Sujet Précédent Sujet Suivant

Infecter pc fc on internet et autre

Résolu/Fermé
jpr - 11 mars 2008 à 09:42
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 18 mars 2008 à 17:38
Bonjour,
infecter pc fc on internet et autre
il a t'il un antimachin miracle
merci
A voir également:

20 réponses

Réponse 1 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
11 mars 2008 à 09:44
salut,

Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

@+
0
jpr
11 mars 2008 à 10:11
Search Navipromo version 3.5.0 commencé le 11/03/2008 à 10:06:17,34

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***


WebMediaPlayer


*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\WebMediaPlayer trouvé !


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\raffy\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\raffy\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\raffy\menudm~1\progra~1" ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

...\WebMediaPlayer trouvé !

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\Documents and Settings\raffy\Local Settings\Application Data\chcyosoe.dat
C:\Documents and Settings\raffy\Local Settings\Application Data\chcyosoe.exe
C:\Documents and Settings\raffy\Local Settings\Application Data\chcyosoe_nav.dat
C:\Documents and Settings\raffy\Local Settings\Application Data\chcyosoe_navps.dat



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\raffy\locals~1\applic~1" *

Fichiers suspects :

chcyosoe.exe trouvé !



*** Recherche fichiers ***


C:\DOCUME~1\ALLUSE~1\Bureau\WebMediaPlayer.lnk trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !
HKEY_CURRENT_USER\Software\mc trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\raffy\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !

4)Recherche fichiers connus :



*** Analyse terminée le 11/03/2008 à 10:11:25,48 ***
0
Réponse 2 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
11 mars 2008 à 10:27
re.

la suite :

Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.

Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaitre

PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau.

post le rapport stp

@+
0
jpr
11 mars 2008 à 10:51
Clean Navipromo version 3.5.0 commencé le 11/03/2008 à 10:40:09,57

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\Documents and Settings\raffy\Local Settings\Application Data\chcyosoe.dat réalisée avec succès !
Copie C:\Documents and Settings\raffy\Local Settings\Application Data\chcyosoe.exe réalisée avec succès !
Copie C:\Documents and Settings\raffy\Local Settings\Application Data\chcyosoe_nav.dat réalisée avec succès !
Copie C:\Documents and Settings\raffy\Local Settings\Application Data\chcyosoe_navps.dat réalisée avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\Documents and Settings\raffy\Local Settings\Application Data\chcyosoe.dat supprimé !
C:\Documents and Settings\raffy\Local Settings\Application Data\chcyosoe.exe supprimé !
C:\Documents and Settings\raffy\Local Settings\Application Data\chcyosoe_nav.dat supprimé !
C:\Documents and Settings\raffy\Local Settings\Application Data\chcyosoe_navps.dat supprimé !

** 2ème passage avec résultats Catchme **

* Dans C:\WINDOWS\system32 *


C:\WINDOWS\prefetch\chcyosoe*.pf trouvé !
Copie C:\WINDOWS\prefetch\chcyosoe*.pf réalisée avec succès !
C:\WINDOWS\prefetch\chcyosoe*.pf supprimé !

* Dans "C:\Documents and Settings\raffy\locals~1\applic~1" *


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *


* Suppression dans "C:\Documents and Settings\raffy\locals~1\applic~1" *



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***

C:\Program Files\WebMediaPlayer ...suppression...
C:\Program Files\WebMediaPlayer supprimé !


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


*** Suppression dossiers dans "C:\Documents and Settings\raffy\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\raffy\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\raffy\menudm~1\progra~1" ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

...\WebMediaPlayer ...suppression...
...\WebMediaPlayer supprimé !



*** Suppression fichiers ***

C:\DOCUME~1\ALLUSE~1\Bureau\WebMediaPlayer.lnk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\raffy\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans C:\WINDOWS\system32 *


* Dans "C:\Documents and Settings\raffy\locals~1\applic~1" *


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !

*** Nettoyage terminé le 11/03/2008 à 10:48:04,09 ***
0
Réponse 3 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
11 mars 2008 à 10:58
ok cool

post un rapport hijack this maintenant :

Télécharge HijackThis ici :

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Post le rapport généré ici stp...

@+
0
jpr
11 mars 2008 à 11:07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:27, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.seamonkey-project.org/start/"); (C:\Documents and Settings\RAFFY\Application Data\Mozilla\Profiles\default\sd14a9gr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgooglefr.src"); (C:\Documents and Settings\RAFFY\Application Data\Mozilla\Profiles\default\sd14a9gr.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{603965FF-AB60-4AAA-9679-FACE749233DC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{653410B6-6DAA-4E99-9F70-6F2147E07F58}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{71246F53-C44B-4507-B4A5-6242E9B67460}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9018E56F-5B21-49D0-B93F-88F2B552876D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B218E40E-6D6B-4C72-A86E-7C1685EA69D5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 4 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
11 mars 2008 à 11:14
Re,

a l´aide de hijack this coche et fix les lignes suivantes :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

comment fixer :


Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

puis

Télécharge FixWareout d'un de ces deux sites sur le bureau:

http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

-> Lance le fix : clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis click sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

-> Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.

@+
0
jpr
11 mars 2008 à 11:29
Username "raffy" - 11/03/2008 11:20:45 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Cache de résolution DNS vidé.


System was rebooted successfully.

~~~~~ Postrun check
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.0\\Apps\\apdproxy.exe\""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Vade Retro Outlook Express"="\"C:\\PROGRA~1\\GOTOSO~1\\VADERE~1\\Vaderetro_oe.exe\""
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"ZoneAlarm Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_03\\bin\\jusched.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:34, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.seamonkey-project.org/start/"); (C:\Documents and Settings\RAFFY\Application Data\Mozilla\Profiles\default\sd14a9gr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgooglefr.src"); (C:\Documents and Settings\RAFFY\Application Data\Mozilla\Profiles\default\sd14a9gr.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{603965FF-AB60-4AAA-9679-FACE749233DC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{653410B6-6DAA-4E99-9F70-6F2147E07F58}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{71246F53-C44B-4507-B4A5-6242E9B67460}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9018E56F-5B21-49D0-B93F-88F2B552876D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B218E40E-6D6B-4C72-A86E-7C1685EA69D5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
11 mars 2008 à 22:28
Bonsoir,

a l´aide de hijack this coche et fix les lignes ci dessous :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
et toutes les lignes commencant par 017

en suite

click sur demarrer > executer > tape regedit et valide par ok

click sur edition dans le haut de la fenetre du registre et rechercher : tape EoRezo recherches et supprimes tout ce qui s´y rapporte

puis

regarde ce tutorial pour mettre ta console java a jour :

https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

regarde ceci concernant avast :

et

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

@+
0
jpr
11 mars 2008 à 23:50
11.03.2008 23:07:26 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
11.03.2008 23:07:26 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
11.03.2008 23:07:26 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\
11.03.2008 23:07:27 - Start the Update GUI... Displaymode: 0

11.03.2008 23:07:26 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
11.03.2008 23:07:26 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
11.03.2008 23:07:26 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\
11.03.2008 23:07:27 - Start the Update GUI... Displaymode: 0

11.03.2008 23:07:28 - Keyfile: OK [FULL Mode]

11.03.2008 23:07:28 - Avira AntiVir PersonalEdition Classic

11.03.2008 23:07:39 - Master IDX file has changed
11.03.2008 23:07:43 - Keyfile: OK [FULL Mode]

11.03.2008 23:07:43 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/classic-nt-en.info.gz
11.03.2008 23:07:44 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - File basic-nt/avadmin.exe's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - File basic-nt/wsctool.exe's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:07:44 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/vdf.info.gz
11.03.2008 23:07:51 - Keyfile: OK [FULL Mode]

11.03.2008 23:07:51 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/specvir-nt.info.gz
11.03.2008 23:07:52 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/engine.info.gz
11.03.2008 23:07:53 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/engine-nt-en.info.gz
11.03.2008 23:07:54 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
11.03.2008 23:07:54 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll 1.2.10.20 < 1.2.10.21
11.03.2008 23:07:54 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 75
11.03.2008 23:07:54 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe 7.2.0.12 < 7.2.0.14
11.03.2008 23:07:55 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe 7.2.0.13 < 7.2.0.16
11.03.2008 23:07:55 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe 7.0.0.81 < 7.0.0.82
11.03.2008 23:07:55 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\ccguard.dll 7.0.1.34 < 7.0.1.35
11.03.2008 23:07:55 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\preupd.exe 7.0.0.34 < 7.0.0.36
11.03.2008 23:07:56 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\ Files: 1
11.03.2008 23:07:56 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
11.03.2008 23:07:56 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
11.03.2008 23:07:57 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf 7.0.0.0 < 7.0.3.2
11.03.2008 23:07:57 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf 7.0.0.1 < 7.0.3.3
11.03.2008 23:07:57 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.0.2 < 7.0.3.17
11.03.2008 23:07:57 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
11.03.2008 23:07:57 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
11.03.2008 23:07:57 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avewin32.dll 7.6.0.15 < 7.6.0.73
11.03.2008 23:07:57 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
11.03.2008 23:07:57 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avpack32.dll 7.3.0.15 < 7.6.0.3
11.03.2008 23:07:57 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4
11.03.2008 23:07:57 - C:\WINDOWS\SYSTEM32\drivers\avipbb.sys 1.0.2.11 < 1.0.2.13
11.03.2008 23:07:57 - Minifilter is installed

11.03.2008 23:07:57 - Minifilter is possible

11.03.2008 23:07:57 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType

11.03.2008 23:07:57 - Initialize avnotify.exe

11.03.2008 23:07:57 - Starting avnotify.exe successful

11.03.2008 23:07:57 - Preparing to download files
11.03.2008 23:07:57 - 13 files need to be downloaded / copied from http://dl4.avgate.net/upd/
11.03.2008 23:07:57 - #1: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/updlib.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt/updlib.dll
11.03.2008 23:08:04 - #2: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avcenter.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt/avcenter.exe
11.03.2008 23:08:07 - #3: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avgnt.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt/avgnt.exe
11.03.2008 23:08:08 - #4: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avguard.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt/avguard.exe
11.03.2008 23:08:09 - #5: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/ccguard.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt/ccguard.dll
11.03.2008 23:08:11 - #6: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/preupd.exe.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt/preupd.exe
11.03.2008 23:08:11 - #7: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/addr_file.html.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt/addr_file.html
11.03.2008 23:08:12 - #8: Downloading and extracting http://dl4.avgate.net/upd/vdf/antivir1.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\vdf\antivir1.vdf
11.03.2008 23:08:56 - #9: Downloading and extracting http://dl4.avgate.net/upd/vdf/antivir2.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\vdf\antivir2.vdf
11.03.2008 23:09:02 - #10: Downloading and extracting http://dl4.avgate.net/upd/vdf/antivir3.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\vdf\antivir3.vdf
11.03.2008 23:09:03 - #11: Downloading and extracting http://dl4.avgate.net/upd/engine/avewin32.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\engine\avewin32.dll
11.03.2008 23:09:14 - #12: Downloading and extracting http://dl4.avgate.net/upd/engine/nt/avpack32.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\engine\nt\avpack32.dll
11.03.2008 23:09:16 - #13: Downloading and extracting http://dl4.avgate.net/upd/winwks/en/basic-nt/avipbb.sys.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt/avipbb.sys
11.03.2008 23:09:23 - Service AVEService is not installed

11.03.2008 23:09:23 - Service AntiVirMailService is not installed

11.03.2008 23:09:23 - Initialize fwinst.exe

11.03.2008 23:09:23 - Initialize fwinst.exe

11.03.2008 23:09:23 - Service AntiVirFirewallService is not installed

11.03.2008 23:09:23 - Service antivirwebservice is not installed

11.03.2008 23:09:23 - Status of service AntiVirService is running

11.03.2008 23:09:23 - Initialize avgnt.exe

11.03.2008 23:09:23 - Status of service AntiVirScheduler is running

11.03.2008 23:09:23 - Minifilter is installed

11.03.2008 23:09:23 - Minifilter is possible

11.03.2008 23:09:23 - Initialize avscan.exe

11.03.2008 23:09:23 - Initialize avconfig.cpl

11.03.2008 23:09:23 - Initialize avcenter.exe

11.03.2008 23:09:23 - shell extension is installed

11.03.2008 23:09:23 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

11.03.2008 23:09:23 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

11.03.2008 23:09:23 - Service AVEService is not installed

11.03.2008 23:09:23 - Service AntiVirMailService is not installed

11.03.2008 23:09:23 - Initialize fwinst.exe

11.03.2008 23:09:23 - Initialize fwinst.exe

11.03.2008 23:09:23 - Service AntiVirFirewallService is not installed

11.03.2008 23:09:23 - shell extension is installed

11.03.2008 23:09:23 - Initialize regsvr32.exe

11.03.2008 23:09:26 - shell extension removed successfully

11.03.2008 23:09:26 - avgnt.exe closed.

11.03.2008 23:09:26 - Status of service AntiVirScheduler is running

11.03.2008 23:09:26 - Service AntiVirScheduler successfully stopped

11.03.2008 23:09:26 - Status of service AntiVirService is running

11.03.2008 23:09:28 - Service AntiVirService successfully stopped

11.03.2008 23:09:28 - Starting to install
11.03.2008 23:09:28 - Processing module SELFUPDATE Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
11.03.2008 23:09:29 - Current Direcory:C:\Program Files\Avira\AntiVir PersonalEdition Classic, About to execute C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\SelfUpdateTemp\update.exe --log-template="${DAY}.${MONTH}.${YEAR} ${HOUR}:${MINUTE}:${SECOND} - ${MSG}".Self Update helper
11.03.2008 23:09:31 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
11.03.2008 23:09:31 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
11.03.2008 23:09:31 - Temp Directory: C:\WINDOWS\TEMP\Update_Temp\
11.03.2008 23:09:31 - Avira AntiVir PersonalEdition Classic

11.03.2008 23:09:31 - Self update: Copying file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt/updlib.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
11.03.2008 23:09:31 - Executing original update application
11.03.2008 23:09:31 - Current Direcory:C:\Program Files\Avira\AntiVir PersonalEdition Classic, About to execute C:\Program Files\Avira\AntiVir PersonalEdition Classic\update.exe --config-file="C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\update.conf" --install-path="C:\Program Files\Avira\AntiVir PersonalEdition Classic" --log-template="${DAY}.${MONTH}.${YEAR} ${HOUR}:${MINUTE}:${SECOND} - ${MSG}" --NoSelfUpdate "--TmpDir=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e" "--LogFile=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES\Upd-2008-03-11-23-07-26.log" "--TmpFilesList=C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\ToRemove.txt".Executing original update application
11.03.2008 23:09:32 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
11.03.2008 23:09:32 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\
11.03.2008 23:09:32 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\
11.03.2008 23:09:32 - Start the Update GUI... Displaymode: 0

11.03.2008 23:09:32 - Avira AntiVir PersonalEdition Classic

11.03.2008 23:09:33 - Master IDX file has changed
11.03.2008 23:09:33 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - File basic-nt/avadmin.exe's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - File basic-nt/wsctool.exe's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
11.03.2008 23:09:33 - Downloading the product.info file from http://dl3.avgate.net/upd/idx/vdf.info.gz
11.03.2008 23:09:33 - Downloading the product.info file from http://dl3.avgate.net/upd/idx/specvir-nt.info.gz
11.03.2008 23:09:33 - Downloading the product.info file from http://dl3.avgate.net/upd/idx/engine.info.gz
11.03.2008 23:09:33 - Downloading the product.info file from http://dl3.avgate.net/upd/idx/engine-nt-en.info.gz
11.03.2008 23:09:33 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
11.03.2008 23:09:33 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 75
11.03.2008 23:09:34 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\ Files: 1
11.03.2008 23:09:34 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
11.03.2008 23:09:35 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
11.03.2008 23:09:35 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
11.03.2008 23:09:35 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
11.03.2008 23:09:35 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
11.03.2008 23:09:35 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4
11.03.2008 23:09:35 - Minifilter is installed

11.03.2008 23:09:35 - Minifilter is possible

11.03.2008 23:09:35 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType

11.03.2008 23:09:35 - Preparing to download files
11.03.2008 23:09:35 - 12 files need to be downloaded / copied from http://dl3.avgate.net/upd/
11.03.2008 23:09:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt\avcenter.exe.gz already exists in temporary folder and it will not be downloaded again
11.03.2008 23:09:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt\avgnt.exe.gz already exists in temporary folder and it will not be downloaded again
11.03.2008 23:09:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt\avguard.exe.gz already exists in temporary folder and it will not be downloaded again
11.03.2008 23:09:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt\ccguard.dll.gz already exists in temporary folder and it will not be downloaded again
11.03.2008 23:09:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt\preupd.exe.gz already exists in temporary folder and it will not be downloaded again
11.03.2008 23:09:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt\addr_file.html.gz already exists in temporary folder and it will not be downloaded again
11.03.2008 23:09:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\vdf\antivir1.vdf.gz already exists in temporary folder and it will not be downloaded again
11.03.2008 23:09:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\vdf\antivir2.vdf.gz already exists in temporary folder and it will not be downloaded again
11.03.2008 23:09:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\vdf\antivir3.vdf.gz already exists in temporary folder and it will not be downloaded again
11.03.2008 23:09:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\engine\avewin32.dll.gz already exists in temporary folder and it will not be downloaded again
11.03.2008 23:09:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\engine\nt\avpack32.dll.gz already exists in temporary folder and it will not be downloaded again
11.03.2008 23:09:35 - File C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\basic-nt\avipbb.sys.gz already exists in temporary folder and it will not be downloaded again
11.03.2008 23:09:35 - Starting to install
11.03.2008 23:09:35 - Processing module MAIN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
11.03.2008 23:09:36 - File C:\Documents and Settings\All Users\Application Data\addr_file.html will not be backed up because it doesn't exist
11.03.2008 23:09:36 - Processing module COMMAPPDATA Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\
11.03.2008 23:09:36 - Processing module VDF Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
11.03.2008 23:09:36 - Processing module ENGINE Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
11.03.2008 23:09:37 - Processing module ENGINE_NT_EN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
11.03.2008 23:09:37 - Processing module DRV Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47d7029e\winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\
11.03.2008 23:09:37 - A total of 12 files were updated
11.03.2008 23:09:37 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress

11.03.2008 23:09:37 - Service AVEService is not installed

11.03.2008 23:09:37 - Service AntiVirMailService is not installed

11.03.2008 23:09:37 - Initialize fwinst.exe

11.03.2008 23:09:37 - Initialize fwinst.exe

11.03.2008 23:09:37 - Service AntiVirFirewallService is not installed

11.03.2008 23:09:37 - Service antivirwebservice is not installed

11.03.2008 23:09:37 - Status of service AntiVirService is stopped

11.03.2008 23:09:37 - Initialize avgnt.exe

11.03.2008 23:09:37 - Status of service AntiVirScheduler is stopped

11.03.2008 23:09:37 - Minifilter is installed

11.03.2008 23:09:37 - Minifilter is possible

11.03.2008 23:09:37 - Initialize avscan.exe

11.03.2008 23:09:37 - Initialize avconfig.cpl

11.03.2008 23:09:37 - Initialize avcenter.exe

11.03.2008 23:09:38 - shell extension is installed

11.03.2008 23:09:38 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

11.03.2008 23:09:38 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | RootkitsInstalled

11.03.2008 23:09:44 - Service AntiVirService successfully started

11.03.2008 23:09:45 - Starting avgnt.exe successful

11.03.2008 23:09:47 - Service AntiVirScheduler successfully started

11.03.2008 23:09:47 - shell extension is installed

11.03.2008 23:09:47 - Initialize regsvr32.exe

11.03.2008 23:09:47 - installation of shell extension successful

11.03.2008 23:09:47 - Cannot start the service antivirwebservice

11.03.2008 23:09:47 - Dialup: 0

11.03.2008 23:09:47 - Downloaded bytes: 7711924

11.03.2008 23:09:47 - Downloaded file(s): 13

11.03.2008 23:09:47 - Downloaded file(s): updlib.dll; avcenter.exe; avgnt.exe; avguard.exe; ccguard.dll; preupd.exe; addr_file.html; antivir1.vdf; antivir2.vdf; antivir3.vdf; avewin32.dll; avpack32.dll; avipbb.sys

11.03.2008 23:09:47 - Engine version local : 7.6.0.15

11.03.2008 23:09:47 - Engine version internet: 7.6.0.73

11.03.2008 23:09:47 - 0. VDF version local : 6.40.0.0

11.03.2008 23:09:47 - 0. VDF version internet: 6.40.0.0

11.03.2008 23:09:47 - 1. VDF version local : 7.0.0.0

11.03.2008 23:09:47 - 1. VDF version internet: 7.0.3.2

11.03.2008 23:09:47 - 2. VDF version local : 7.0.0.1

11.03.2008 23:09:47 - 2. VDF version internet: 7.0.3.3

11.03.2008 23:09:47 - 3. VDF version local : 7.0.0.2

11.03.2008 23:09:47 - 3. VDF version internet: 7.0.3.17

11.03.2008 23:09:47 - Required time: 00:14

11.03.2008 23:09:47 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate

11.03.2008 23:09:48 - Update finished successfully
0
Réponse 6 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
12 mars 2008 à 00:19
jpr, tu as resuusi a l´installer correctement ?
0
jpr
13 mars 2008 à 18:51
nouveau rapport
je pense que j'avais installer antivirus

AntiVir PersonalEdition Classic
Report file date: mardi 11 mars 2008 23:24

Scanning for 1142609 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: RAFFY-BFA3E9385

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 22:09:36
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 22:09:36
ANTIVIR3.VDF : 7.0.3.17 79360 Bytes 11/03/2008 22:09:36
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 11/03/2008 22:09:37
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/03/2008 22:09:37
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: mardi 11 mars 2008 23:24

Starting search for hidden objects.
'47552' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'OSA.EXE' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'Vaderetro_oe.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'SAgent2.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '38' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\raffy\.jpi_cache\jar\1.0\crtdcghcn.jar-2f7358b-2bd693a8.zip
[0] Archive type: ZIP
--> BaaaaBaa.class
[DETECTION] Contains detection pattern of the exploits EXP/Java.Gimsh.A.20
[INFO] The file was moved to '484b08df.qua'!
C:\Documents and Settings\raffy\.jpi_cache\jar\1.0\OP.jar-17c21238-148f82fb.zip
[0] Archive type: ZIP
--> OP.class
[DETECTION] Is the Trojan horse TR/Java.Downloader.Gen
[INFO] The file was deleted!


End of the scan: mardi 11 mars 2008 23:59
Used time: 35:39 min

The scan has been canceled!

1412 Scanning directories
60495 Files were scanned
1 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
1 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
60494 Files not concerned
576 Archives were scanned
1 Warnings
0 Notes
47552 Objects were scanned with rootkit scan
0 Hidden objects were found
0
Réponse 7 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
13 mars 2008 à 19:45
salut jpr,

post un nouveaux hijack this stp

@+
0
jpr
13 mars 2008 à 19:56
plus de problémes apparent!! de puis hier

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:37, on 13/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.seamonkey-project.org/start/"); (C:\Documents and Settings\RAFFY\Application Data\Mozilla\Profiles\default\sd14a9gr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgooglefr.src"); (C:\Documents and Settings\RAFFY\Application Data\Mozilla\Profiles\default\sd14a9gr.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{603965FF-AB60-4AAA-9679-FACE749233DC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{653410B6-6DAA-4E99-9F70-6F2147E07F58}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{71246F53-C44B-4507-B4A5-6242E9B67460}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9018E56F-5B21-49D0-B93F-88F2B552876D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B218E40E-6D6B-4C72-A86E-7C1685EA69D5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 8 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
13 mars 2008 à 21:16
re,

tu n´as pas mis java a jour !

de plus tu avais une infection qui provenait de java alors fais le !

regarde ce tutorial pour mettre ta console java a jour :

https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

puis

repasse fixwareout :

-> Lance le fix : clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis click sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

a l´aide de hijack this coche et fix les lignes suivantes :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{603965FF-AB60-4AAA-9679-FACE749233DC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{653410B6-6DAA-4E99-9F70-6F2147E07F58}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{71246F53-C44B-4507-B4A5-6242E9B67460}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9018E56F-5B21-49D0-B93F-88F2B552876D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B218E40E-6D6B-4C72-A86E-7C1685EA69D5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

post un nouveau hijack this stp

@+
0
Réponse 9 / 20
jpr
15 mars 2008 à 08:05
j'ai bien mis a jour java et supprimer les anciennes version mais le test me trouve toujours la version 1.4.2?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:02:31, on 15/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.seamonkey-project.org/start/"); (C:\Documents and Settings\RAFFY\Application Data\Mozilla\Profiles\default\sd14a9gr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgooglefr.src"); (C:\Documents and Settings\RAFFY\Application Data\Mozilla\Profiles\default\sd14a9gr.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{603965FF-AB60-4AAA-9679-FACE749233DC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{653410B6-6DAA-4E99-9F70-6F2147E07F58}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{71246F53-C44B-4507-B4A5-6242E9B67460}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9018E56F-5B21-49D0-B93F-88F2B552876D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B218E40E-6D6B-4C72-A86E-7C1685EA69D5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 10 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
15 mars 2008 à 20:19
jpr,

fais ceci :

clcick sur demarrer > executer > dans la boite de dialogue tape > cmd et valide

dans la fenetre noir tape ceci : ipconfig /flushdns et valide par entree

puis a l´aide de hijack this coche et fix les lignes suivantes :

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{603965FF-AB60-4AAA-9679-FACE749233DC}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{653410B6-6DAA-4E99-9F70-6F2147E07F58}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{71246F53-C44B-4507-B4A5-6242E9B67460}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{9018E56F-5B21-49D0-B93F-88F2B552876D}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{B218E40E-6D6B-4C72-A86E-7C1685EA69D5}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

repost un hijack this stp

@+
0
Réponse 11 / 20
jpr
16 mars 2008 à 09:35
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:34:28, on 16/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.seamonkey-project.org/start/"); (C:\Documents and Settings\RAFFY\Application Data\Mozilla\Profiles\default\sd14a9gr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgooglefr.src"); (C:\Documents and Settings\RAFFY\Application Data\Mozilla\Profiles\default\sd14a9gr.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_02) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 12 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
16 mars 2008 à 15:31
salut jpr,

fais ceci :

clcik sur demarrer > executer > tape regedit valide par ok
dans la fenetre du registre clcik sur edition et deploie et click sur rechercher puis copie et colle ceci dans la boite de recherche :

{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

puis supprime la cle/dossier une fois trouvée.

puis recommence un scan a l´aide d´antivir et post le rapport ici stp ainsi qu´un nouveau hijack this

@+
0
Réponse 13 / 20
jpr
16 mars 2008 à 21:12
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:06, on 16/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "https://www.seamonkey-project.org/start/"); (C:\Documents and Settings\RAFFY\Application Data\Mozilla\Profiles\default\sd14a9gr.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5Cmozilla.org%5CSeaMonkey%5Csearchplugins%5Cgooglefr.src"); (C:\Documents and Settings\RAFFY\Application Data\Mozilla\Profiles\default\sd14a9gr.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 14 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
16 mars 2008 à 23:06
ok tres bien ;-)

fais ceci :

Ccleaner:

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner

-> L´installer.

-> Une fois installé et lancé :

Dans la colonne de gauche, click sur :

->"erreurs" :

Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

->"nettoyeur"

quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php


-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

telecharge et instal regcleaner:

http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html

tutorial :

https://forums.cnetfrance.fr

http://www.softastuces.com/tuto/maint/regcleaner/

puis

un bonus :

anti spyware :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm

puis pour finir passe cet antispyware a titre de verification :

telecharge malwarebytes

-> http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/anti-malware-sujet_197382_1.htm

tu l´instales, le programme va se mettre a jour automatiquement.

une fois a jour le programme va se lancer, clcik sur l´onglet parametre, tu coche la case : Arreter internet explorer pendant la suppression.

click sur l´onglet recherche maintenant et coche la case : executer un examun complet.

puis click sur rechercher.

laisses le scanner le pc, a la fin un rapport va s´ouvrir copie et colle le ici stp

@+
0
Réponse 15 / 20
jpr
17 mars 2008 à 09:06
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 498

Type de recherche: Examen complet (C:\|)
Eléments examinés: 92949
Temps écoulé: 56 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


cela correct merci
0
Réponse 16 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
17 mars 2008 à 18:55
ok

jpr,

fais ceci :

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.

puis

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

@+
0
Réponse 17 / 20
jpr
17 mars 2008 à 20:36
-->- Recherche:

C:\FixWareOut: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Documents and Settings\raffy\Bureau\protection depannage\HijackThis.lnk: trouvé !
C:\Documents and Settings\raffy\Bureau\protection depannage\FixWareout.exe: trouvé !
C:\Documents and Settings\raffy\Bureau\protection depannage\Navilog1.lnk: trouvé !
C:\Documents and Settings\raffy\Bureau\protection depannage\HJTInstall.exe: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Mozilla Firefox\SmitFraudfix: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Documents and Settings\raffy\Bureau\protection depannage\HijackThis.lnk: supprimé !
C:\Documents and Settings\raffy\Bureau\protection depannage\FixWareout.exe: supprimé !
C:\Documents and Settings\raffy\Bureau\protection depannage\Navilog1.lnk: supprimé !
C:\Documents and Settings\raffy\Bureau\protection depannage\HJTInstall.exe: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\FixWareOut: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !
C:\Program Files\Mozilla Firefox\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
0
Réponse 18 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
17 mars 2008 à 21:50
Ok jpr,

Nos chemins se separent maintenant...

Bonne continuation`

bye`

g!rly`
0
Réponse 19 / 20
jpr
18 mars 2008 à 08:07
Merci pour tout
je suis le PC de Tony à distance car il a du mal a effectuer les travaux que tu lui demande
et sans l'ADSL dur dur de comminiqué avec sKype par exemple donc j'y vais de temps en temps
a+ avec Tony
0
Réponse 20 / 20
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
18 mars 2008 à 17:38
salut jpr,

mince alors...

@+
0

Discussions similaires

35 GO à l'étranger
Laurence -
Laurence -

2 réponses