A voir également:
- Virus qui ralentit ordinateur
- Ordinateur qui rame - Guide
- Réinitialiser ordinateur - Guide
- Clavier de l'ordinateur - Guide
- Qu'est ce qui se lance au démarrage de l'ordinateur - Guide
- # Sur ordinateur - Guide
9 réponses
salut
si ton antivirus et avast desinstalle puis mes antivir mes le a jour puis fait un scan et supprime tous se qu'il trouve
si ton antivirus et avast desinstalle puis mes antivir mes le a jour puis fait un scan et supprime tous se qu'il trouve
as tu fait le scanavec antivir? parce que la c'est la cata dans ton rapport
mes avant de faire le scan avec antivir fait ca:
reglages pour antivir :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
aussi clic sur guard puis coche scan archive puis tu decoche les 3 case en dessous puis ok
mes avant de faire le scan avec antivir fait ca:
reglages pour antivir :
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
aussi clic sur guard puis coche scan archive puis tu decoche les 3 case en dessous puis ok
Si ca ne te dérange pas jessydu54 je m'en occupe.
Tu fais un scan en mode sans échec avec AntiVir. Tu lances le scan et si il détecte un virus (normalement oui) tu cliques sur "delete" et "apply sélection to all following détections. (pour qu'il le supprimes automatiquement). A la fin du scan tu cliques sur "report" tu redémarre en mode normal puis tu me postes le rapport.
Mode sans Echec:
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
PS: JE TE CONSEILLE D'ENREGISTRER CE MESSAGE DANS TON BUREAU OU CAS OU.
Tu fais un scan en mode sans échec avec AntiVir. Tu lances le scan et si il détecte un virus (normalement oui) tu cliques sur "delete" et "apply sélection to all following détections. (pour qu'il le supprimes automatiquement). A la fin du scan tu cliques sur "report" tu redémarre en mode normal puis tu me postes le rapport.
Mode sans Echec:
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.
PS: JE TE CONSEILLE D'ENREGISTRER CE MESSAGE DANS TON BUREAU OU CAS OU.
Le scan est terminé. Apparemment, le virus est toujours là
Voici le rapport Antivir
Avira AntiVir Personal
Report file date: dimanche 11 mai 2008 20:20
Scanning for 1258665 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: HP_Propriétaire
Computer name: DUCLUZEAUCARRAZ
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 17/04/2008 08:17:44
AVSCAN.DLL : 8.1.1.0 53505 Bytes 17/04/2008 08:17:44
LUKE.DLL : 8.1.2.9 151809 Bytes 17/04/2008 08:17:45
LUKERES.DLL : 8.1.2.1 12033 Bytes 17/04/2008 08:17:45
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:40:48
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 15:41:16
ANTIVIR3.VDF : 7.0.4.23 99840 Bytes 09/05/2008 15:40:26
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 17/04/2008 08:17:45
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09/05/2008 15:40:31
AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 15:40:17
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 08:27:28
AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 15:33:42
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 08:15:28
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09/05/2008 15:40:30
AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 08:15:14
AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 15:40:16
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 15:40:15
AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 15:40:14
AVWINLL.DLL : 1.0.0.7 14593 Bytes 17/04/2008 08:17:44
AVPREF.DLL : 8.0.0.1 25857 Bytes 17/04/2008 08:17:44
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 17/04/2008 08:17:44
AVARKT.DLL : 1.0.0.23 307457 Bytes 17/04/2008 08:17:44
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 17/04/2008 08:17:44
SQLITE3.DLL : 3.3.17.1 339968 Bytes 17/04/2008 08:17:45
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 17/04/2008 08:17:45
NETNT.DLL : 8.0.0.1 7937 Bytes 17/04/2008 08:17:45
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 17/04/2008 08:17:41
RCTEXT.DLL : 8.0.32.0 86273 Bytes 17/04/2008 08:17:41
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, L:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: dimanche 11 mai 2008 20:20
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'HelpSvc.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'L:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '42' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Helper\bigsearchonline.dll
[DETECTION] Is the Trojan horse TR/BHO.adh.4
[NOTE] The file was deleted!
C:\WINDOWS\catchme.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Inject.PH
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'L:\' <IOMEGA_HDD>
End of the scan: lundi 12 mai 2008 01:56
Used time: 5:35:50 min
The scan has been done completely.
7738 Scanning directories
559806 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
559804 Files not concerned
13878 Archives were scanned
6 Warnings
2 Notes
Que dois faire maintenant
Voici le rapport Antivir
Avira AntiVir Personal
Report file date: dimanche 11 mai 2008 20:20
Scanning for 1258665 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: HP_Propriétaire
Computer name: DUCLUZEAUCARRAZ
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 17/04/2008 08:17:44
AVSCAN.DLL : 8.1.1.0 53505 Bytes 17/04/2008 08:17:44
LUKE.DLL : 8.1.2.9 151809 Bytes 17/04/2008 08:17:45
LUKERES.DLL : 8.1.2.1 12033 Bytes 17/04/2008 08:17:45
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:40:48
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 15:41:16
ANTIVIR3.VDF : 7.0.4.23 99840 Bytes 09/05/2008 15:40:26
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 17/04/2008 08:17:45
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09/05/2008 15:40:31
AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 15:40:17
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 08:27:28
AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 15:33:42
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 08:15:28
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09/05/2008 15:40:30
AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 08:15:14
AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 15:40:16
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 15:40:15
AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 15:40:14
AVWINLL.DLL : 1.0.0.7 14593 Bytes 17/04/2008 08:17:44
AVPREF.DLL : 8.0.0.1 25857 Bytes 17/04/2008 08:17:44
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 17/04/2008 08:17:44
AVARKT.DLL : 1.0.0.23 307457 Bytes 17/04/2008 08:17:44
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 17/04/2008 08:17:44
SQLITE3.DLL : 3.3.17.1 339968 Bytes 17/04/2008 08:17:45
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 17/04/2008 08:17:45
NETNT.DLL : 8.0.0.1 7937 Bytes 17/04/2008 08:17:45
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 17/04/2008 08:17:41
RCTEXT.DLL : 8.0.32.0 86273 Bytes 17/04/2008 08:17:41
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, L:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: dimanche 11 mai 2008 20:20
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'HelpSvc.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'L:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '42' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Helper\bigsearchonline.dll
[DETECTION] Is the Trojan horse TR/BHO.adh.4
[NOTE] The file was deleted!
C:\WINDOWS\catchme.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Inject.PH
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'L:\' <IOMEGA_HDD>
End of the scan: lundi 12 mai 2008 01:56
Used time: 5:35:50 min
The scan has been done completely.
7738 Scanning directories
559806 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
559804 Files not concerned
13878 Archives were scanned
6 Warnings
2 Notes
Que dois faire maintenant
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
juste suivre l'évolution du topique pour m'informer ,c'est tout .
Bonjour,
Je viens d'avoir ton message.
Je lance le scan en mode normal mais je ne suis pas sûr que cela marche ca rle virus bloque l'ordi. Si cela bloque, que dois-je faire?
Qe penses tu du rapport d'Antivir en mode sans échec. D'après Hijackthis, tu n'aspas des antivirus à me proposer.
Que veux tu dire par "écrit à la suite"
Je viens d'avoir ton message.
Je lance le scan en mode normal mais je ne suis pas sûr que cela marche ca rle virus bloque l'ordi. Si cela bloque, que dois-je faire?
Qe penses tu du rapport d'Antivir en mode sans échec. D'après Hijackthis, tu n'aspas des antivirus à me proposer.
Que veux tu dire par "écrit à la suite"
Voici le rapport du scan Antivir en mode normal
Que dois-faire
Avira AntiVir Personal
Report file date: lundi 12 mai 2008 12:01
Scanning for 1258665 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DUCLUZEAUCARRAZ
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 17/04/2008 08:17:44
AVSCAN.DLL : 8.1.1.0 53505 Bytes 17/04/2008 08:17:44
LUKE.DLL : 8.1.2.9 151809 Bytes 17/04/2008 08:17:45
LUKERES.DLL : 8.1.2.1 12033 Bytes 17/04/2008 08:17:45
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:40:48
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 15:41:16
ANTIVIR3.VDF : 7.0.4.23 99840 Bytes 09/05/2008 15:40:26
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 17/04/2008 08:17:45
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09/05/2008 15:40:31
AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 15:40:17
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 08:27:28
AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 15:33:42
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 08:15:28
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09/05/2008 15:40:30
AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 08:15:14
AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 15:40:16
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 15:40:15
AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 15:40:14
AVWINLL.DLL : 1.0.0.7 14593 Bytes 17/04/2008 08:17:44
AVPREF.DLL : 8.0.0.1 25857 Bytes 17/04/2008 08:17:44
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 17/04/2008 08:17:44
AVARKT.DLL : 1.0.0.23 307457 Bytes 17/04/2008 08:17:44
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 17/04/2008 08:17:44
SQLITE3.DLL : 3.3.17.1 339968 Bytes 17/04/2008 08:17:45
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 17/04/2008 08:17:45
NETNT.DLL : 8.0.0.1 7937 Bytes 17/04/2008 08:17:45
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 17/04/2008 08:17:41
RCTEXT.DLL : 8.0.32.0 86273 Bytes 17/04/2008 08:17:41
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, L:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: lundi 12 mai 2008 12:01
Starting search for hidden objects.
An ARK instance is already running.
The scan of running processes will be started
Scan process 'wuauclt.exe' - '0' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'Malwarrior.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'WinRemote.exe' - '1' Module(s) have been scanned
Scan process 'SchSvr.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'L:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '39' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP190\A0020379.dll
[DETECTION] Is the Trojan horse TR/BHO.adh.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP190\A0020380.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Inject.PH
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'L:\' <IOMEGA_HDD>
End of the scan: lundi 12 mai 2008 13:11
Used time: 1:09:12 min
The scan has been done completely.
7831 Scanning directories
563398 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
563396 Files not concerned
13878 Archives were scanned
6 Warnings
2 Notes
Que dois-faire
Avira AntiVir Personal
Report file date: lundi 12 mai 2008 12:01
Scanning for 1258665 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DUCLUZEAUCARRAZ
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 17/04/2008 08:17:44
AVSCAN.DLL : 8.1.1.0 53505 Bytes 17/04/2008 08:17:44
LUKE.DLL : 8.1.2.9 151809 Bytes 17/04/2008 08:17:45
LUKERES.DLL : 8.1.2.1 12033 Bytes 17/04/2008 08:17:45
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:40:48
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 15:41:16
ANTIVIR3.VDF : 7.0.4.23 99840 Bytes 09/05/2008 15:40:26
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 17/04/2008 08:17:45
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09/05/2008 15:40:31
AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 15:40:17
AERDL.DLL : 8.1.0.20 418165 Bytes 25/04/2008 08:27:28
AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 15:33:42
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 19/04/2008 08:15:28
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09/05/2008 15:40:30
AEHELP.DLL : 8.1.0.14 115063 Bytes 19/04/2008 08:15:14
AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 15:40:16
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 15:40:15
AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 15:40:14
AVWINLL.DLL : 1.0.0.7 14593 Bytes 17/04/2008 08:17:44
AVPREF.DLL : 8.0.0.1 25857 Bytes 17/04/2008 08:17:44
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 17/04/2008 08:17:44
AVARKT.DLL : 1.0.0.23 307457 Bytes 17/04/2008 08:17:44
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 17/04/2008 08:17:44
SQLITE3.DLL : 3.3.17.1 339968 Bytes 17/04/2008 08:17:45
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 17/04/2008 08:17:45
NETNT.DLL : 8.0.0.1 7937 Bytes 17/04/2008 08:17:45
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 17/04/2008 08:17:41
RCTEXT.DLL : 8.0.32.0 86273 Bytes 17/04/2008 08:17:41
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, L:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: lundi 12 mai 2008 12:01
Starting search for hidden objects.
An ARK instance is already running.
The scan of running processes will be started
Scan process 'wuauclt.exe' - '0' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'Malwarrior.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'WinRemote.exe' - '1' Module(s) have been scanned
Scan process 'SchSvr.exe' - '1' Module(s) have been scanned
Scan process 'kbd.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'L:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '39' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP190\A0020379.dll
[DETECTION] Is the Trojan horse TR/BHO.adh.4
[NOTE] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP190\A0020380.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Inject.PH
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>
Begin scan in 'L:\' <IOMEGA_HDD>
End of the scan: lundi 12 mai 2008 13:11
Used time: 1:09:12 min
The scan has been done completely.
7831 Scanning directories
563398 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
563396 Files not concerned
13878 Archives were scanned
6 Warnings
2 Notes
Défragmenter le disque dur:
*Pour l'exécuter, cliquez sur le bouton Démarrer, sur Tous les programmes, sur Accessoires, Outils systèmes puis sur Défragmenteur de disque.
*cliquez sur le bouton Analyser. Le logiciel examine alors votre disque dur.
*Cliquez sur le bouton Afficher le rapport. (enregistre le et poste le moi stp)
*cliquez sur le bouton Défragmenter.
*Pour l'exécuter, cliquez sur le bouton Démarrer, sur Tous les programmes, sur Accessoires, Outils systèmes puis sur Défragmenteur de disque.
*cliquez sur le bouton Analyser. Le logiciel examine alors votre disque dur.
*Cliquez sur le bouton Afficher le rapport. (enregistre le et poste le moi stp)
*cliquez sur le bouton Défragmenter.
rapport défrag :
Volume HP_PAVILION (C:)
Taille du volume = 143 Go
Taille de cluster = 4 Ko
Espace utilisé = 57.56 Go
Espace libre = 85.48 Go
Pourcentage d'espace libre = 59 %
Fragmentation du volume
Fragmentation totale = 0 %
Fragmentation de fichiers = 0 %
Fragmentation de l'espace libre = 0 %
Fragmentation de fichiers
Total de fichiers = 105,134
Taille moyenne de fichier = 668 Ko
Total de fichiers fragmentés = 0
Total de fragments en trop = 3
Nombre moyen de fragments par fichier = 1.00
Fragmentation du fichier paginé
Taille du fichier paginé = 1.50 Go
Total de fragments = 1
Fragmentation de dossier
Total de dossiers = 6,886
Dossiers fragmentés = 1
Fragments de dossiers en trop = 0
Fragmentation de la table de fichiers principale (MFT)
Taille totale de la MFT = 129 Mo
Nombre d'enregistrements dans la MFT = 112,170
Pourcentage d'utilisation de la MFT = 84 %
Total de fragments dans la MFT = 2
--------------------------------------------------------------------------------
Fragments Taille du fichierFichiers qui ne peuvent pas être défragmentés
Aucun
Rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24, on 2008-05-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: QXK Rhythm - {052C54A4-6CB7-426C-BB6C-C4BD98786E40} - C:\WINDOWS\fvowketqeoq.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3A8F41A2-6DFC-44F0-B1B9-CEC8C880CEC8} - C:\WINDOWS\system32\ssqOGxYq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {88EBBE0B-5FF8-4B84-B043-71A216374A5B} - C:\WINDOWS\system32\wvUmnNEX.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: pvnsmfor - {2B99C85C-1A51-4117-B481-BEA6F99D2BBF} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [541f666e] rundll32.exe "C:\WINDOWS\system32\wtbhfikg.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: wvUmnNEX - wvUmnNEX.dll (file missing)
O21 - SSODL: vbksrofa - {F565C044-FE1B-4632-A618-23CF549DC668} - C:\WINDOWS\vbksrofa.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Volume HP_PAVILION (C:)
Taille du volume = 143 Go
Taille de cluster = 4 Ko
Espace utilisé = 57.56 Go
Espace libre = 85.48 Go
Pourcentage d'espace libre = 59 %
Fragmentation du volume
Fragmentation totale = 0 %
Fragmentation de fichiers = 0 %
Fragmentation de l'espace libre = 0 %
Fragmentation de fichiers
Total de fichiers = 105,134
Taille moyenne de fichier = 668 Ko
Total de fichiers fragmentés = 0
Total de fragments en trop = 3
Nombre moyen de fragments par fichier = 1.00
Fragmentation du fichier paginé
Taille du fichier paginé = 1.50 Go
Total de fragments = 1
Fragmentation de dossier
Total de dossiers = 6,886
Dossiers fragmentés = 1
Fragments de dossiers en trop = 0
Fragmentation de la table de fichiers principale (MFT)
Taille totale de la MFT = 129 Mo
Nombre d'enregistrements dans la MFT = 112,170
Pourcentage d'utilisation de la MFT = 84 %
Total de fragments dans la MFT = 2
--------------------------------------------------------------------------------
Fragments Taille du fichierFichiers qui ne peuvent pas être défragmentés
Aucun
Rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24, on 2008-05-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: QXK Rhythm - {052C54A4-6CB7-426C-BB6C-C4BD98786E40} - C:\WINDOWS\fvowketqeoq.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3A8F41A2-6DFC-44F0-B1B9-CEC8C880CEC8} - C:\WINDOWS\system32\ssqOGxYq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {88EBBE0B-5FF8-4B84-B043-71A216374A5B} - C:\WINDOWS\system32\wvUmnNEX.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: pvnsmfor - {2B99C85C-1A51-4117-B481-BEA6F99D2BBF} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [541f666e] rundll32.exe "C:\WINDOWS\system32\wtbhfikg.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: wvUmnNEX - wvUmnNEX.dll (file missing)
O21 - SSODL: vbksrofa - {F565C044-FE1B-4632-A618-23CF549DC668} - C:\WINDOWS\vbksrofa.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Ok dans Hijackthis coches cette ligne puis tu cliques sur fix cheded.
O2 - BHO: QXK Rhythm - {052C54A4-6CB7-426C-BB6C-C4BD98786E40} - C:\WINDOWS\fvowketqeoq.dll (file missing)
O2 - BHO: (no name) - {88EBBE0B-5FF8-4B84-B043-71A216374A5B} - C:\WINDOWS\system32\wvUmnNEX.dll (file missing)
O3 - Toolbar: pvnsmfor - {2B99C85C-1A51-4117-B481-BEA6F99D2BBF} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [541f666e] rundll32.exe "C:\WINDOWS\system32\wtbhfikg.dll",b
O20 - Winlogon Notify: wvUmnNEX - wvUmnNEX.dll (file missing)
REPOSTE UN NOUVEAU RAPPORT
O2 - BHO: QXK Rhythm - {052C54A4-6CB7-426C-BB6C-C4BD98786E40} - C:\WINDOWS\fvowketqeoq.dll (file missing)
O2 - BHO: (no name) - {88EBBE0B-5FF8-4B84-B043-71A216374A5B} - C:\WINDOWS\system32\wvUmnNEX.dll (file missing)
O3 - Toolbar: pvnsmfor - {2B99C85C-1A51-4117-B481-BEA6F99D2BBF} - C:\WINDOWS\pvnsmfor.dll (file missing)
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [541f666e] rundll32.exe "C:\WINDOWS\system32\wtbhfikg.dll",b
O20 - Winlogon Notify: wvUmnNEX - wvUmnNEX.dll (file missing)
REPOSTE UN NOUVEAU RAPPORT
Rapport HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58, on 2008-05-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {88EBBE0B-5FF8-4B84-B043-71A216374A5B} - C:\WINDOWS\system32\wvUmnNEX.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O21 - SSODL: vbksrofa - {F565C044-FE1B-4632-A618-23CF549DC668} - C:\WINDOWS\vbksrofa.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58, on 2008-05-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.118712.fr/sortir.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {88EBBE0B-5FF8-4B84-B043-71A216374A5B} - C:\WINDOWS\system32\wvUmnNEX.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O21 - SSODL: vbksrofa - {F565C044-FE1B-4632-A618-23CF549DC668} - C:\WINDOWS\vbksrofa.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connexion Internet.
Double clique dessus pour lancer l installation . Accepte la licence qui va apparaître par " I agree" .
Puis clique sur "Do a system scan and save a logfile"
Ferme HijackThis et fais un copier-coller du rapport en entier et poste le ici en réponse.
Note : le rapport se trouve dans C:\Program Files\Trend Micro\HijackThis
Tuto : "générer un rapport" http://pageperso.aol.fr/balltrap34/demohijack.htm
C'est de pire en pire.
L'ordi met lontemps à s'allumer. J'ai aussi unicone MailWarrior
Voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:06, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\D18PV9OQ\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: QXK Rhythm - {052C54A4-6CB7-426C-BB6C-C4BD98786E40} - C:\WINDOWS\fvowketqeoq.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ColorUtility module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\ColorUtility\ColorUtility.dll
O2 - BHO: (no name) - {657F526D-E6F1-4666-98BC-1C763889F1D6} - C:\WINDOWS\system32\ssqOGxYq.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {88EBBE0B-5FF8-4B84-B043-71A216374A5B} - C:\WINDOWS\system32\wvUmnNEX.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: pvnsmfor - {2B99C85C-1A51-4117-B481-BEA6F99D2BBF} - C:\WINDOWS\pvnsmfor.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Fichiers communs\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [WINREMOTE] "C:\Program Files\InterVideo\Common\Bin\WinRemote.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [541f666e] rundll32.exe "C:\WINDOWS\system32\oddfovpt.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MalWarrior] "C:\Documents and Settings\All Users\Application Data\Adsl Software Limited\MalWarrior 2008\Malwarrior.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O20 - Winlogon Notify: wvUmnNEX - C:\WINDOWS\SYSTEM32\wvUmnNEX.dll
O21 - SSODL: mpfanvqg - {879E0857-4799-4EAF-AD1E-51E121F38422} - C:\WINDOWS\mpfanvqg.dll
O21 - SSODL: vbksrofa - {F565C044-FE1B-4632-A618-23CF549DC668} - C:\WINDOWS\vbksrofa.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe