Bureau\SDFix\SDFix
Safe Mode:
Checking Services:
C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found
Checking files:
Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\THERESE\APPLIC~1\MICROS~1\WINDOWS\RAYIOU.EXE - Deleted
C:\Documents and Settings\therese\Application Data\WinTouch\wintouch.cfg - Deleted
C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe - Deleted
C:\Documents and Settings\therese\Application Data\WinTouch\WTUninstaller.exe - Deleted
C:\Program Files\Router\UnInstall.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\Program Files\.autoreg - Deleted
C:\Program Files\Fichiers communs\Carlson\carlton - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
Folder C:\Documents and Settings\therese\Application Data\WinTouch - Removed
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Router - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\Fichiers communs\Carlson - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\explorer.exe
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 13:49:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7F3915FC73B65D117B2D00AA002A401F\Usage]
"feat.SystemPerm"=dword:38383f95
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Enabled:NAVBrowser"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"="C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe:*:Enabled:Livecom Player"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Orange Link\\Application\\Exe\\Orange Link.exe"="C:\\Program Files\\Orange Link\\Application\\Exe\\Orange Link.exe:*:Enabled:Orange Link"
"C:\\Program Files\\Orange Link\\Application\\eConfv4\\olinkp.exe"="C:\\Program Files\\Orange Link\\Application\\eConfv4\\olinkp.exe:*:Enabled:Orange Link Player"
"C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE:*:Enabled:Orange Link"
"C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\therese\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\therese\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE:*:Enabled:Orange Link"
"C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\therese\Bureau\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 12 Oct 2004 198 A.SHR --- "C:\BOOT.BAK"
Thu 18 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 15 Jan 2008 230,400 ..SHR --- "C:\WINDOWS\A?pPatch\j?vaw.exe"
Sun 20 Jan 2008 31,232 A.SHR --- "C:\_OTMoveIt\MovedFiles\WINDOWS\htssv32.exe"
Sun 7 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 20 Jan 2008 68,608 ..SHR --- "C:\Documents and Settings\therese\Application Data\?asks\logonui.exe"
Tue 20 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT4.tmp"
Finished!
ca y est j'ai enfin eu le temps de faire le sdfix. Je t'envoie le rapport
SDFix: Version 1.131
Run by therese on 24/01/2008 at 13:38
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\therese\Bureau\SDFix\SDFix
Safe Mode:
Checking Services:
C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found
Checking files:
Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Dummy:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\THERESE\APPLIC~1\MICROS~1\WINDOWS\RAYIOU.EXE - Deleted
C:\Documents and Settings\therese\Application Data\WinTouch\wintouch.cfg - Deleted
C:\Documents and Settings\therese\Application Data\WinTouch\WinTouch.exe - Deleted
C:\Documents and Settings\therese\Application Data\WinTouch\WTUninstaller.exe - Deleted
C:\Program Files\Router\UnInstall.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\Program Files\.autoreg - Deleted
C:\Program Files\Fichiers communs\Carlson\carlton - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
Folder C:\Documents and Settings\therese\Application Data\WinTouch - Removed
Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Router - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\Fichiers communs\Carlson - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\explorer.exe
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-24 13:49:32
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7F3915FC73B65D117B2D00AA002A401F\Usage]
"feat.SystemPerm"=dword:38383f95
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\Temp\\NavBrowser.exe"="C:\\WINDOWS\\Temp\\NavBrowser.exe:*:Enabled:NAVBrowser"
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"="C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe"="C:\\Program Files\\Livecom\\Application\\eConfv4\\livecomp.exe:*:Enabled:Livecom Player"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Orange Link\\Application\\Exe\\Orange Link.exe"="C:\\Program Files\\Orange Link\\Application\\Exe\\Orange Link.exe:*:Enabled:Orange Link"
"C:\\Program Files\\Orange Link\\Application\\eConfv4\\olinkp.exe"="C:\\Program Files\\Orange Link\\Application\\eConfv4\\olinkp.exe:*:Enabled:Orange Link Player"
"C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE:*:Enabled:Orange Link"
"C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\therese\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\therese\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\Livecom.exe:*:Enabled:Livecom"
"C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\Livecom\\APPLIC~1\\Exe\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\ORANGE~1.EXE:*:Enabled:Orange Link"
"C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe"="C:\\PROGRA~1\\ORANGE~1\\APPLIC~1\\Exe\\..\\EconfV4\\olinkp.exe:*:Enabled:Livecom Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
Remaining Files:
---------------
File Backups: - C:\DOCUME~1\therese\Bureau\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes:
Tue 12 Oct 2004 198 A.SHR --- "C:\BOOT.BAK"
Thu 18 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 15 Jan 2008 230,400 ..SHR --- "C:\WINDOWS\A?pPatch\j?vaw.exe"
Sun 20 Jan 2008 31,232 A.SHR --- "C:\_OTMoveIt\MovedFiles\WINDOWS\htssv32.exe"
Sun 7 Jan 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun 20 Jan 2008 68,608 ..SHR --- "C:\Documents and Settings\therese\Application Data\?asks\logonui.exe"
Tue 20 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT4.tmp"
Finished!
Saiyen75
Messages postés
2696
Date d'inscription
jeudi 8 mars 2007
Statut
Membre
Dernière intervention
23 novembre 2014
184
24 janv. 2008 à 14:23
24 janv. 2008 à 14:23
Salut,
Repost un log hijackthis please.
Repost un log hijackthis please.
Slt,
je viens d'installer antivir et je t'envoie les rapports. J'ai mis un virus en quarantaine .
Là je m'occupe du hijackthis et te l'envoie.
Merci
Avira AntiVir PersonalEdition Classic
*************************************
Copyright © 2007 Avira GmbH.
All rights reserved.
Inhalt
******
0 Important information
1 System requirements
2 Important requirements for an installation
3 Incompatibilities with other programs
4 Support service
5 Contact address
0 Important information
***********************
Users who have up to now installed an ANSI version of the Avira
AntiVir PersonalEdition Classic software pack on a Microsoft Windows
NT, Microsoft Windows 2000 or Microsoft Windows XP operating system,
receive update information when attempting to update.
When updating, please proceed as follows:
1. Deinstall the installed version of the Avira AntiVir
PersonalEdition Classic.
2. Download a current software pack from the downoad section of the
Avira AntiVir PersonalEdition Classic website
https://www.avira.com/
3. Install this software pack on your computer.
1 System requirements
*********************
In order for Avira AntiVir PersonalEdition Classic to run properly,
the computer system must fulfill the following requirements:
- Computer: Pentium or higher, at least 133 MHz
- Operating system
- Microsoft Windows Vista or
- Microsoft Windows XP Home or Professional, or
- Microsoft Windows 2000, SP 4 recommended
Avira AntiVir PersonalEdition Classic also supports Microsoft Windows
XP x64 Edition.
The display of the program interfaces can differ, depending on the
operating system used.
- 30 MB free memory on the hard disk (more if quarantine is used)
- Min. 100 MB temporary memory on the hard disk
- Min. 25 MB of free main memory
- For all installations: Internet Explorer 5.0 or higher
- For the installation of Avira AntiVir PersonalEdition Classic:
administrator rights
Note
----
- If there is no Internet Explorer 5.0 or higher available on your
system, you can download it under the following address:
https://support.microsoft.com/en-us/office/internet-explorer-help-23360e49-9cd3-4dda-ba52-705336cc0de2?ui=en-US&rs=en-001&ad=US
2 Important requirements for an installation
********************************************
Ensure that the following requirements are fulfilled so that Avira
AntiVir PersonalEdition Classic works properly on your computer:
- System requirements fulfilled
- No other on-access scanner (also called Guard) installed
- Installer has administrator rights
- Internet/Intranet connection available
- All running programs on the computer exited
3 Incompatibilities with other programs
***************************************
Cygwin
If the Avira AntiVir PersonalEdition Classic runs on a system where
the product Cygwin is installed, you might encounter problems with
updating the Avira AntiVir PersonalEdition Classic. In a worst case
scenario you might not be able to update the Avira AntiVir
PersonalEdition Classic at all. Background to this behavior is the
fact that the cygwin process "cygrun.srv.exe" together with the
Microsoft Client/Server runtime server subsystem ("csrss.exe) causes
a complete load of the system once the update process of the Avira
AntiVir PersonalEdition Classic is started. It is therefore strongly
recommended to deinstall Cygwin before the Avira AntiVir
PersonalEdition Classic is installed.
4 Support service
*****************
If you have problems please try first to solve them using the
integrated help system and the user manual (Download at:
http://www.free-av.com). For harder problem, please feel free to
post a message to our bulletin board at https://support.avira.com/hc/de/community/topics or
to call our Support-Hotline.
Please also feel free to post bug reports, hints, feature requests
and anything else related to the Avira AntiVir PersonalEdition
Classic to this Bulletin Board.
Please note that technical inquiries can only be anserwered via our
Support-Forum or our Support-Hotline.
Support-Forum
-------------
...our forum is available for you at any time!
The forum, which is subdivided into clear categories offers you the
possibility to exchange yourself online with other users and our
employees of the customer support. An up-to-date, electronic
bulletin board that is coordinated by our moderators is available.
Our experience multiplies with the experience from the users of
AntiVir all over the world. Have a look on it without any
obligation...
https://support.avira.com/hc/de/community/topics
Support-Hotline
---------------
Germany: 0900 10 11 333 (1,99 Euro/Min*)
Austria: 0900 51 03 61 121 (2,16 Euro/Min*)
Switzerland: 0900 51 03 61 (4,23 CHF/Min*)
* Prices are subject to change.
Mo - Fr between 10 a.m. and 7 p.m.
5 Contact
*********
Avira GmbH
Lindauer Str. 21
D-88069 Tettnang
Germany
Internet: https://www.avira.com/
24.01.2008 15:59:22 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 15:59:22 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
24.01.2008 15:59:22 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\
24.01.2008 15:59:23 - Start the Update GUI... Displaymode: 0
24.01.2008 15:59:22 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 15:59:22 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
24.01.2008 15:59:22 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\
24.01.2008 15:59:23 - Start the Update GUI... Displaymode: 0
24.01.2008 15:59:38 - Keyfile: OK [FULL Mode]
24.01.2008 15:59:38 - Avira AntiVir PersonalEdition Classic
24.01.2008 16:00:03 - Master IDX file has changed
24.01.2008 16:00:13 - Keyfile: OK [FULL Mode]
24.01.2008 16:00:13 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/classic-nt-en.info.gz
24.01.2008 16:00:14 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/avadmin.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/wsctool.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:15 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/vdf.info.gz
24.01.2008 16:00:18 - Keyfile: OK [FULL Mode]
24.01.2008 16:00:18 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/specvir-nt.info.gz
24.01.2008 16:00:19 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/engine.info.gz
24.01.2008 16:00:19 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/engine-nt-en.info.gz
24.01.2008 16:00:21 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
24.01.2008 16:00:22 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll 1.2.10.20 < 1.2.10.21
24.01.2008 16:00:24 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 75
24.01.2008 16:00:27 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe 7.2.0.12 < 7.2.0.14
24.01.2008 16:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 7.2.0.13 < 7.2.0.16
24.01.2008 16:00:31 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 7.0.0.81 < 7.0.0.82
24.01.2008 16:00:34 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\ccguard.dll 7.0.1.34 < 7.0.1.35
24.01.2008 16:00:38 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\preupd.exe 7.0.0.34 < 7.0.0.36
24.01.2008 16:00:40 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\ Files: 1
24.01.2008 16:00:40 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
24.01.2008 16:00:41 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf 7.0.0.0 < 7.0.1.95
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf 7.0.0.1 < 7.0.2.0
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.0.2 < 7.0.2.42
24.01.2008 16:00:41 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
24.01.2008 16:00:41 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avewin32.dll 7.6.0.15 < 7.6.0.48
24.01.2008 16:00:41 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avpack32.dll 7.3.0.15 < 7.6.0.3
24.01.2008 16:00:41 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4
24.01.2008 16:00:41 - C:\WINDOWS\SYSTEM32\drivers\avipbb.sys 1.0.2.11 < 1.0.2.13
24.01.2008 16:00:42 - Minifilter is installed
24.01.2008 16:00:42 - Minifilter is possible
24.01.2008 16:00:42 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType
24.01.2008 16:00:42 - Initialize avnotify.exe
24.01.2008 16:00:43 - Starting avnotify.exe successful
24.01.2008 16:00:43 - Preparing to download files
24.01.2008 16:00:43 - 13 files need to be downloaded / copied from http://dl4.avgate.net/upd/
24.01.2008 16:00:43 - #1: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/updlib.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/updlib.dll
24.01.2008 16:00:45 - #2: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avcenter.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/avcenter.exe
24.01.2008 16:00:55 - #3: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avgnt.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/avgnt.exe
24.01.2008 16:00:58 - #4: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avguard.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/avguard.exe
24.01.2008 16:01:01 - #5: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/ccguard.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/ccguard.dll
24.01.2008 16:01:07 - #6: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/preupd.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/preupd.exe
24.01.2008 16:01:09 - #7: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/addr_file.html.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/addr_file.html
24.01.2008 16:01:09 - #8: Downloading and extracting http://dl4.avgate.net/upd/vdf/antivir1.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir1.vdf
24.01.2008 16:01:50 - #9: Downloading and extracting http://dl4.avgate.net/upd/vdf/antivir2.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir2.vdf
24.01.2008 16:02:05 - #10: Downloading and extracting http://dl4.avgate.net/upd/vdf/antivir3.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir3.vdf
24.01.2008 16:02:11 - #11: Downloading and extracting http://dl4.avgate.net/upd/engine/avewin32.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\avewin32.dll
24.01.2008 16:02:30 - #12: Downloading and extracting http://dl4.avgate.net/upd/engine/nt/avpack32.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\nt\avpack32.dll
24.01.2008 16:02:34 - #13: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avipbb.sys.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/avipbb.sys
24.01.2008 16:02:47 - Service AVEService is not installed
24.01.2008 16:02:47 - Service AntiVirMailService is not installed
24.01.2008 16:02:47 - Initialize fwinst.exe
24.01.2008 16:02:47 - Initialize fwinst.exe
24.01.2008 16:02:47 - Service AntiVirFirewallService is not installed
24.01.2008 16:02:47 - Service antivirwebservice is not installed
24.01.2008 16:02:47 - Status of service AntiVirService is running
24.01.2008 16:02:47 - Initialize avgnt.exe
24.01.2008 16:02:47 - Status of service AntiVirScheduler is running
24.01.2008 16:02:47 - Minifilter is installed
24.01.2008 16:02:47 - Minifilter is possible
24.01.2008 16:02:47 - Initialize avscan.exe
24.01.2008 16:02:47 - Initialize avconfig.cpl
24.01.2008 16:02:47 - Initialize avcenter.exe
24.01.2008 16:02:47 - shell extension is installed
24.01.2008 16:02:47 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled
24.01.2008 16:02:47 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled
24.01.2008 16:02:47 - Service AVEService is not installed
24.01.2008 16:02:47 - Service AntiVirMailService is not installed
24.01.2008 16:02:47 - Initialize fwinst.exe
24.01.2008 16:02:47 - Initialize fwinst.exe
24.01.2008 16:02:47 - Service AntiVirFirewallService is not installed
24.01.2008 16:02:47 - shell extension is installed
24.01.2008 16:02:47 - Initialize regsvr32.exe
24.01.2008 16:02:51 - shell extension removed successfully
24.01.2008 16:02:51 - avgnt.exe closed.
24.01.2008 16:02:51 - Status of service AntiVirScheduler is running
24.01.2008 16:03:00 - Service AntiVirScheduler successfully stopped
24.01.2008 16:03:00 - Status of service AntiVirService is running
24.01.2008 16:03:14 - Service AntiVirService successfully stopped
24.01.2008 16:03:14 - Starting to install
24.01.2008 16:03:15 - Processing module SELFUPDATE Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:23 - Current Direcory:C:\Program Files\Avira\AntiVir PersonalEdition Classic, About to execute C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\SelfUpdateTemp\update.exe --log-template="${DAY}.${MONTH}.${YEAR} ${HOUR}:${MINUTE}:${SECOND} - ${MSG}".Self Update helper
24.01.2008 16:03:28 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:28 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
24.01.2008 16:03:28 - Temp Directory: C:\WINDOWS\TEMP\Update_Temp\
24.01.2008 16:03:28 - Avira AntiVir PersonalEdition Classic
24.01.2008 16:03:28 - Self update: Copying file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/updlib.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
24.01.2008 16:03:28 - Executing original update application
24.01.2008 16:03:28 - Current Direcory:C:\Program Files\Avira\AntiVir PersonalEdition Classic, About to execute C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe --config-file="C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\update.conf" --install-path="C:\Program Files\Avira\AntiVir PersonalEdition Classic" --log-template="${DAY}.${MONTH}.${YEAR} ${HOUR}:${MINUTE}:${SECOND} - ${MSG}" --NoSelfUpdate "--TmpDir=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5" "--LogFile=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES\Upd-2008-01-24-15-59-17.log" "--TmpFilesList=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\ToRemove.txt".Executing original update application
24.01.2008 16:03:30 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:30 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
24.01.2008 16:03:30 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\
24.01.2008 16:03:31 - Start the Update GUI... Displaymode: 0
24.01.2008 16:03:31 - Avira AntiVir PersonalEdition Classic
24.01.2008 16:03:31 - Master IDX file has changed
24.01.2008 16:03:31 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/avadmin.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/wsctool.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/vdf.info.gz
24.01.2008 16:03:32 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/specvir-nt.info.gz
24.01.2008 16:03:32 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine.info.gz
24.01.2008 16:03:32 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine-nt-en.info.gz
24.01.2008 16:03:32 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
24.01.2008 16:03:32 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 75
24.01.2008 16:03:34 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\ Files: 1
24.01.2008 16:03:34 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
24.01.2008 16:03:34 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
24.01.2008 16:03:34 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
24.01.2008 16:03:34 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
24.01.2008 16:03:34 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
24.01.2008 16:03:34 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4
24.01.2008 16:03:35 - Minifilter is installed
24.01.2008 16:03:35 - Minifilter is possible
24.01.2008 16:03:35 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType
24.01.2008 16:03:35 - Preparing to download files
24.01.2008 16:03:35 - 12 files need to be downloaded / copied from http://dl1.avgate.net/upd/
24.01.2008 16:03:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\avcenter.exe.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\avgnt.exe.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\avguard.exe.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:36 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\ccguard.dll.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:36 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\preupd.exe.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:36 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\addr_file.html.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:36 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir1.vdf.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:37 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir2.vdf.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:37 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir3.vdf.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:37 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\avewin32.dll.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:38 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\nt\avpack32.dll.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:38 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\avipbb.sys.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:38 - Starting to install
24.01.2008 16:03:38 - Processing module MAIN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:38 - File C:\Documents and Settings\All Users\Application Data\addr_file.html will not be backed up because it doesn't exist
24.01.2008 16:03:38 - Processing module COMMAPPDATA Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\
24.01.2008 16:03:38 - Processing module VDF Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:39 - Processing module ENGINE Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:40 - Processing module ENGINE_NT_EN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:40 - Processing module DRV Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\
24.01.2008 16:03:40 - A total of 12 files were updated
24.01.2008 16:03:40 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress
24.01.2008 16:03:40 - Service AVEService is not installed
24.01.2008 16:03:40 - Service AntiVirMailService is not installed
24.01.2008 16:03:40 - Initialize fwinst.exe
24.01.2008 16:03:40 - Initialize fwinst.exe
24.01.2008 16:03:40 - Service AntiVirFirewallService is not installed
24.01.2008 16:03:40 - Service antivirwebservice is not installed
24.01.2008 16:03:40 - Status of service AntiVirService is stopped
24.01.2008 16:03:40 - Initialize avgnt.exe
24.01.2008 16:03:40 - Status of service AntiVirScheduler is stopped
24.01.2008 16:03:40 - Minifilter is installed
24.01.2008 16:03:40 - Minifilter is possible
24.01.2008 16:03:40 - Initialize avscan.exe
24.01.2008 16:03:40 - Initialize avconfig.cpl
24.01.2008 16:03:40 - Initialize avcenter.exe
24.01.2008 16:03:40 - shell extension is installed
24.01.2008 16:03:40 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled
24.01.2008 16:03:40 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled
24.01.2008 16:03:53 - Service AntiVirService successfully started
24.01.2008 16:03:55 - Starting avgnt.exe successful
24.01.2008 16:03:58 - Service AntiVirScheduler successfully started
24.01.2008 16:03:58 - shell extension is installed
24.01.2008 16:03:58 - Initialize regsvr32.exe
24.01.2008 16:04:05 - installation of shell extension successful
24.01.2008 16:04:05 - Cannot start the service antivirwebservice
24.01.2008 16:04:05 - Dialup: 0
24.01.2008 16:04:05 - Downloaded bytes: 6777409
24.01.2008 16:04:05 - Downloaded file(s): 13
24.01.2008 16:04:05 - Downloaded file(s): updlib.dll; avcenter.exe; avgnt.exe; avguard.exe; ccguard.dll; preupd.exe; addr_file.html; antivir1.vdf; antivir2.vdf; antivir3.vdf; avewin32.dll; avpack32.dll; avipbb.sys
24.01.2008 16:04:05 - Engine version local : 7.6.0.15
24.01.2008 16:04:05 - Engine version internet: 7.6.0.48
24.01.2008 16:04:05 - 0. VDF version local : 6.40.0.0
24.01.2008 16:04:05 - 0. VDF version internet: 6.40.0.0
24.01.2008 16:04:05 - 1. VDF version local : 7.0.0.0
24.01.2008 16:04:05 - 1. VDF version internet: 7.0.1.95
24.01.2008 16:04:05 - 2. VDF version local : 7.0.0.1
24.01.2008 16:04:05 - 2. VDF version internet: 7.0.2.0
24.01.2008 16:04:05 - 3. VDF version local : 7.0.0.2
24.01.2008 16:04:05 - 3. VDF version internet: 7.0.2.42
24.01.2008 16:04:05 - Required time: 00:34
24.01.2008 16:04:05 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate
24.01.2008 16:04:06 - Update finished successfully
je viens d'installer antivir et je t'envoie les rapports. J'ai mis un virus en quarantaine .
Là je m'occupe du hijackthis et te l'envoie.
Merci
Avira AntiVir PersonalEdition Classic
*************************************
Copyright © 2007 Avira GmbH.
All rights reserved.
Inhalt
******
0 Important information
1 System requirements
2 Important requirements for an installation
3 Incompatibilities with other programs
4 Support service
5 Contact address
0 Important information
***********************
Users who have up to now installed an ANSI version of the Avira
AntiVir PersonalEdition Classic software pack on a Microsoft Windows
NT, Microsoft Windows 2000 or Microsoft Windows XP operating system,
receive update information when attempting to update.
When updating, please proceed as follows:
1. Deinstall the installed version of the Avira AntiVir
PersonalEdition Classic.
2. Download a current software pack from the downoad section of the
Avira AntiVir PersonalEdition Classic website
https://www.avira.com/
3. Install this software pack on your computer.
1 System requirements
*********************
In order for Avira AntiVir PersonalEdition Classic to run properly,
the computer system must fulfill the following requirements:
- Computer: Pentium or higher, at least 133 MHz
- Operating system
- Microsoft Windows Vista or
- Microsoft Windows XP Home or Professional, or
- Microsoft Windows 2000, SP 4 recommended
Avira AntiVir PersonalEdition Classic also supports Microsoft Windows
XP x64 Edition.
The display of the program interfaces can differ, depending on the
operating system used.
- 30 MB free memory on the hard disk (more if quarantine is used)
- Min. 100 MB temporary memory on the hard disk
- Min. 25 MB of free main memory
- For all installations: Internet Explorer 5.0 or higher
- For the installation of Avira AntiVir PersonalEdition Classic:
administrator rights
Note
----
- If there is no Internet Explorer 5.0 or higher available on your
system, you can download it under the following address:
https://support.microsoft.com/en-us/office/internet-explorer-help-23360e49-9cd3-4dda-ba52-705336cc0de2?ui=en-US&rs=en-001&ad=US
2 Important requirements for an installation
********************************************
Ensure that the following requirements are fulfilled so that Avira
AntiVir PersonalEdition Classic works properly on your computer:
- System requirements fulfilled
- No other on-access scanner (also called Guard) installed
- Installer has administrator rights
- Internet/Intranet connection available
- All running programs on the computer exited
3 Incompatibilities with other programs
***************************************
Cygwin
If the Avira AntiVir PersonalEdition Classic runs on a system where
the product Cygwin is installed, you might encounter problems with
updating the Avira AntiVir PersonalEdition Classic. In a worst case
scenario you might not be able to update the Avira AntiVir
PersonalEdition Classic at all. Background to this behavior is the
fact that the cygwin process "cygrun.srv.exe" together with the
Microsoft Client/Server runtime server subsystem ("csrss.exe) causes
a complete load of the system once the update process of the Avira
AntiVir PersonalEdition Classic is started. It is therefore strongly
recommended to deinstall Cygwin before the Avira AntiVir
PersonalEdition Classic is installed.
4 Support service
*****************
If you have problems please try first to solve them using the
integrated help system and the user manual (Download at:
http://www.free-av.com). For harder problem, please feel free to
post a message to our bulletin board at https://support.avira.com/hc/de/community/topics or
to call our Support-Hotline.
Please also feel free to post bug reports, hints, feature requests
and anything else related to the Avira AntiVir PersonalEdition
Classic to this Bulletin Board.
Please note that technical inquiries can only be anserwered via our
Support-Forum or our Support-Hotline.
Support-Forum
-------------
...our forum is available for you at any time!
The forum, which is subdivided into clear categories offers you the
possibility to exchange yourself online with other users and our
employees of the customer support. An up-to-date, electronic
bulletin board that is coordinated by our moderators is available.
Our experience multiplies with the experience from the users of
AntiVir all over the world. Have a look on it without any
obligation...
https://support.avira.com/hc/de/community/topics
Support-Hotline
---------------
Germany: 0900 10 11 333 (1,99 Euro/Min*)
Austria: 0900 51 03 61 121 (2,16 Euro/Min*)
Switzerland: 0900 51 03 61 (4,23 CHF/Min*)
* Prices are subject to change.
Mo - Fr between 10 a.m. and 7 p.m.
5 Contact
*********
Avira GmbH
Lindauer Str. 21
D-88069 Tettnang
Germany
Internet: https://www.avira.com/
24.01.2008 15:59:22 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 15:59:22 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
24.01.2008 15:59:22 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\
24.01.2008 15:59:23 - Start the Update GUI... Displaymode: 0
24.01.2008 15:59:22 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 15:59:22 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
24.01.2008 15:59:22 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\
24.01.2008 15:59:23 - Start the Update GUI... Displaymode: 0
24.01.2008 15:59:38 - Keyfile: OK [FULL Mode]
24.01.2008 15:59:38 - Avira AntiVir PersonalEdition Classic
24.01.2008 16:00:03 - Master IDX file has changed
24.01.2008 16:00:13 - Keyfile: OK [FULL Mode]
24.01.2008 16:00:13 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/classic-nt-en.info.gz
24.01.2008 16:00:14 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/avadmin.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/wsctool.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:14 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:00:15 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/vdf.info.gz
24.01.2008 16:00:18 - Keyfile: OK [FULL Mode]
24.01.2008 16:00:18 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/specvir-nt.info.gz
24.01.2008 16:00:19 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/engine.info.gz
24.01.2008 16:00:19 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/engine-nt-en.info.gz
24.01.2008 16:00:21 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
24.01.2008 16:00:22 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll 1.2.10.20 < 1.2.10.21
24.01.2008 16:00:24 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 75
24.01.2008 16:00:27 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe 7.2.0.12 < 7.2.0.14
24.01.2008 16:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 7.2.0.13 < 7.2.0.16
24.01.2008 16:00:31 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 7.0.0.81 < 7.0.0.82
24.01.2008 16:00:34 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\ccguard.dll 7.0.1.34 < 7.0.1.35
24.01.2008 16:00:38 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\preupd.exe 7.0.0.34 < 7.0.0.36
24.01.2008 16:00:40 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\ Files: 1
24.01.2008 16:00:40 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
24.01.2008 16:00:41 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf 7.0.0.0 < 7.0.1.95
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf 7.0.0.1 < 7.0.2.0
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.0.2 < 7.0.2.42
24.01.2008 16:00:41 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
24.01.2008 16:00:41 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avewin32.dll 7.6.0.15 < 7.6.0.48
24.01.2008 16:00:41 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
24.01.2008 16:00:41 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avpack32.dll 7.3.0.15 < 7.6.0.3
24.01.2008 16:00:41 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4
24.01.2008 16:00:41 - C:\WINDOWS\SYSTEM32\drivers\avipbb.sys 1.0.2.11 < 1.0.2.13
24.01.2008 16:00:42 - Minifilter is installed
24.01.2008 16:00:42 - Minifilter is possible
24.01.2008 16:00:42 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType
24.01.2008 16:00:42 - Initialize avnotify.exe
24.01.2008 16:00:43 - Starting avnotify.exe successful
24.01.2008 16:00:43 - Preparing to download files
24.01.2008 16:00:43 - 13 files need to be downloaded / copied from http://dl4.avgate.net/upd/
24.01.2008 16:00:43 - #1: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/updlib.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/updlib.dll
24.01.2008 16:00:45 - #2: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avcenter.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/avcenter.exe
24.01.2008 16:00:55 - #3: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avgnt.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/avgnt.exe
24.01.2008 16:00:58 - #4: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avguard.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/avguard.exe
24.01.2008 16:01:01 - #5: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/ccguard.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/ccguard.dll
24.01.2008 16:01:07 - #6: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/preupd.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/preupd.exe
24.01.2008 16:01:09 - #7: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/addr_file.html.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/addr_file.html
24.01.2008 16:01:09 - #8: Downloading and extracting http://dl4.avgate.net/upd/vdf/antivir1.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir1.vdf
24.01.2008 16:01:50 - #9: Downloading and extracting http://dl4.avgate.net/upd/vdf/antivir2.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir2.vdf
24.01.2008 16:02:05 - #10: Downloading and extracting http://dl4.avgate.net/upd/vdf/antivir3.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir3.vdf
24.01.2008 16:02:11 - #11: Downloading and extracting http://dl4.avgate.net/upd/engine/avewin32.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\avewin32.dll
24.01.2008 16:02:30 - #12: Downloading and extracting http://dl4.avgate.net/upd/engine/nt/avpack32.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\nt\avpack32.dll
24.01.2008 16:02:34 - #13: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avipbb.sys.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/avipbb.sys
24.01.2008 16:02:47 - Service AVEService is not installed
24.01.2008 16:02:47 - Service AntiVirMailService is not installed
24.01.2008 16:02:47 - Initialize fwinst.exe
24.01.2008 16:02:47 - Initialize fwinst.exe
24.01.2008 16:02:47 - Service AntiVirFirewallService is not installed
24.01.2008 16:02:47 - Service antivirwebservice is not installed
24.01.2008 16:02:47 - Status of service AntiVirService is running
24.01.2008 16:02:47 - Initialize avgnt.exe
24.01.2008 16:02:47 - Status of service AntiVirScheduler is running
24.01.2008 16:02:47 - Minifilter is installed
24.01.2008 16:02:47 - Minifilter is possible
24.01.2008 16:02:47 - Initialize avscan.exe
24.01.2008 16:02:47 - Initialize avconfig.cpl
24.01.2008 16:02:47 - Initialize avcenter.exe
24.01.2008 16:02:47 - shell extension is installed
24.01.2008 16:02:47 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled
24.01.2008 16:02:47 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled
24.01.2008 16:02:47 - Service AVEService is not installed
24.01.2008 16:02:47 - Service AntiVirMailService is not installed
24.01.2008 16:02:47 - Initialize fwinst.exe
24.01.2008 16:02:47 - Initialize fwinst.exe
24.01.2008 16:02:47 - Service AntiVirFirewallService is not installed
24.01.2008 16:02:47 - shell extension is installed
24.01.2008 16:02:47 - Initialize regsvr32.exe
24.01.2008 16:02:51 - shell extension removed successfully
24.01.2008 16:02:51 - avgnt.exe closed.
24.01.2008 16:02:51 - Status of service AntiVirScheduler is running
24.01.2008 16:03:00 - Service AntiVirScheduler successfully stopped
24.01.2008 16:03:00 - Status of service AntiVirService is running
24.01.2008 16:03:14 - Service AntiVirService successfully stopped
24.01.2008 16:03:14 - Starting to install
24.01.2008 16:03:15 - Processing module SELFUPDATE Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:23 - Current Direcory:C:\Program Files\Avira\AntiVir PersonalEdition Classic, About to execute C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\SelfUpdateTemp\update.exe --log-template="${DAY}.${MONTH}.${YEAR} ${HOUR}:${MINUTE}:${SECOND} - ${MSG}".Self Update helper
24.01.2008 16:03:28 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:28 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
24.01.2008 16:03:28 - Temp Directory: C:\WINDOWS\TEMP\Update_Temp\
24.01.2008 16:03:28 - Avira AntiVir PersonalEdition Classic
24.01.2008 16:03:28 - Self update: Copying file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt/updlib.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
24.01.2008 16:03:28 - Executing original update application
24.01.2008 16:03:28 - Current Direcory:C:\Program Files\Avira\AntiVir PersonalEdition Classic, About to execute C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe --config-file="C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\update.conf" --install-path="C:\Program Files\Avira\AntiVir PersonalEdition Classic" --log-template="${DAY}.${MONTH}.${YEAR} ${HOUR}:${MINUTE}:${SECOND} - ${MSG}" --NoSelfUpdate "--TmpDir=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5" "--LogFile=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES\Upd-2008-01-24-15-59-17.log" "--TmpFilesList=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\ToRemove.txt".Executing original update application
24.01.2008 16:03:30 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:30 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
24.01.2008 16:03:30 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\
24.01.2008 16:03:31 - Start the Update GUI... Displaymode: 0
24.01.2008 16:03:31 - Avira AntiVir PersonalEdition Classic
24.01.2008 16:03:31 - Master IDX file has changed
24.01.2008 16:03:31 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/avadmin.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/wsctool.exe's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
24.01.2008 16:03:31 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/vdf.info.gz
24.01.2008 16:03:32 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/specvir-nt.info.gz
24.01.2008 16:03:32 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine.info.gz
24.01.2008 16:03:32 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine-nt-en.info.gz
24.01.2008 16:03:32 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
24.01.2008 16:03:32 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 75
24.01.2008 16:03:34 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\ Files: 1
24.01.2008 16:03:34 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
24.01.2008 16:03:34 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
24.01.2008 16:03:34 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
24.01.2008 16:03:34 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
24.01.2008 16:03:34 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
24.01.2008 16:03:34 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4
24.01.2008 16:03:35 - Minifilter is installed
24.01.2008 16:03:35 - Minifilter is possible
24.01.2008 16:03:35 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType
24.01.2008 16:03:35 - Preparing to download files
24.01.2008 16:03:35 - 12 files need to be downloaded / copied from http://dl1.avgate.net/upd/
24.01.2008 16:03:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\avcenter.exe.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\avgnt.exe.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\avguard.exe.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:36 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\ccguard.dll.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:36 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\preupd.exe.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:36 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\addr_file.html.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:36 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir1.vdf.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:37 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir2.vdf.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:37 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\antivir3.vdf.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:37 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\avewin32.dll.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:38 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\nt\avpack32.dll.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:38 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\basic-nt\avipbb.sys.gz already exists in temporary folder and it will not be downloaded again
24.01.2008 16:03:38 - Starting to install
24.01.2008 16:03:38 - Processing module MAIN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:38 - File C:\Documents and Settings\All Users\Application Data\addr_file.html will not be backed up because it doesn't exist
24.01.2008 16:03:38 - Processing module COMMAPPDATA Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\
24.01.2008 16:03:38 - Processing module VDF Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:39 - Processing module ENGINE Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:40 - Processing module ENGINE_NT_EN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
24.01.2008 16:03:40 - Processing module DRV Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_4798a7c5\winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\
24.01.2008 16:03:40 - A total of 12 files were updated
24.01.2008 16:03:40 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress
24.01.2008 16:03:40 - Service AVEService is not installed
24.01.2008 16:03:40 - Service AntiVirMailService is not installed
24.01.2008 16:03:40 - Initialize fwinst.exe
24.01.2008 16:03:40 - Initialize fwinst.exe
24.01.2008 16:03:40 - Service AntiVirFirewallService is not installed
24.01.2008 16:03:40 - Service antivirwebservice is not installed
24.01.2008 16:03:40 - Status of service AntiVirService is stopped
24.01.2008 16:03:40 - Initialize avgnt.exe
24.01.2008 16:03:40 - Status of service AntiVirScheduler is stopped
24.01.2008 16:03:40 - Minifilter is installed
24.01.2008 16:03:40 - Minifilter is possible
24.01.2008 16:03:40 - Initialize avscan.exe
24.01.2008 16:03:40 - Initialize avconfig.cpl
24.01.2008 16:03:40 - Initialize avcenter.exe
24.01.2008 16:03:40 - shell extension is installed
24.01.2008 16:03:40 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled
24.01.2008 16:03:40 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled
24.01.2008 16:03:53 - Service AntiVirService successfully started
24.01.2008 16:03:55 - Starting avgnt.exe successful
24.01.2008 16:03:58 - Service AntiVirScheduler successfully started
24.01.2008 16:03:58 - shell extension is installed
24.01.2008 16:03:58 - Initialize regsvr32.exe
24.01.2008 16:04:05 - installation of shell extension successful
24.01.2008 16:04:05 - Cannot start the service antivirwebservice
24.01.2008 16:04:05 - Dialup: 0
24.01.2008 16:04:05 - Downloaded bytes: 6777409
24.01.2008 16:04:05 - Downloaded file(s): 13
24.01.2008 16:04:05 - Downloaded file(s): updlib.dll; avcenter.exe; avgnt.exe; avguard.exe; ccguard.dll; preupd.exe; addr_file.html; antivir1.vdf; antivir2.vdf; antivir3.vdf; avewin32.dll; avpack32.dll; avipbb.sys
24.01.2008 16:04:05 - Engine version local : 7.6.0.15
24.01.2008 16:04:05 - Engine version internet: 7.6.0.48
24.01.2008 16:04:05 - 0. VDF version local : 6.40.0.0
24.01.2008 16:04:05 - 0. VDF version internet: 6.40.0.0
24.01.2008 16:04:05 - 1. VDF version local : 7.0.0.0
24.01.2008 16:04:05 - 1. VDF version internet: 7.0.1.95
24.01.2008 16:04:05 - 2. VDF version local : 7.0.0.1
24.01.2008 16:04:05 - 2. VDF version internet: 7.0.2.0
24.01.2008 16:04:05 - 3. VDF version local : 7.0.0.2
24.01.2008 16:04:05 - 3. VDF version internet: 7.0.2.42
24.01.2008 16:04:05 - Required time: 00:34
24.01.2008 16:04:05 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate
24.01.2008 16:04:06 - Update finished successfully
en voulant aller sur poste de travail pour ouvrir les fichiers C:\ pour faire le hijacktis
une fenêtre s'est ouverte avec un sigal d'alerte
c'est un trojan horse TR/Dial.43341
j'ai 4 solutions
repair
move to quarantaine
delate
rename
access deny
ignore
je fais quoi?
une fenêtre s'est ouverte avec un sigal d'alerte
c'est un trojan horse TR/Dial.43341
j'ai 4 solutions
repair
move to quarantaine
delate
rename
access deny
ignore
je fais quoi?
En fait je l'ai mis en quarantaine et je t'envoie le rapport du dernier hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:02, on 24/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Defenza\pcd-as.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {144CFC1B-6CD2-192C-ADCF-14A393F9AACE} - C:\WINDOWS\system32\cml.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PowSet] Wscript.exe //e:VBS C:\Drivers\Setpow.nec
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copie 1)" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:02, on 24/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Defenza\pcd-as.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://side.search.ke.voila.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {144CFC1B-6CD2-192C-ADCF-14A393F9AACE} - C:\WINDOWS\system32\cml.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [PowSet] Wscript.exe //e:VBS C:\Drivers\Setpow.nec
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copie 1)" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [CleanEasyImg] c:\apps\easydvd\cleanall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [PCDAS] C:\Program Files\Defenza\pcd-as.exe /10003
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [Orange Link] "C:\PROGRA~1\ORANGE~1\APPLIC~1\CommunicationAgent\CommunicationAgent.exe" -ICom_StartNoSplashScreen
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?fe509758b29143b29af7f86108ca18d2
O8 - Extra context menu item: Rechercher avec Voila - file://C:\Program Files\WANADOO_TOOLBAR\Cache\SelectedContextSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O17 - HKLM\System\CCS\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 81.253.149.9 80.10.246.132
O17 - HKLM\System\CS1\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 80.10.246.130 80.10.246.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{2B120829-5EA1-4E65-98AB-CDE085290FAE}: NameServer = 81.253.149.9 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe