Navipromo BZC ?
juju77
-
juju77 -
juju77 -
Bonjour, je crois que je suis infecté par Navipromo BZC et peut être d'autres adware.
si quelqu'un peut m'aider ce serait sympas.mon antivirus est avast version 4.8 et mis a jour, celui ci m'a détecté plusieurs trojans qu'il a réussi a effacer.
pour avancer mon problème j'ai aussi fait un scan en ligne bitdefender
puis j'ai installé HiJackThis.exe pour générer un rapport de même pour Navilog1.exe
autre précision la lettre I:\ correspond a un disque dur usb externe, j'ai justement remarqué le problème en essayant de supprimer des fichiers sur ce disque, je ne peux pas supprimer certains fichiers car un processus ou une application les utilise
voici le rapport de scan de bitdefender :
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>UCMTSAIE.DLL
Détecté avec: Application.Vcatch.C
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>UCMTSAIE.DLL
Echec de la désinfection
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>UCMTSAIE.DLL
Supprimé
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)
Mis à jour
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>IUCMORE.DLL
Détecté avec: Application.Vcatch.F
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>IUCMORE.DLL
Echec de la désinfection
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>IUCMORE.DLL
Supprimé
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)
Mis à jour
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>IUCMORE.DLL
Détecté avec: Application.Vcatch.F
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>IUCMORE.DLL
Echec de la désinfection
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>IUCMORE.DLL
Supprimé
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)
Mis à jour
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013
Echec de la mise à jour
C:\GRAVURE\utilitaire\overnet 0-53a\overnet_overnet_0.53a_anglais_10870.exe=>(NSIS o)=>zlib_nsis0007
Détecté avec: Application.Overnet.H
C:\GRAVURE\utilitaire\overnet 0-53a\overnet_overnet_0.53a_anglais_10870.exe=>(NSIS o)=>zlib_nsis0007
Echec de la désinfection
C:\GRAVURE\utilitaire\overnet 0-53a\overnet_overnet_0.53a_anglais_10870.exe=>(NSIS o)=>zlib_nsis0007
Supprimé
C:\GRAVURE\utilitaire\overnet 0-53a\overnet_overnet_0.53a_anglais_10870.exe=>(NSIS o)
Echec de la mise à jour
I:\tempp\recup_dir.146\f344063624.exe
Détecté avec: Application.Superscan.F
I:\tempp\recup_dir.146\f344063624.exe
Echec de la désinfection
I:\tempp\recup_dir.146\f344063624.exe
Echec de la suppression
I:\tempp\recup_dir.198\f481575352.exe
Détecté avec: Adware.Navipromo.BZC
I:\tempp\recup_dir.198\f481575352.exe
Echec de la désinfection
I:\tempp\recup_dir.198\f481575352.exe
Echec de la suppression
I:\tempp\recup_dir.199\f483666560.exe
Détecté avec: Adware.Navipromo.BZC
I:\tempp\recup_dir.199\f483666560.exe
Echec de la désinfection
I:\tempp\recup_dir.199\f483666560.exe
Echec de la suppression
I:\tempp\recup_dir.200\f485918096.exe
Détecté avec: Adware.Navipromo.BZC
I:\tempp\recup_dir.200\f485918096.exe
Echec de la désinfection
I:\tempp\recup_dir.200\f485918096.exe
Echec de la suppression
I:\tempp\recup_dir.203\f488171680.exe
Détecté avec: Adware.Navipromo.BZC
I:\tempp\recup_dir.203\f488171680.exe
Echec de la désinfection
I:\tempp\recup_dir.203\f488171680.exe
Echec de la suppression
I:\tempp\recup_dir.206\f490753168.exe
Détecté avec: Adware.Navipromo.BZC
I:\tempp\recup_dir.206\f490753168.exe
Echec de la désinfection
I:\tempp\recup_dir.206\f490753168.exe
Echec de la suppression
I:\tempp\recup_dir.212\f496130640.exe
Infecté par: Trojan.Generic.127298
I:\tempp\recup_dir.212\f496130640.exe
Echec de la désinfection
I:\tempp\recup_dir.212\f496130640.exe
Echec de la suppression
I:\tempp\recup_dir.215\f499776128.exe
Infecté par: Trojan.Generic.127298
I:\tempp\recup_dir.215\f499776128.exe
Echec de la désinfection
I:\tempp\recup_dir.215\f499776128.exe
Echec de la suppression
I:\utilitaires\logiciel anti spyware\hitman-pro_hitman_pro_2.4_anglais_13745.exe=>(Instyler o)=>(Instyler Module 0)
Infecté par: Trojan.Generic.163320
I:\utilitaires\logiciel anti spyware\hitman-pro_hitman_pro_2.4_anglais_13745.exe=>(Instyler o)=>(Instyler Module 0)
Supprimé
I:\utilitaires\logiciel anti spyware\hitman-pro_hitman_pro_2.4_anglais_13745.exe=>(Instyler o)
Echec de la mise à jour
voici le rapport de HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:55:49, on 18/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\installe DRIVERS\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\julien rom\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.205.99.187:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Editor plugin - {8D488899-6888-4e00-9266-C7987A7E2484} - appleo.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WireLessKeyboard] C:\installe DRIVERS\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
si quelqu'un peut m'aider ce serait sympas.mon antivirus est avast version 4.8 et mis a jour, celui ci m'a détecté plusieurs trojans qu'il a réussi a effacer.
pour avancer mon problème j'ai aussi fait un scan en ligne bitdefender
puis j'ai installé HiJackThis.exe pour générer un rapport de même pour Navilog1.exe
autre précision la lettre I:\ correspond a un disque dur usb externe, j'ai justement remarqué le problème en essayant de supprimer des fichiers sur ce disque, je ne peux pas supprimer certains fichiers car un processus ou une application les utilise
voici le rapport de scan de bitdefender :
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>UCMTSAIE.DLL
Détecté avec: Application.Vcatch.C
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>UCMTSAIE.DLL
Echec de la désinfection
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>UCMTSAIE.DLL
Supprimé
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)
Mis à jour
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>IUCMORE.DLL
Détecté avec: Application.Vcatch.F
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>IUCMORE.DLL
Echec de la désinfection
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>IUCMORE.DLL
Supprimé
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)
Mis à jour
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>IUCMORE.DLL
Détecté avec: Application.Vcatch.F
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>IUCMORE.DLL
Echec de la désinfection
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)=>IUCMORE.DLL
Supprimé
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013=>(ZIP Sfx o)
Mis à jour
C:\GRAVURE\utilitaire\overnet 0-53a\overnet0.52.exe=>(NSIS o)=>zlib_nsis0013
Echec de la mise à jour
C:\GRAVURE\utilitaire\overnet 0-53a\overnet_overnet_0.53a_anglais_10870.exe=>(NSIS o)=>zlib_nsis0007
Détecté avec: Application.Overnet.H
C:\GRAVURE\utilitaire\overnet 0-53a\overnet_overnet_0.53a_anglais_10870.exe=>(NSIS o)=>zlib_nsis0007
Echec de la désinfection
C:\GRAVURE\utilitaire\overnet 0-53a\overnet_overnet_0.53a_anglais_10870.exe=>(NSIS o)=>zlib_nsis0007
Supprimé
C:\GRAVURE\utilitaire\overnet 0-53a\overnet_overnet_0.53a_anglais_10870.exe=>(NSIS o)
Echec de la mise à jour
I:\tempp\recup_dir.146\f344063624.exe
Détecté avec: Application.Superscan.F
I:\tempp\recup_dir.146\f344063624.exe
Echec de la désinfection
I:\tempp\recup_dir.146\f344063624.exe
Echec de la suppression
I:\tempp\recup_dir.198\f481575352.exe
Détecté avec: Adware.Navipromo.BZC
I:\tempp\recup_dir.198\f481575352.exe
Echec de la désinfection
I:\tempp\recup_dir.198\f481575352.exe
Echec de la suppression
I:\tempp\recup_dir.199\f483666560.exe
Détecté avec: Adware.Navipromo.BZC
I:\tempp\recup_dir.199\f483666560.exe
Echec de la désinfection
I:\tempp\recup_dir.199\f483666560.exe
Echec de la suppression
I:\tempp\recup_dir.200\f485918096.exe
Détecté avec: Adware.Navipromo.BZC
I:\tempp\recup_dir.200\f485918096.exe
Echec de la désinfection
I:\tempp\recup_dir.200\f485918096.exe
Echec de la suppression
I:\tempp\recup_dir.203\f488171680.exe
Détecté avec: Adware.Navipromo.BZC
I:\tempp\recup_dir.203\f488171680.exe
Echec de la désinfection
I:\tempp\recup_dir.203\f488171680.exe
Echec de la suppression
I:\tempp\recup_dir.206\f490753168.exe
Détecté avec: Adware.Navipromo.BZC
I:\tempp\recup_dir.206\f490753168.exe
Echec de la désinfection
I:\tempp\recup_dir.206\f490753168.exe
Echec de la suppression
I:\tempp\recup_dir.212\f496130640.exe
Infecté par: Trojan.Generic.127298
I:\tempp\recup_dir.212\f496130640.exe
Echec de la désinfection
I:\tempp\recup_dir.212\f496130640.exe
Echec de la suppression
I:\tempp\recup_dir.215\f499776128.exe
Infecté par: Trojan.Generic.127298
I:\tempp\recup_dir.215\f499776128.exe
Echec de la désinfection
I:\tempp\recup_dir.215\f499776128.exe
Echec de la suppression
I:\utilitaires\logiciel anti spyware\hitman-pro_hitman_pro_2.4_anglais_13745.exe=>(Instyler o)=>(Instyler Module 0)
Infecté par: Trojan.Generic.163320
I:\utilitaires\logiciel anti spyware\hitman-pro_hitman_pro_2.4_anglais_13745.exe=>(Instyler o)=>(Instyler Module 0)
Supprimé
I:\utilitaires\logiciel anti spyware\hitman-pro_hitman_pro_2.4_anglais_13745.exe=>(Instyler o)
Echec de la mise à jour
voici le rapport de HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:55:49, on 18/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\installe DRIVERS\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Documents and Settings\julien rom\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.205.99.187:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Editor plugin - {8D488899-6888-4e00-9266-C7987A7E2484} - appleo.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WireLessKeyboard] C:\installe DRIVERS\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [userinit] C:\WINDOWS\system32\ntos.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} (StreamPlug Class) - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
28 réponses
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:20, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\installe DRIVERS\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\julien rom\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 213.205.99.187:8080
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} -
C:\Program Files\IEPro\iepro.dll
O2 - BHO: Skype add-on (mastermind) -
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch -
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program
Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers
communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class -
{F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program
Files\FlashGet\getflash.dll
O3 - Toolbar: Veoh Browser Plug-in -
{D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh
Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP
Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WireLessKeyboard] C:\installe
DRIVERS\Trust\Trust Keyboard 15036\StartAutorun.exe
PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh
Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers
communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet -
C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet -
C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences -
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program
Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences -
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program
Files\IEPro\iepro.dll
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07}
- C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) -
{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner
v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -
C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program
Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program
Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX
Control) -
http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} -
http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE
Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro
.com/housecall/xscan53.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online
Scanner 3.0) - https://www.f-secure.com/en/home/support
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online
Scanner 3.3) - https://www.f-secure.com/en/home/support
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}
- C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program
Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL
Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs,
LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 23:56:20, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\installe DRIVERS\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\julien rom\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet
Explorer\Main,Default_Search_URL =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = 213.205.99.187:8080
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} -
C:\Program Files\IEPro\iepro.dll
O2 - BHO: Skype add-on (mastermind) -
{22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program
Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch -
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program
Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers
communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class -
{F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program
Files\FlashGet\getflash.dll
O3 - Toolbar: Veoh Browser Plug-in -
{D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh
Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP
Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WireLessKeyboard] C:\installe
DRIVERS\Trust\Trust Keyboard 15036\StartAutorun.exe
PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh
Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]
C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers
communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program
Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program
Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet -
C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet -
C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences -
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program
Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences -
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program
Files\IEPro\iepro.dll
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07}
- C:\Program Files\Skype\Toolbars\Internet
Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) -
{85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner
v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -
C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program
Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program
Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX
Control) -
http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} -
http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE
Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro
.com/housecall/xscan53.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online
Scanner 3.0) - https://www.f-secure.com/en/home/support
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online
Scanner 3.3) - https://www.f-secure.com/en/home/support
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}
- C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program
Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL
Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program
Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) -
Macrovision Corporation - C:\Program Files\Fichiers
communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs,
LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Mouarfff, ;-DD tu a copi/collé le rapport ligne par ligne ??
refais le stp, c'est pas facile a lire comme ça, il est " écorché " lol....
Relance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition" ->> "Sélectionner tout", puis sur "Edition" ->> Copier" pour copier tout le contenu du rapport
Comment fixer les lignes et générer un rapport <---- voir ici
refais le stp, c'est pas facile a lire comme ça, il est " écorché " lol....
Relance Hijackthis en double cliquant sur son raccourci sur le Bureau.
Choisis l'option "Do a system scan and save a log file"
Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
Clique sur "Edition" ->> "Sélectionner tout", puis sur "Edition" ->> Copier" pour copier tout le contenu du rapport
Comment fixer les lignes et générer un rapport <---- voir ici
oups...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:20, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\installe DRIVERS\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\julien rom\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.205.99.187:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WireLessKeyboard] C:\installe DRIVERS\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:56:20, on 19/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\installe DRIVERS\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\julien rom\Bureau\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.205.99.187:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WireLessKeyboard] C:\installe DRIVERS\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - http://www.streamplug.com/StreamPlug/SP.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok, je préfère ;-DD
Relance HijackThis, choisis "do a scan only"
coche la case devant les lignes ci-dessous ( qui sont inutiles au lancement du pc ) et clic en bas sur "fix checked".
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
tuto en images
Ferme HJT !
ALCMTR.EXE <---ce fichier est probablement placé dans C:\Windows ou C:\Windows\System32, utilise la fonction rechercher via "démarrer/rechercher/des fichiers ou des dossiers" pour le débusquer !!!
Il se peut meme qu'il y en ai plusieurs ! Supprime les tous !!
Il s'agit d un spyware installé avec les Realtek AC97 Audio intégrés dans certaines cartes mère pour récolter des infos sur leurs clients !
============================================
Bon, ça m'a l'air ok, tu feras ceci demain !
Avast! est loin de ce que l'on a fait de mieux en matière de protection.
Je te conseillerais plutot AVIRA ANTIVIR ( GRATUIT EGALEMENT ) à la place de Avast !
Pourquoi ?
un autre avis ?
Toujours pas convaincu ? ici, l'avis des Masters en désinfection !
Donc télécharge AVIRA Antivir si tu veux l'esssayer.
Avira antivir PersonalEdition Classic
Ensuite hors connexion supprime AVAST
Pour suppimer Avast correctement :
Installe ANTIVIR...
TUTO D' installation par Malekal
Tuto D'instalation et de mise en Oeuvre
encore un au cas ou...
Reconnecte toi, fais les mises à jours Antivir... tu seras mieux protégé !
Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
Assure toi qu'Antivir est bien à jour, vérifie la date d'update.
Redémarre en mode sans échec !
Pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.
Redémarre en mode normal.
Poste le rapport ici.
@+
Relance HijackThis, choisis "do a scan only"
coche la case devant les lignes ci-dessous ( qui sont inutiles au lancement du pc ) et clic en bas sur "fix checked".
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
tuto en images
Ferme HJT !
ALCMTR.EXE <---ce fichier est probablement placé dans C:\Windows ou C:\Windows\System32, utilise la fonction rechercher via "démarrer/rechercher/des fichiers ou des dossiers" pour le débusquer !!!
Il se peut meme qu'il y en ai plusieurs ! Supprime les tous !!
Il s'agit d un spyware installé avec les Realtek AC97 Audio intégrés dans certaines cartes mère pour récolter des infos sur leurs clients !
============================================
Bon, ça m'a l'air ok, tu feras ceci demain !
Avast! est loin de ce que l'on a fait de mieux en matière de protection.
Je te conseillerais plutot AVIRA ANTIVIR ( GRATUIT EGALEMENT ) à la place de Avast !
Pourquoi ?
un autre avis ?
Toujours pas convaincu ? ici, l'avis des Masters en désinfection !
Donc télécharge AVIRA Antivir si tu veux l'esssayer.
Avira antivir PersonalEdition Classic
Ensuite hors connexion supprime AVAST
Pour suppimer Avast correctement :
Installe ANTIVIR...
TUTO D' installation par Malekal
Tuto D'instalation et de mise en Oeuvre
encore un au cas ou...
Reconnecte toi, fais les mises à jours Antivir... tu seras mieux protégé !
Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
Assure toi qu'Antivir est bien à jour, vérifie la date d'update.
Redémarre en mode sans échec !
Pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.
Redémarre en mode normal.
Poste le rapport ici.
@+
J'ai bien fixé avec HijackThis les lignes que tu m'a indiqué;
puis j'ai recherché ALCMTR.EXE, j'en trouve 3 :
Alcmtr.exe =>dans=> C:\WINDOWS
Alcmtr.exe =>dans=> C:\Program Files\Realtek\InstallShield
ALCMTR.EXE-235F9538.pf =>dans=> C:\WINDOWS\Prefetch
je supprimes bien les 3 fichiers ?
je vais supprimer avast pour ANTIVIR, faire un scan et le poster.
Merci
ps : je ne peux touojurs pas supprimer un gros dossiers sur mon disque dur externe; message : "disque protégé en écriture, plein ou actuellement occupé par une application"
puis j'ai recherché ALCMTR.EXE, j'en trouve 3 :
Alcmtr.exe =>dans=> C:\WINDOWS
Alcmtr.exe =>dans=> C:\Program Files\Realtek\InstallShield
ALCMTR.EXE-235F9538.pf =>dans=> C:\WINDOWS\Prefetch
je supprimes bien les 3 fichiers ?
je vais supprimer avast pour ANTIVIR, faire un scan et le poster.
Merci
ps : je ne peux touojurs pas supprimer un gros dossiers sur mon disque dur externe; message : "disque protégé en écriture, plein ou actuellement occupé par une application"
Alcmtr.exe =>dans=> C:\WINDOWS
Alcmtr.exe =>dans=> C:\Program Files\Realtek\InstallShield
ALCMTR.EXE-235F9538.pf =>dans=> C:\WINDOWS\Prefetch
Oui, vire les tous.
Tu n'avais pas branché ton DD ext ?
Branche le pendant le scan avira...
@+
Alcmtr.exe =>dans=> C:\Program Files\Realtek\InstallShield
ALCMTR.EXE-235F9538.pf =>dans=> C:\WINDOWS\Prefetch
Oui, vire les tous.
Tu n'avais pas branché ton DD ext ?
Branche le pendant le scan avira...
@+
j'ai donc supprimé les 3 fichiers puis installé antivir et j'ai lancé un scan (en mode sans echec);
antivir me détecte plusieurs infections, une seule sur mon système et toutes les autres dans un dossier nommé "tempp" sur mon disque externe I:\
je précise qu'a toutes les procédures que vous m'avez indiquez mon disque dur externe est resté branché.
le problème c'est que antivir ou tout autre utilitaire n'a pas les accès pour procéder a la suppression des fichiers infectés même en mode sans echec même en admin, j'ai l'impression que le nombre de fichiers infectés augmente dans le dossier "tempp" , de plus je n'ai pas besoin de ce dossier, je penses que le plus simple serait de le supprimer entièrement mais je n'y arrive pas sous windows. pensez vous qu'une manipulation en ms dos pourrait me permettre de supprimer ce dossier de mon disque externe ?
Si je ne trouve pas d'autre solution, je copierais mes données (sauf tempp) sur un autre disque externe et j'essaierais de le formater, j'espère qu'il ne me posera pas de problème pour formater.
j'attends vos avis merci.
je dépose ci dessous mon derniers scan antivir (en mode sans echec) :
Avira AntiVir Personal
Report file date: dimanche 20 avril 2008 02:09
Scanning for 1218459 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: julien rom
Computer name: ORDI-JUJU
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 20/04/2008 00:04:31
AVSCAN.DLL : 8.1.1.0 53505 Bytes 20/04/2008 00:04:31
LUKE.DLL : 8.1.2.9 151809 Bytes 20/04/2008 00:04:31
LUKERES.DLL : 8.1.2.1 12033 Bytes 20/04/2008 00:04:31
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 00:04:32
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 00:04:32
ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 00:04:32
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 20/04/2008 00:04:32
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 20/04/2008 00:04:32
AESCN.DLL : 8.1.0.14 119156 Bytes 20/04/2008 00:04:32
AERDL.DLL : 8.1.0.19 418164 Bytes 20/04/2008 00:04:32
AEPACK.DLL : 8.1.1.2 364917 Bytes 20/04/2008 00:04:32
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 00:04:32
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 20/04/2008 00:04:32
AEHELP.DLL : 8.1.0.14 115063 Bytes 20/04/2008 00:04:32
AEGEN.DLL : 8.1.0.17 299380 Bytes 20/04/2008 00:04:32
AEEMU.DLL : 8.1.0.5 430450 Bytes 20/04/2008 00:04:32
AECORE.DLL : 8.1.0.27 168310 Bytes 20/04/2008 00:04:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 20/04/2008 00:04:31
AVPREF.DLL : 8.0.0.1 25857 Bytes 20/04/2008 00:04:31
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 20/04/2008 00:04:31
AVARKT.DLL : 1.0.0.23 307457 Bytes 20/04/2008 00:04:31
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 20/04/2008 00:04:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/04/2008 00:04:31
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 20/04/2008 00:04:31
NETNT.DLL : 8.0.0.1 7937 Bytes 20/04/2008 00:04:31
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 20/04/2008 00:04:30
RCTEXT.DLL : 8.0.32.0 86273 Bytes 20/04/2008 00:04:30
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 20 avril 2008 02:09
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '39' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\julien rom\Mes documents\Downloads\PowerISO v4.0 + [AGAiN keygen]\keygen.exe
[DETECTION] Is the Trojan horse TR/Drop.Virtumo.dlm
[NOTE] The file was moved to '48838add.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'I:\' <CIBOX400G>
les fichiers en I:\cedric\ sont des sauvegardes de fichiers de programmation connus je les aient donc ignorés
I:\cedric\5000100\arc\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\5000100\Attic\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\dev\Teleacte\Projects\ExternalsLibraries\Release\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\dev\Teleacte\Projects\FramePlayer.root\FramePlayer\Genapi.Word.FramePlayer\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\FrameWork.GenApi\shell\iNovaShell-SCSF\Lib\Teleacte\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\Projects.SOA\i-Nova.SOA\GenApi.iNova.SmartAppStarter\bin\Debug\Files\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\Projects.SOA\i-Nova.SOA\GenApi.iNova.SmartAppStarter\Files\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\Projects.SOA\i-Nova.SOA\i-Nova.WebSite\Bin\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\Projects.SOA\i-Nova.SOA\i-Nova.WebSite\Bin\20070111\I-NOT.DOT
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\Projects.SOA\i-Nova.SOA\i-Nova.WebSite\Bin\20070129\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\Projects.SOA\i-Nova.SOA\i-Nova.WebSite\Bin\20070129\From Externals\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\tempp\recup_dir.110\f82088584.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.113\f85575032.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.131\f334011072.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.146\f343994960.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.149\f356827312.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.159\f420760888.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.162\f432121608.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.165\f434168040.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.172\f441574080.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.180\f451814168.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.183\f454096800.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.185\f459178992.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.189\f461891888.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.194\f476060136.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.195\f476436168.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.198\f481575352.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.199\f483666560.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.200\f485918096.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.203\f488171680.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.206\f490753168.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.212\f496130640.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.214\f498503976.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.215\f499776128.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.218\f500514600.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.22\f11524200.doc
[DETECTION] Contains detection pattern of the exploits EXP/CVE-2006-4534
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.231\f522958656.h
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.232\f525139800.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.27\f14721176.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.281\f612840120.exe
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.281\f612843392.exe
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.286\f623138416.exe
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\utilitaires\logiciel anti spyware\RegFreeze Fr v5.3 + Patch\RegFreeze Fr v5.3 + Patch\Patch Fr\fr-patch.exe
[DETECTION] Is the Trojan horse TR/PSWeric2.RNF
[NOTE] The file was moved to '4837a368.qua'!
End of the scan: dimanche 20 avril 2008 03:57
Used time: 1:48:14 min
The scan has been done completely.
17630 Scanning directories
1169534 Files were scanned
9 viruses and/or unwanted programs were found
35 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
1169525 Files not concerned
5640 Archives were scanned
44 Warnings
36 Notes
antivir me détecte plusieurs infections, une seule sur mon système et toutes les autres dans un dossier nommé "tempp" sur mon disque externe I:\
je précise qu'a toutes les procédures que vous m'avez indiquez mon disque dur externe est resté branché.
le problème c'est que antivir ou tout autre utilitaire n'a pas les accès pour procéder a la suppression des fichiers infectés même en mode sans echec même en admin, j'ai l'impression que le nombre de fichiers infectés augmente dans le dossier "tempp" , de plus je n'ai pas besoin de ce dossier, je penses que le plus simple serait de le supprimer entièrement mais je n'y arrive pas sous windows. pensez vous qu'une manipulation en ms dos pourrait me permettre de supprimer ce dossier de mon disque externe ?
Si je ne trouve pas d'autre solution, je copierais mes données (sauf tempp) sur un autre disque externe et j'essaierais de le formater, j'espère qu'il ne me posera pas de problème pour formater.
j'attends vos avis merci.
je dépose ci dessous mon derniers scan antivir (en mode sans echec) :
Avira AntiVir Personal
Report file date: dimanche 20 avril 2008 02:09
Scanning for 1218459 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: julien rom
Computer name: ORDI-JUJU
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 20/04/2008 00:04:31
AVSCAN.DLL : 8.1.1.0 53505 Bytes 20/04/2008 00:04:31
LUKE.DLL : 8.1.2.9 151809 Bytes 20/04/2008 00:04:31
LUKERES.DLL : 8.1.2.1 12033 Bytes 20/04/2008 00:04:31
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 00:04:32
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 00:04:32
ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 00:04:32
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 20/04/2008 00:04:32
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 20/04/2008 00:04:32
AESCN.DLL : 8.1.0.14 119156 Bytes 20/04/2008 00:04:32
AERDL.DLL : 8.1.0.19 418164 Bytes 20/04/2008 00:04:32
AEPACK.DLL : 8.1.1.2 364917 Bytes 20/04/2008 00:04:32
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 00:04:32
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 20/04/2008 00:04:32
AEHELP.DLL : 8.1.0.14 115063 Bytes 20/04/2008 00:04:32
AEGEN.DLL : 8.1.0.17 299380 Bytes 20/04/2008 00:04:32
AEEMU.DLL : 8.1.0.5 430450 Bytes 20/04/2008 00:04:32
AECORE.DLL : 8.1.0.27 168310 Bytes 20/04/2008 00:04:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 20/04/2008 00:04:31
AVPREF.DLL : 8.0.0.1 25857 Bytes 20/04/2008 00:04:31
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 20/04/2008 00:04:31
AVARKT.DLL : 1.0.0.23 307457 Bytes 20/04/2008 00:04:31
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 20/04/2008 00:04:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/04/2008 00:04:31
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 20/04/2008 00:04:31
NETNT.DLL : 8.0.0.1 7937 Bytes 20/04/2008 00:04:31
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 20/04/2008 00:04:30
RCTEXT.DLL : 8.0.32.0 86273 Bytes 20/04/2008 00:04:30
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 20 avril 2008 02:09
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '39' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\julien rom\Mes documents\Downloads\PowerISO v4.0 + [AGAiN keygen]\keygen.exe
[DETECTION] Is the Trojan horse TR/Drop.Virtumo.dlm
[NOTE] The file was moved to '48838add.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'I:\' <CIBOX400G>
les fichiers en I:\cedric\ sont des sauvegardes de fichiers de programmation connus je les aient donc ignorés
I:\cedric\5000100\arc\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\5000100\Attic\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\dev\Teleacte\Projects\ExternalsLibraries\Release\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\dev\Teleacte\Projects\FramePlayer.root\FramePlayer\Genapi.Word.FramePlayer\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\FrameWork.GenApi\shell\iNovaShell-SCSF\Lib\Teleacte\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\Projects.SOA\i-Nova.SOA\GenApi.iNova.SmartAppStarter\bin\Debug\Files\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\Projects.SOA\i-Nova.SOA\GenApi.iNova.SmartAppStarter\Files\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\Projects.SOA\i-Nova.SOA\i-Nova.WebSite\Bin\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\Projects.SOA\i-Nova.SOA\i-Nova.WebSite\Bin\20070111\I-NOT.DOT
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\Projects.SOA\i-Nova.SOA\i-Nova.WebSite\Bin\20070129\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\cedric\Projects.SOA\i-Nova.SOA\i-Nova.WebSite\Bin\20070129\From Externals\i-Not.dot
[DETECTION] Contains suspicious code HEUR/Macro.Word2000
[NOTE] The fund was classified as suspicious.
[WARNING] The file was not repaired as requested!
I:\tempp\recup_dir.110\f82088584.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.113\f85575032.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.131\f334011072.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.146\f343994960.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.149\f356827312.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.159\f420760888.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.162\f432121608.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.165\f434168040.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.172\f441574080.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.180\f451814168.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.183\f454096800.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.185\f459178992.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.189\f461891888.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.194\f476060136.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.195\f476436168.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.198\f481575352.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.199\f483666560.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.200\f485918096.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.203\f488171680.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.206\f490753168.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.212\f496130640.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.214\f498503976.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.215\f499776128.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.218\f500514600.txt
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.22\f11524200.doc
[DETECTION] Contains detection pattern of the exploits EXP/CVE-2006-4534
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.231\f522958656.h
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.232\f525139800.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.27\f14721176.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.281\f612840120.exe
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.281\f612843392.exe
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\tempp\recup_dir.286\f623138416.exe
[DETECTION] Contains suspicious code HEUR/Malware
[NOTE] The fund was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
I:\utilitaires\logiciel anti spyware\RegFreeze Fr v5.3 + Patch\RegFreeze Fr v5.3 + Patch\Patch Fr\fr-patch.exe
[DETECTION] Is the Trojan horse TR/PSWeric2.RNF
[NOTE] The file was moved to '4837a368.qua'!
End of the scan: dimanche 20 avril 2008 03:57
Used time: 1:48:14 min
The scan has been done completely.
17630 Scanning directories
1169534 Files were scanned
9 viruses and/or unwanted programs were found
35 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
1169525 Files not concerned
5640 Archives were scanned
44 Warnings
36 Notes
