TROJAN DOWNLOADER.XS

flocol9 -  
cedric241 Messages postés 3380 Statut Membre -
Bonjour,

Mon Pc est infecté par un Trojn Downloader.xs, et je ne sais pas comment faire pour m'en débarasser.
Avec Search Spybot and destroy, je n'ai pas réussit à le supprimer.
J'ai désinstaller windows messengrer aucas où cela aurais un rapport.

Je ne m'y connais pas bcp, et vous remercie pour votre aide

Des pages internet ne cessent de s'ouvrir toutes seules

Vous trouverez ci-dessous le scan par AD AWARE :

Scan Results
Ad-Aware 2007 Free Edition
Log File Created on:2008-04-0812:34:44
Using Definitions File:C:\ProgramData\Lavasoft\Ad-Aware 2007\core.aawdef
Computer name:PC-MAISON-PERSO
Name of user performing scan:SYSTEM
Name of user ordering scan:PC de Maison
Scan completed successfully

System Information
File Version Information
Ad-Aware 2007 Settings
Extended Ad-Aware 2007 Settings
Database Information
Scan Statistics
Scan Detailed Statistics
Infections Found
Listing of running processes
System Information
Number of processors:2
Processor type:Intel(R) Pentium(R) D CPU 3.00GHz
Memory Available:39%
Total Physical Memory:2145251328 Bytes
Available Physical Memory:823848960 Bytes
Total Page File Size:4519370752 Bytes
Available On Page File:2918240256 Bytes
Total Virtual Memory:2147352576 Bytes
Available Virtual Memory:1951137792 Bytes
OS:Microsoft Windows Vista 6.0 (Build 6000)
[to top]
File Verion Information
File Version
CEAPI.dll 7,0,2,6
aawservice.exe 7,0,2,7
Ad-Aware2007.exe 7.0.2.7
[to top]
Ad-Aware 2007 Settings
Skipping files larger than:1048576 Bytes
Ignoring infections with lower TAI than:3
Safe Mode:False
[to top]
Extended Ad-Aware 2007 Settings
Unload malicious processes and modules
Unload Modules
Let Windows remove files at Start-Up
Deactivate Ad-Watch
Re-analyze Scan Result
Delete Restored Items
Write Protect System Files
Create Log file
Include basic settings
Include advanced settings
Include user and computer name
Environment information
Running processes
Running processes and modules
Include info about ignored objects in log file
[to top]
Database Info
Version number:45
Build Number:0
Build Date and Time:2008/01/2109:30:02
[to top]
Scan Statistics
Method:Full

Items Scanned:239789
Infections Detected:12
Infections Removed:0
Infections Quarantined:0
Infections Ignored:0
[to top]
Scan Detailed Statistics
Type Critical Total
Process Scan 0 0
Registry Scan 0 0
Registry PE Scan 0 0
Hosts Scan 0 0
File Scan 0 0
Folder Scan 0 0
LSP Scan 0 0
ADS Scan 0 0
Cookie Scan 12 12
File Hash Scan 0 0
[to top]
Infections Found
Family Id Name Category TAI
725 Tracking Cookie DataMiner 3
[600000234] Browser: Internet Explorer Cookie: C:\Users\PC de Maison\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat tradedoubler.com TD_UNIQUE_IMP /
[600000173] Browser: Internet Explorer Cookie: C:\Users\PC de Maison\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat bluestreak.com id /
[600000460] Browser: Internet Explorer Cookie: C:\Users\PC de Maison\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ad.yieldmanager.com uid /
[600000460] Browser: Internet Explorer Cookie: C:\Users\PC de Maison\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat ad.yieldmanager.com fl_inst /
[600000212] Browser: Internet Explorer Cookie: C:\Users\PC de Maison\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat aoleusearch.122.2o7.net s_vi /
[600000001] Browser: Internet Explorer Cookie: C:\Users\PC de Maison\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat smartadserver.com TestIfCookieP /
[600000001] Browser: Internet Explorer Cookie: C:\Users\PC de Maison\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat smartadserver.com pbw /
[600000001] Browser: Internet Explorer Cookie: C:\Users\PC de Maison\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat smartadserver.com pid /
[600000001] Browser: Internet Explorer Cookie: C:\Users\PC de Maison\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat smartadserver.com pbwmaj /
[600000447] Browser: Internet Explorer Cookie: C:\Users\PC de Maison\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat apmebf.com S /
[600000447] Browser: Internet Explorer Cookie: C:\Users\PC de Maison\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat apmebf.com LCLK /
[600000212] Browser: Internet Explorer Cookie: C:\Users\PC de Maison\AppData\Roaming\Microsoft\Windows\Cookies\Low\\index.dat 2o7.net s_vi_kefx7Eeefhkxx /

Quarantined Objects
Family Id Name Category TAI

Removed Objects
Family Id Name Category TAI
[to top]
Listing of Running Processes
C:\WINDOWS\SYSTEM32\SMSS.EXE
c:\windows\system32\smss.exe
c:\windows\system32\ntdll.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sxs.dll
C:\WINDOWS\SYSTEM32\WININIT.EXE
c:\windows\system32\wininit.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\credssp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\schannel.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\psapi.dll
C:\WINDOWS\SYSTEM32\CSRSS.EXE
c:\windows\system32\csrss.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\csrsrv.dll
c:\windows\system32\basesrv.dll
c:\windows\system32\winsrv.dll
c:\windows\system32\user32.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sxs.dll
C:\WINDOWS\SYSTEM32\SERVICES.EXE
c:\windows\system32\services.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\scesrv.dll
c:\windows\system32\authz.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\credssp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\schannel.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
C:\WINDOWS\SYSTEM32\LSASS.EXE
c:\windows\system32\lsass.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\lsasrv.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\samsrv.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\samlib.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\feclient.dll
c:\windows\system32\mpr.dll
c:\windows\system32\userenv.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\slc.dll
c:\windows\system32\sysntfy.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\cngaudit.dll
c:\windows\system32\authz.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\credssp.dll
c:\windows\system32\msprivs.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\msv1_0.dll
c:\windows\system32\netlogon.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\schannel.dll
c:\windows\system32\wdigest.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\tspkg.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\scecli.dll
c:\windows\system32\keyiso.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\dssenh.dll
C:\WINDOWS\SYSTEM32\LSM.EXE
c:\windows\system32\lsm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sysntfy.dll
c:\windows\system32\wmsgapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\schannel.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\psapi.dll
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
c:\windows\system32\winlogon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\psapi.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\slc.dll
c:\windows\system32\mpr.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\umpnpmgr.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\credssp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\schannel.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\winsta.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\msi.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\rpcss.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\credssp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\schannel.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\msi.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\sfc.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\program files\windows defender\mpsvc.dll
c:\windows\system32\version.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\program files\windows defender\mpclient.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\samlib.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\programdata\microsoft\windows defender\definition updates\{4fe72ab2-08b0-4c33-ab63-d3e8d89f8aef}\mpengine.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\dbghelp.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\program files\windows defender\mprtplug.dll
c:\windows\system32\tdh.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\wevtsvc.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\version.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\credssp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\schannel.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\audiosrv.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\lmhsvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\audioses.dll
c:\windows\system32\audioeng.dll
c:\windows\system32\avrt.dll
c:\windows\system32\wscsvc.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wuapi.dll
c:\windows\system32\cabinet.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll
c:\windows\system32\rtkapo.dll
c:\windows\system32\wmalfxgfxdsp.dll
c:\windows\system32\mfplat.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\audiosrv.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\uxsms.dll
c:\windows\system32\tabsvc.dll
c:\windows\system32\hid.dll
c:\windows\system32\slc.dll
c:\windows\system32\wudfsvc.dll
c:\windows\system32\wudfplatform.dll
c:\windows\system32\version.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wlansvc.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wlanmsm.dll
c:\windows\system32\wlansec.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\authz.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\wlgpclnt.dll
c:\windows\system32\l2gpstore.dll
c:\windows\system32\wlanutil.dll
c:\windows\system32\sysntfy.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\netcfgx.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\emdmgmt.dll
c:\windows\system32\wdscore.dll
c:\windows\system32\slwga.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\hidserv.dll
c:\windows\system32\pcasvc.dll
c:\windows\system32\sysmain.dll
c:\windows\system32\trkwks.dll
c:\windows\system32\wpdbusenum.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\umb.dll
c:\windows\system32\atl.dll
c:\windows\system32\wdi.dll
c:\windows\system32\pcadm.dll
c:\windows\system32\netman.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\netshell.dll
c:\windows\system32\rasdlg.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\credui.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\upnp.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\sxs.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\radardt.dll
C:\PROGRAM FILES\COMMON FILES\LOGISHRD\LVMVFM\LVPRCSRV.EXE
c:\program files\common files\logishrd\lvmvfm\lvprcsrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\psapi.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\samlib.dll
c:\program files\common files\logishrd\lvmvfm\lvprcinj.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mmcss.dll
c:\windows\system32\avrt.dll
c:\windows\system32\gpsvc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\authz.dll
c:\windows\system32\sysntfy.dll
c:\windows\system32\winsta.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\profsvc.dll
c:\windows\system32\atl.dll
c:\windows\system32\shsvcs.dll
c:\windows\system32\sens.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\eapsvc.dll
c:\windows\system32\eapphost.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\iscsiexe.dll
c:\windows\system32\iscsium.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\iscsied.dll
c:\windows\system32\propsys.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\sxs.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll
c:\windows\system32\wiarpc.dll
c:\windows\system32\schedsvc.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wevtapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\taskcomp.dll
c:\windows\system32\version.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\tschannel.dll
c:\windows\system32\srvsvc.dll
c:\windows\system32\sscore.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\clusapi.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\credui.dll
c:\windows\system32\shell32.dll
c:\windows\system32\resutils.dll
c:\windows\system32\aelupsvc.dll
c:\windows\system32\ikeext.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\seclogon.dll
c:\windows\system32\wbem\wmisvc.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\iphlpsvc.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\sqmapi.dll
c:\windows\system32\cabinet.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\mpr.dll
c:\windows\system32\wbem\wbemcore.dll
c:\windows\system32\wbem\esscli.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\wmiutils.dll
c:\windows\system32\wbem\repdrvfs.dll
c:\windows\system32\wbem\wmiprvsd.dll
c:\windows\system32\ncobjapi.dll
c:\windows\system32\wbem\wbemess.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\wbem\ncprov.dll
c:\windows\system32\appinfo.dll
c:\windows\system32\rasmans.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\rastapi.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\rasppp.dll
c:\windows\system32\mprapi.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\kerberos.dll
c:\windows\system32\rasqec.dll
c:\windows\system32\qutil.dll
c:\windows\system32\raschap.dll
c:\windows\system32\rastls.dll
c:\windows\system32\cryptui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\winscard.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\qmgr.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\bitsperf.dll
c:\windows\system32\bitsigd.dll
c:\windows\system32\upnp.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\wuaueng.dll
c:\windows\system32\esent.dll
c:\windows\system32\winspool.drv
c:\windows\system32\mspatcha.dll
c:\windows\system32\wmsgapi.dll
c:\windows\system32\dssenh.dll
c:\windows\system32\msi.dll
c:\windows\system32\advpack.dll
c:\windows\system32\wbem\wbemcons.dll
C:\WINDOWS\SYSTEM32\SLSVC.EXE
c:\windows\system32\slsvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\slc.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\es.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\propsys.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\nsisvc.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\secur32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\schannel.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\sxs.dll
c:\windows\system32\webclnt.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\iertutil.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\wkssvc.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\fdrespub.dll
c:\windows\system32\wsdapi.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\version.dll
c:\windows\system32\fundisc.dll
c:\windows\system32\atl.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\ssdpsrv.dll
c:\windows\system32\w32time.dll
c:\windows\system32\cryptdll.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\netprofm.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\upnphost.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\fdphost.dll
c:\windows\system32\fdwsd.dll
c:\windows\system32\mlang.dll
c:\windows\system32\fdssdp.dll
c:\windows\system32\fdproxy.dll
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\samlib.dll
c:\windows\system32\ole32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dnsrslvr.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wship6.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\cryptsvc.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\vssapi.dll
c:\windows\system32\atl.dll
c:\windows\system32\vsstrace.dll
c:\windows\system32\authz.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\mpr.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\es.dll
c:\windows\system32\propsys.dll
c:\windows\system32\nlasvc.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\ncsi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\bcrypt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\ssdpapi.dll
c:\windows\system32\termsrv.dll
c:\windows\system32\icaapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\shell32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\tapisrv.dll
c:\windows\system32\activeds.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\credui.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\unimdm.tsp
c:\windows\system32\uniplat.dll
c:\windows\system32\kmddsp.tsp
c:\windows\system32\ndptsp.tsp
c:\windows\system32\hidphone.tsp
c:\windows\system32\hid.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\esent.dll
c:\windows\system32\msdtckrm.dll
c:\windows\system32\version.dll
c:\windows\system32\ktmw32.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\sensapi.dll
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
c:\program files\lavasoft\ad-aware 2007\aawservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\lavasoft\ad-aware 2007\ceapi.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\program files\lavasoft\ad-aware 2007\pkarchive85u.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\rsaenh.dll
c:\program files\lavasoft\ad-aware 2007\lavalicense.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6000.16386_none_87e0cb09378714f1\comctl32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\inetmib1.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\wls0wndh.dll
C:\WINDOWS\SYSTEM32\DWM.EXE
c:\windows\system32\dwm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\dwmredir.dll
c:\windows\system32\slwga.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\slc.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\samlib.dll
c:\windows\system32\milcore.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\version.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\nvd3dum.dll
c:\windows\system32\udwm.dll
c:\windows\system32\windowscodecs.dll
c:\users\pcdema~1\appdata\local\temp\rqribxwv.dll
c:\windows\system32\secur32.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\shell32.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
c:\program files\alwil software\avast4\aswupdsv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\alwil software\avast4\aswcmns.dll
c:\program files\alwil software\avast4\aswcmnos.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcp71.dll
c:\windows\system32\msvcr71.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\program files\alwil software\avast4\aswcmnb.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
c:\program files\alwil software\avast4\ashserv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\program files\alwil software\avast4\aswaux.dll
c:\windows\system32\msvcp71.dll
c:\windows\system32\msvcr71.dll
c:\program files\alwil software\avast4\aswcmnb.dll
c:\program files\alwil software\avast4\aswcmnos.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\nsi.dll
c:\program files\alwil software\avast4\aswengin.dll
c:\program files\alwil software\avast4\aswscan.dll
c:\program files\alwil software\avast4\aswcmns.dll
c:\program files\alwil software\avast4\ashbase.dll
c:\windows\system32\version.dll
c:\program files\alwil software\avast4\ashtask.dll
c:\program files\alwil software\avast4\aswinteg.dll
c:\program files\alwil software\avast4\aswidle.dll
c:\program files\alwil software\avast4\aavm4h.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\dbghelp.dll
c:\program files\alwil software\avast4\french\base.dll
c:\windows\system32\fltlib.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\psapi.dll
c:\program files\alwil software\avast4\ahresmai.dll
c:\program files\alwil software\avast4\ahresmes.dll
c:\program files\alwil software\avast4\ahresns.dll
c:\program files\alwil software\avast4\ahresout.dll
c:\program files\alwil software\avast4\ahresp2p.dll
c:\program files\alwil software\avast4\ahresstd.dll
c:\program files\alwil software\avast4\ahresws.dll
c:\program files\alwil software\avast4\ashssqlt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\wls0wndh.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\secur32.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\samlib.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\perfos.dll
c:\program files\alwil software\avast4\aswres.dll
C:\WINDOWS\EXPLORER.EXE
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\shdocvw.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\dwmapi.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6000.16386_none_9ea0ac9ec96e7127\gdiplus.dll
c:\windows\system32\slc.dll
c:\windows\system32\propsys.dll
c:\windows\system32\browseui.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\duser.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\windowscodecs.dll
c:\windows\system32\iconcodecservice.dll
c:\program files\common files\logishrd\lvmvfm\lvprcinj.dll
c:\windows\system32\secur32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\timedate.cpl
c:\windows\system32\atl.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\actxprxy.dll
c:\windows\system32\userenv.dll
c:\windows\system32\msutb.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\shacct.dll
c:\windows\system32\samlib.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msshsq.dll
c:\windows\system32\naturallanguage6.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\authui.dll
c:\windows\system32\msimg32.dll
c:\windows\system32\linkinfo.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\msiltcfg.dll
c:\windows\system32\version.dll
c:\windows\system32\msi.dll
c:\windows\system32\urlmon.dll
c:\windows\system32\netshell.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\mlang.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\winmm.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\audioses.dll
c:\windows\system32\audioeng.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\cscapi.dll
c:\windows\system32\explorerframe.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\stobject.dll
c:\windows\system32\batmeter.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\sxs.dll
c:\windows\system32\es.dll
c:\windows\system32\sndvolsso.dll
c:\windows\system32\oobefldr.dll
c:\users\pcdema~1\appdata\local\temp\mljbtjij.dll
c:\windows\ehome\ehsso.dll
c:\windows\system32\hid.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\pnidui.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\wlanutil.dll
c:\users\pcdema~1\appdata\local\temp\rqribxwv.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\npmproxy.dll
c:\progra~1\spybot~1\sdhelper.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\wer.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\faultrep.dll
c:\windows\system32\olepro32.dll
c:\windows\system32\jsproxy.dll
c:\windows\system32\wlanapi.dll
c:\windows\system32\onex.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\eappcfg.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\alttab.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\srchadmin.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\synccenter.dll
c:\windows\system32\mssprxy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\imapi2.dll
c:\windows\system32\wscntfy.dll
c:\windows\system32\wscapi.dll
c:\windows\system32\qagent.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\system32\wbem\wbemprox.dll
c:\windows\system32\wbem\wbemcomn.dll
c:\windows\system32\wbem\wbemsvc.dll
c:\windows\system32\wbem\fastprox.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\mscms.dll
c:\windows\system32\winspool.drv
c:\windows\system32\winsatapi.dll
c:\windows\system32\bthprops.cpl
c:\windows\system32\cabinet.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\cryptnet.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\rasapi32.dll
c:\windows\system32\rasman.dll
c:\windows\system32\tapi32.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\nlsdata000c.dll
c:\windows\system32\nlslexicons000c.dll
c:\windows\system32\fundisc.dll
c:\windows\system32\fdproxy.dll
c:\windows\system32\mpr.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\mscoree.dll
c:\windows\microsoft.net\framework\v2.0.50727\mscorie.dll
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\msvcr80.dll
c:\users\pcdema~1\appdata\local\temp\chachqtg.dll
c:\windows\system32\syncui.dll
c:\windows\system32\synceng.dll
c:\program files\alwil software\avast4\ashshell.dll
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
c:\windows\system32\spoolsv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\slc.dll
c:\windows\system32\secur32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\schannel.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\spoolss.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\rasadhlp.dll
c:\windows\system32\ole32.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\localspl.dll
c:\windows\system32\version.dll
c:\windows\system32\sfc.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\shell32.dll
c:\windows\system32\setupapi.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\winspool.drv
c:\windows\system32\ep0slm00.dll
c:\windows\system32\mdimon.dll
c:\windows\system32\msi.dll
c:\windows\system32\tcpmon.dll
c:\windows\system32\snmpapi.dll
c:\windows\system32\wsnmp32.dll
c:\windows\system32\msxml6.dll
c:\windows\system32\tcpmib.dll
c:\windows\system32\mgmtapi.dll
c:\windows\system32\usbmon.dll
c:\windows\system32\wls0wndh.dll
c:\windows\system32\wsdmon.dll
c:\windows\system32\wsdapi.dll
c:\windows\system32\httpapi.dll
c:\windows\system32\winhttp.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\fundisc.dll
c:\windows\system32\atl.dll
c:\windows\system32\msxml3.dll
c:\windows\system32\spool\prtprocs\w32x86\ep0npp01.dll
c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\samlib.dll
c:\windows\system32\win32spl.dll
c:\windows\system32\netrap.dll
c:\windows\system32\printcom.dll
c:\windows\system32\sensapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\inetpp.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\winrnr.dll
c:\windows\system32\napinsp.dll
c:\windows\system32\pnrpnsp.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\winsta.dll
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bfe.dll
c:\windows\system32\authz.dll
c:\windows\system32\secur32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\mpssvc.dll
c:\windows\system32\firewallapi.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\version.dll
c:\windows\system32\nlaapi.dll
c:\windows\system32\iphlpapi.dll
c:\windows\system32\dhcpcsvc.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winnsi.dll
c:\windows\system32\dhcpcsvc6.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\fwpuclnt.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\credssp.dll
c:\windows\system32\schannel.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\psapi.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\slc.dll
c:\windows\system32\wfapigp.dll
c:\windows\system32\dps.dll
c:\windows\system32\wdi.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\taskschd.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\system32\wship6.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\npmproxy.dll
c:\windows\system32\diagperf.dll
c:\windows\system32\shell32.dll
c:\windows\system32\pnpts.dll
C:\WINDOWS\SYSTEM32\TASKENG.EXE
c:\windows\system32\taskeng.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\ole32.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\secur32.dll
c:\windows\system32\xmllite.dll
c:\windows\system32\mpr.dll
c:\windows\system32\imm32.dll
c:\windows\system32\msctf.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll
c:\windows\system32\rsaenh.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\tschannel.dll
c:\windows\system32\uxtheme.dll
c:\windows\system32\hotstartuseragent.dll
c:\windows\system32\slc.dll
c:\windows\system32\playsndsrv.dll
c:\windows\system32\winmm.dll
c:\windows\system32\oleacc.dll
c:\windows\system32\wdmaud.drv
c:\windows\system32\ksuser.dll
c:\windows\system32\avrt.dll
c:\windows\system32\mmdevapi.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\wintrust.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\msasn1.dll
c:\windows\system32\userenv.dll
c:\windows\system32\imagehlp.dll
c:\windows\system32\audioses.dll
c:\windows\system32\audioeng.dll
c:\windows\system32\psapi.dll
c:\windows\system32\msacm32.drv
c:\windows\system32\msacm32.dll
c:\windows\system32\midimap.dll
c:\windows\system32\dimsjob.dll
c:\windows\system32\ncrypt.dll
c:\windows\system32\gpapi.dll
c:\windows\system32\pautoenr.dll
c:\windows\system32\netapi32.dll
c:\windows\system32\wldap32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\certcli.dll
c:\windows\system32\atl.dll
c:\windows\system32\wininet.dll
c:\windows\system32\normaliz.dll
c:\windows\system32\iertutil.dll
c:\windows\system32\certenroll.dll
c:\windows\system32\ntdsapi.dll
c:\windows\system32\dnsapi.dll
c:\windows\system32\winscard.dll
c:\windows\system32\wtsapi32.dll
c:\windows\system32\winsta.dll
c:\windows\system32\msctfmonitor.dll
c:\windows\system32\msutb.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\tmm.dll
c:\windows\system32\powrprof.dll
c:\windows\system32\d3d9.dll
c:\windows\system32\version.dll
c:\windows\system32\d3d8thk.dll
c:\windows\system32\qagent.dll
c:\windows\system32\qutil.dll
c:\windows\system32\wevtapi.dll
c:\windows\system32\fwpuclnt.dll
c:\users\pcdema~1\appdata\local\temp\rqribxwv.dll
c:\windows\system32\shfolder.dll
c:\windows\system32\urlmon.dll
c:\users\pcdema~1\appdata\local\temp\chachqtg.dll
c:\windows\system32\apphelp.dll
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
c:\progra~1\common~1\aol\acs\aolacsd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\progra~1\common~1\aol\acs\aolacsd.dll
c:\windows\system32\winmm.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\r

27 réponses

  • 1
  • 2
Résumé de la discussion

Une infection par le Trojan Downloader.xs est signalée, avec des pages qui s’ouvrent d’elles‑mêmes et l’impossibilité apparente de le supprimer via Spybot Search & Destroy, malgré un scan Ad-Aware 2007 Free Edition complet.
Les résultats du scan Ad-Aware 2007 Free Edition indiquent douze infections détectées et aucune retirée, avec des cookies et des éléments publicitaires listés dans les objets infectés.
Le rapport détaille les processus en cours et les chemins des fichiers impliqués, ainsi que la présence d’AVAST et d’autres éléments antivirus mentionnés lors de l’analyse.
D’autres objets signalés concernent des cookies et des éléments publicitaires issus de domaines variés, ce qui peut orienter vers des modules tiers et des paramètres de navigateur affectés.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    on ferme ce post car en double
    0
  2. cedric241 Messages postés 3380 Statut Membre 119
     
    salut fais ça :

    Fais un scan avec cet antispyware :

    Telecharge malwarebytes + tutoriel :

    -> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok cedric241, fais dans ce post mais verfie qu'il ne reponde pas dans les autres car il en a fait trois:

    ici:

    http://www.commentcamarche.net/forum/affich 5829486 trojan downloader xs

    et

    ici

    http://www.commentcamarche.net/forum/affich 5829479 trojan downloader xs

    bonne suite!
    0
    1. flocol9
       
      merci j'avais pas vu
      le problème est que lorque je clique sur problème resolu pour les 2autres ,ca ne le modifie pas. Ca indique un message d'erreur

      Je suis en train de faire le scan malwarebytes, dès que c'est fini je le copie colle
      merci pour votre aide a tous les 2
      0
  4. cedric241 Messages postés 3380 Statut Membre 119
     
    merci de m avoir prévenu JLPJLP
    0
    1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
       
      de rien bonne suite!
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. cedric241 Messages postés 3380 Statut Membre 119
     
    ok j attend le rapport

    pas garve si t arrive pas a changer le statut met te melange pas les pinceaux reste sur ce poste
    0
    1. flocol9
       
      VOICI LE RAPPORT :


      Malwarebytes' Anti-Malware 1.11
      Version de la base de données: 599

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 116651
      Temps écoulé: 28 minute(s), 19 second(s)

      Processus mémoire infecté(s): 2
      Module(s) mémoire infecté(s): 1
      Clé(s) du Registre infectée(s): 19
      Valeur(s) du Registre infectée(s): 5
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 20

      Processus mémoire infecté(s):
      C:\ProgramData\irvdydfs\wnobolcb.exe (Trojan.FakeAlert) -> Unloaded process successfully.
      C:\ProgramData\ovkhunkp\yvwxizun.exe (Trojan.FakeAlert) -> Unloaded process successfully.

      Module(s) mémoire infecté(s):
      c:\Users\PC de Maison\AppData\Local\Temp\ljJDUnlM.dll (Trojan.Vundo) -> Unloaded module successfully.

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\PC-Antispyware (Rogue.PC-Antispyware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Delete on reboot.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\irvdydfs (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\0F1dKFqVVe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Agent) -> Delete on reboot.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Users\PC de Maison\Desktopvirii (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      c:\Users\PC de Maison\AppData\Local\Temp\ljJDUnlM.dll (Trojan.Vundo) -> Delete on reboot.
      C:\ProgramData\irvdydfs\wnobolcb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\ProgramData\ovkhunkp\yvwxizun.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\AppData\Local\Temp\tmp0000c7c1 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\AppData\Local\Temp\tmp0000d2a9 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\AppData\Local\Temp\tmp0000df75 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\AppData\Local\Temp\tmp0000e5cb (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\AppData\Local\Temp\tmp0000ee44 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\AppData\Local\Temp\tmp0000f018 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\AppData\Local\Temp\tmp0000f075 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\AppData\Local\Temp\tmp00010f1c (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\AppData\Local\Temp\tmp000110b2 (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\AppData\Local\Temp\tmp0001189e (Trojan.Vundo) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\Desktopvirii\Trojan-Downloader.Win32.Agent.bl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\Desktopvirii\Trojan-Downloader.Win32.Agent.p.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\Desktopvirii\Trojan-Downloader.Win32.Agent.r.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\Desktopvirii\Trojan-Downloader.Win32.Agent.t.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\Desktopvirii\Trojan-Downloader.Win32.Agent.v.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Users\PC de Maison\AppData\Local\Temp\rqRIbxwV.dll (Trojan.Agent) -> Delete on reboot.
      C:\Users\PC de Maison\AppData\Local\Temp\bx18dxv.dat (Trojan.Agent) -> Quarantined and deleted successfully.
      0
  7. netblog
     
    ----------------------------------------------------------------------------
    change ton anitvirus
    exemple pcsafer www.net-safe.org

    -------------------------------------------------------------------------------
    0
    1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
       
      tu mets ceci a tous???
      0
  8. cedric241 Messages postés 3380 Statut Membre 119
     
    ok y a une belle infection vundo

    normalement héradiquée mais pour etre sur fais ça

    télécharge VundoFix à cette adresse: http://www.atribune.org/ccount/click.php?id=4

    * Double-clique sur VundoFix.exe
    * Clique sur le bouton Scan for Vundo
    * Si le programme te demande de supprimer des fichiers, dis oui
    * Lorsque le programme a fini de scanner ton pc, il doit être éteint, redémarre le.
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt
    0
    1. flocol9
       
      VUNDO FIX SCAN S'est terminé

      Il me dit qu'il n'y a pas de dossier infecté de trouvé. Par contre je n'ai de fichier vundifix.txt qui ce soit enregistré

      un message vient d'apparaitre sur le pc dans une petite fenetre, j'ai voulu la coller mais je ne peux pas.

      Le message note : WARNING YOUR COMPUTER MAY HAVE CRITICALS ERROR IN WINDOWS REGISTRY AND FILES SYSTEM ! .........

      En bas de la fenetre il note next or cancel, j'ai appuyer sur le bouton cancel
      0
  9. flocol9
     
    Dans la barre en bas de l'écran à côté de l'heure il y a une icone qui s'est affiché avec un triangle jaune (avec un point d'exclamation à l'intérieur). Lorsque que j'ai appuyé dessus, j'ai été redirigé vers une page internet : PC ANTISPYWARE
    0
  10. cedric241 Messages postés 3380 Statut Membre 119
     
    ok fais ça :

    réalable
    • Vider la corbeille
    • Fermer toutes les applications

    ================NAVILOG====================

    Télécharge ceci http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Ensuite suit ce tutorial : http://mickael.barroux.free.fr/securite/navilog.php

    Choisir l optio 1 uniquement

    Et enfin post le rapport du scan navilog
    0
  11. cedric241 Messages postés 3380 Statut Membre 119
     
    ferme cette fenetre anti spyware surtout

    et fais navilog

    car tu es toujours infecté
    0
    1. flocol9
       
      ok, corbeille vidée, je suis tes indications et te dis la suite
      0
  12. flocol9
     
    j'ai téléchargé navilog

    mais fonctionne sous vista ?
    Car lorsqe j'arrive sur la fenetre noir et que je clique sur F puis entrée, il me refuse l'accès et indique : GetPaths.exe a cessé de fonctionner.
    0
  13. cedric241 Messages postés 3380 Statut Membre 119
     
    ferme navilog

    puis fais un clic droit sur navilog
    chosi executer en tant qu administrateur
    chosi option 1
    0
    1. flocol9
       
      Voici l scan avec navilog :

      Search Navipromo version 3.5.2 commencé le 08/04/2008 à 17:41:10,28

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Postez ce rapport sur le forum pour le faire analyser !!!
      !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

      Outil exécuté depuis C:\Program Files\navilog1
      Session actuelle : "PC de Maison"

      Mise à jour le 29.03.2008 à 22h00 par IL-MAFIOSO

      Microsoft Windows Vista 6.0.6000
      Internet Explorer : 7.0.6000.16609
      Système de fichiers : NTFS

      Executé en mode normal

      *** Recherche Programmes installés ***




      *** Recherche dossiers dans C:\Windows ***



      *** Recherche dossiers dans C:\Program Files ***


      *** Recherche dossiers dans C:\ProgramData ***


      *** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***


      *** Recherche dossiers dans c:\users\pc de maison\appdata\roaming\microsoft\windows\start menu\programs ***


      *** Recherche dossiers dans C:\Users\PC de Maison\AppData\Local\virtualstore\Program Files ***



      *** Recherche dossiers dans C:\Users\PC de Maison\AppData\Roaming ***


      *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
      pour + d'infos : http://www.gmer.net

      Aucun Fichier trouvé



      *** Recherche avec GenericNaviSearch ***
      !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A vérifier impérativement avant toute suppression manuelle !!!

      * Recherche dans C:\Windows\system32 *

      * Recherche dans C:\Users\PC de Maison\AppData\Local\Microsoft *

      * Recherche dans C:\Users\PC de Maison\AppData\Local *

      * Recherche dans "C:\Users\IUSR_N~1\AppData\Local" *



      *** Recherche fichiers ***




      *** Recherche clés spécifiques dans le Registre ***


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche nouveaux fichiers Instant Access :


      2)Recherche Heuristique :

      * Dans C:\Windows\system32 :


      * Dans C:\Users\PC de Maison\AppData\Local\Microsoft :


      * Dans C:\Users\PC de Maison\AppData\Local :


      * Dans "C:\Users\IUSR_N~1\AppData\Local" :


      3)Recherche Certificats :

      Certificat Egroup absent !
      Certificat Electronic-Group absent !
      Certificat OOO-Favorit absent !
      Certificat Sunny-Day-Design-Ltd absent !

      4)Recherche fichiers connus :



      *** Analyse terminée le 08/04/2008 à 17:46:57,37 ***
      0
  14. cedric241 Messages postés 3380 Statut Membre 119
     
    ok telecharge et instal hijackthis sur ce lien :

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    ouvre le puis clic sur do a system scan and save a logfile

    puis copie colle le rapport du bloc note dans ta prochaine réponse
    0
    1. flocol9
       
      SCAN HIJACKTHIS

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:57:59, on 08/04/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16609)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\hp\support\hpsysdrv.exe
      C:\WINDOWS\RtHDVCpl.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Common Files\AOL\1200324402\ee\aolsoftware.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam\Quickcam.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\ProgramData\tclgxtpo\gfehsrad.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\System32\mobsync.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      C:\hp\kbd\kbd.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      c:\program files\aol\aol toolbar 4.0\AolTbServer.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Windows\system32\conime.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
      C:\Users\PC de Maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL4Q5AVG\HiJackThis[1].exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Users\PC de Maison\Desktop\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
      O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1200324402\ee\AOLSoftware.exe
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [7ce1ee60] rundll32.exe "C:\Users\PCDEMA~1\AppData\Local\Temp\chachqtg.dll",b
      O4 - HKCU\..\Run: [tclgxtpo] C:\ProgramData\tclgxtpo\gfehsrad.exe
      O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\PCDEMA~1\AppData\Local\Temp\ljJDUnlM.dll,#1
      O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\PCDEMA~1\AppData\Local\Temp\rqRIbxwV.dll,c
      O4 - HKCU\..\Run: [irvdydfs] C:\ProgramData\irvdydfs\wnobolcb.exe
      O4 - HKCU\..\Run: [0F1dKFqVVe] C:\ProgramData\ovkhunkp\yvwxizun.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O13 - Gopher Prefix:
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
      O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
      O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
      O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
      O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Windows\wanmpsvc.exe
      0
  15. cedric241 Messages postés 3380 Statut Membre 119
     
    supprime ces lignes :

    C:\ProgramData\tclgxtpo\gfehsrad.exe

    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

    O4 - HKCU\..\Run: [tclgxtpo] C:\ProgramData\tclgxtpo\gfehsrad.exe
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\PCDEMA~1\AppData\Local\Temp\ljJDUnlM.dll,#1
    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\PCDEMA~1\AppData\Local\Temp\rqRIbxwV.dll,c
    O4 - HKCU\..\Run: [irvdydfs] C:\ProgramData\irvdydfs\wnobolcb.exe
    O4 - HKCU\..\Run: [0F1dKFqVVe] C:\ProgramData\ovkhunkp\yvwxizun.exe

    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    pour les supprimer tu les coches ensuite tu clic sur fix checked

    ensuite désinstal avast car c est de la M........ ( la preuve tu étais infecté ) et telecharge et instal antivir (gratuit en anglais mais simple )sur ce lien :

    https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

    apres installation met le a jours puis lance l analyse
    et poste moi le rapport
    0
    1. flocol9
       
      J'ai fait l'installation ainsi que la mise à jour d'antivir.
      Et une fenetre apparait en me disait A virus or unwanted program was found ! Is the Trojan Horse TR/PCK.Monder.83520 : J'ai plusieurs possibilité : Move to quarantine, delete, rename, access deny and ignore.

      Lequel dois-je choisir ?

      Merci
      0
  16. cedric241 Messages postés 3380 Statut Membre 119
     
    delete

    puis lance l analyse si c est pas fait et envoi le rapport
    0
    1. flocol9
       
      Ci-dessous le scan :

      AntiVir PersonalEdition Classic
      Report file date: mardi 8 avril 2008 18:36

      Scanning for 1188179 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows Vista
      Windows version: (plain) [6.0.6000]
      Username: SYSTEM
      Computer name: PC-MAISON-PERSO

      Version information:
      BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
      AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
      AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
      LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
      LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
      ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:18:08
      ANTIVIR2.VDF : 7.0.3.127 649216 Bytes 07/04/2008 16:18:08
      ANTIVIR3.VDF : 7.0.3.135 57344 Bytes 08/04/2008 16:18:08
      AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 08/04/2008 16:18:09
      AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
      AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
      AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
      AVPACK32.DLL : 7.6.0.3 360488 Bytes 08/04/2008 16:18:09
      AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
      AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
      AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
      NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
      RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
      RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: off
      Scan boot sector.................: on
      Boot sectors.....................: D:,
      Scan memory......................: on
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: mardi 8 avril 2008 18:36

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'guardgui.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'HiJackThis[1].exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'conime.exe' - '1' Module(s) have been scanned
      Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
      Scan process 'AolTbServer.exe' - '1' Module(s) have been scanned
      Scan process 'iexplore.exe' - '1' Module(s) have been scanned
      Scan process 'ieuser.exe' - '1' Module(s) have been scanned
      Scan process 'kbd.exe' - '1' Module(s) have been scanned
      Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
      Scan process 'skypePM.exe' - '1' Module(s) have been scanned
      Scan process 'mobsync.exe' - '1' Module(s) have been scanned
      Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
      Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
      Scan process 'rundll32.exe' - '1' Module(s) have been scanned
      Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
      Scan process 'ehtray.exe' - '1' Module(s) have been scanned
      Scan process 'Skype.exe' - '1' Module(s) have been scanned
      Scan process 'sidebar.exe' - '1' Module(s) have been scanned
      Scan process 'rundll32.exe' - '1' Module(s) have been scanned
      Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
      Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
      Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
      Scan process 'qttask.exe' - '1' Module(s) have been scanned
      Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
      Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
      Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
      Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
      Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
      Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
      Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
      Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
      Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
      Scan process 'DQLWinService.exe' - '1' Module(s) have been scanned
      Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'ashServ.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'aawservice.exe' - '1' Module(s) have been scanned
      Scan process 'dwm.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
      Scan process 'audiodg.exe' - '0' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'lsm.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'wininit.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      89 processes with 89 modules were scanned

      Start scanning boot sectors:
      Boot sector 'C:\'
      [NOTE] No virus was found!
      Boot sector 'D:\'
      [NOTE] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '14' files ).


      Starting the file scan:

      Begin scan in 'C:\' <HP>
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\ProgramData\tclgxtpo\gfehsrad.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO] The file was deleted!
      C:\Users\PC de Maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QNA3XLZ\kriv[1]
      [DETECTION] Is the Trojan horse TR/PCK.Monder.83520
      [INFO] The file was deleted!
      C:\Users\PC de Maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5QNA3XLZ\Navilog1[1].exe
      [DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.74
      [INFO] The file was deleted!
      C:\Users\PC de Maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\D1IWKLGK\MediaTubeCodec_ver1.668.1[1].exe
      [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
      [INFO] The file was deleted!
      C:\Users\PC de Maison\AppData\Local\Temp\682d850d.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
      [INFO] The file was deleted!
      C:\Users\PC de Maison\AppData\Local\Temp\ad1a0d5c.exe
      [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
      [INFO] The file was deleted!
      C:\Users\PC de Maison\AppData\Local\Temp\chachqtg.dll
      [DETECTION] Is the Trojan horse TR/PCK.Monder.83520
      [WARNING] The file could not be deleted!
      C:\Users\PC de Maison\AppData\Local\Temp\~PI4F47.tmp
      [DETECTION] Contains detection pattern of the exploits EXP/MS04-028.JPEG.A
      [INFO] The file was deleted!
      C:\Users\PC de Maison\AppData\Local\Temp\~PI8386.tmp
      [DETECTION] Contains detection pattern of the exploits EXP/MS04-028.JPEG.A
      [INFO] The file was deleted!
      C:\Users\PC de Maison\AppData\Local\Temp\~PIBCAA.tmp
      [DETECTION] Contains detection pattern of the exploits EXP/MS04-028.JPEG.A
      [INFO] The file was deleted!
      C:\Users\PC de Maison\AppData\Local\Temp\~PIDB28.tmp
      [DETECTION] Contains detection pattern of the exploits EXP/MS04-028.JPEG.A
      [INFO] The file was deleted!
      Begin scan in 'D:\' <Recovery>


      End of the scan: mardi 8 avril 2008 19:14
      Used time: 37:56 min

      The scan has been done completely.

      12558 Scanning directories
      305262 Files were scanned
      11 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      10 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
      305251 Files not concerned
      1948 Archives were scanned
      2 Warnings
      10 Notes
      0
  17. flocol9
     
    le pc a vachement ralenti le temps d'attente est vraiment long d'un coup
    0
  18. flocol9
     
    je l'ai lancé, ca a l'air assez long, je t'envoi le rapport dès que c'est fini

    merci encore pour ton aide
    0
  19. cedric241 Messages postés 3380 Statut Membre 119
     
    ok REFAIS un scan hijackthis et psote le rapport stp
    0
    1. flocol9
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:37:52, on 08/04/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16609)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\hp\support\hpsysdrv.exe
      C:\WINDOWS\RtHDVCpl.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\Common Files\AOL\1200324402\ee\aolsoftware.exe
      C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
      C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
      C:\Program Files\Logitech\QuickCam\Quickcam.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\System32\rundll32.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Windows\System32\mobsync.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      C:\hp\kbd\kbd.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      c:\program files\aol\aol toolbar 4.0\AolTbServer.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Windows\system32\conime.exe
      C:\Windows\system32\taskeng.exe
      C:\Users\PC de Maison\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GL4Q5AVG\HiJackThis[1].exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Users\PC de Maison\Desktop\HiJackThis.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.icrfast.com/index.php?rvs=hompag
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = C:\Program Files\AOL Toolbar\welcome.html
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
      O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1200324402\ee\AOLSoftware.exe
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware Reboot] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe /background
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [7ce1ee60] rundll32.exe "C:\Users\PCDEMA~1\AppData\Local\Temp\chachqtg.dll",b
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O13 - Gopher Prefix:
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
      O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
      O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
      O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
      O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
      O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
      O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Windows\wanmpsvc.exe
      0
  20. cedric241 Messages postés 3380 Statut Membre 119
     
    Ton rapport est propre comment va le pc ??
    0
  21. flocol9
     
    LE PC VIENT DE REDEMARRER TOUT SEUL SANS QUE JE LUI DEMANDE QUOI QUE CE SOIT
    0
  • 1
  • 2