Bonjour, Un fond d'écran bleu avec l'incription : warning:spyware has been detected on your pc s'est mis tout seul sur mon ordinateur et je ne peux plus le changer.. De plus, un triangle avec 1 point d'éxclamation s'affiche en bas à gaucher de l'écran. Cela me dit que mon ordinateur a été attaqué par des spyware ou virus. Windows sécurity center me dit que je suis infecté par un virus trojan downloader XS. J' ai norton antivirus. Il détecte le virus trojan mais n arrive pas a le supprimer. Quelqu'un peut il m aider???? Merci

Bonjour Norton n'est pas un antivirus OUI ! C'est un antivirus. solution 3 : tu sauvegardes et tu formates.... désolé mais c'est l'ultime solution Il y a d'autres solutions avant. yas, Commence par faire ceci. 1 Télécharge CCleaner. http://www.filehippo.com/download_ccleaner.html Installe le dans un répertoire dédié. (attention à l'installation penser à DECOCHER l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner). AVG Anti-Spyware https://kerio.probb.fr/t387-tuto-avg-anti-spyware-anti-spyware Tu l'installes. Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente 2 Redémarre en mode sans echec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire. Démarre l'ordinateur. Une fois le chargement du BIOS terminé, il y a un écran noir. Appuye sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows. En utilisant les touches du curseur, sélectionne Mode sans échec et appuye sur Entrée. http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php 3 Lance le nettoyage avec CCleaner. Tutorial ici: https://kerio.probb.fr/t242-tuto-ccleaner-v-2 https://www.malekal.com/tutoriel-ccleaner/ http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 4 Lance Lance AVG Anti-Spyware Clique sur le bouton Analyse (de la barre d'outils) Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantine. Reviens à l'onglet Analyse. Clique sur Analyse complète du système. A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 5 Redémarre normalement et poste le rapport d'AVG Anti-Spyware avec un rapport 6 F - Hijackthis - Outil de diagnostic et réparation télécharge HijackThis ici: http://telechargement.zebulon.fr/138-hijackthis-1991.html https://kerio.probb.fr/t62-comment-utiliser-et-comprendre-hijackthis Dézippe le dans un dossier prévu à cet effet. Par exemple C:\hijackthis < Enregistre le bien dans c : ! Démo : (Merci a Balltrap34 pour cette réalisation) http://pageperso.aol.fr/balltrap34/Hijenr.gif Lance le puis: clique sur "do a system scan and save logfile" (cf démo) faire un copier coller du log entier sur le forum Démo : (Merci a Balltrap34 pour cette réalisation) http://pageperso.aol.fr/balltrap34/demohijack.htm http://www.tutoriaux-excalibur.com/hijackthis.htm https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html Bon courage A+

Virus trojan, écran bleu,

Réponse 21 / 36

yas

merci beaucoup pour ton aide !!!!!! je fais ca tout de suite

Réponse 22 / 36

yas

le log je le fait en mode sans échec ou normal?

Réponse 23 / 36

yas

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:50, on 25.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\713xRMTMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\713xRMT.exe
C:\WINDOWS\713xRMT.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\install\lsass.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\mjc\mjc.exe
C:\Documents and Settings\install\Application Data\SpeedRunner\SpeedRunner.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {393D097B-570F-455F-94AC-183373D073C8} - C:\WINDOWS\system32\efcATNGa.dll (file missing)
O2 - BHO: (no name) - {55D099A1-2779-4954-AE92-AE171A87AB23} - C:\WINDOWS\system32\atmf.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {5A3BF836-D8F6-4E33-89C3-83DD86429528} - C:\WINDOWS\system32\atmf.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: adzgalore - {81527d35-a848-f18a-62aa-f1bfdec28f94} - C:\WINDOWS\system32\nsy1D.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: cpmsky browser optimizer - {b50c1904-415a-9189-6d45-7e8dc86af7b1} - C:\WINDOWS\system32\{323747e9-f21f-c3a1-2b62-a350d1a6f042}.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: mysidesearch search enhancer - {c658010d-1c79-9bc3-04f2-7071b264d716} - C:\WINDOWS\system32\ufzzwejtyhwjfp.dll
O2 - BHO: (no name) - {CFF5C0E4-8744-4034-8B12-04C20B895DFF} - C:\WINDOWS\system32\atmf.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{bc04511e-b96b-4188-dfca-a1447a88dc7b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{323747e9-f21f-c3a1-2b62-a350d1a6f042}.dll" DllInit
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\install\lsass.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\install\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\install\Application Data\Microsoft\Windows\sxlap.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ScheduleTV.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: efcATNGa - efcATNGa.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

Réponse 24 / 36

yas1217 Messages postés 42 Statut Membre

après tout ça mon ordi va un petit peu mieux mais j ai toujours le point d exclamation qui apparaît en bas a droite au démarrage de windows et qui me dit :alert system, et il y a toujours des pages de pub qui s'ouvrent toutes seules

Réponse 25 / 36

^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention 3 279

Bon, on avance à petit pas
Ton PC n'est pas protégé...

1/ Désinstalle Norton en suivant la procédure sur ce lien
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

2/ Tu installes ANTIVIR (en Anglais mais très simple d'utilisation ► suivre les tutos)
ANTIVIR
https://www.avira.com/
Tuto
http://speedweb1.free.fr/frames2.php?page=tuto5
http://mr.dodo.perso.cegetel.net/tuto21.htm
https://www.malekal.com/tutorial-sur-lantivirus-antivir/

3/ Une fois Antivir installé, tu fais un scan, et tu colles le rapport ici

4/ Tu refais un log hijackthis

A+

Réponse 26 / 36

yas1217 Messages postés 42 Statut Membre

ok je suis en train de faire ca. c est normal si c'est très très long le scan???
merci
++

Réponse 27 / 36

yas1217 Messages postés 42 Statut Membre

voilà le rapport antivir,
j'ai juste 1 question: quand antivir detecte 1 virus est ce qu il faut le supprimer ou le mettre en quarantaine??
merci

Avira AntiVir Personal
Report file date: mercredi, 25. juin 2008 13:55

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: 0AF3669DAFE84C9

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09.04.2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18.03.2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07.02.2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28.02.2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21.02.2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07.03.2008 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21.03.2008 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25.03.2008 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25.02.2008 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07.04.2008 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 07.04.2008 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 07.04.2008 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 18.03.2008 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07.04.2008 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07.04.2008 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 07.04.2008 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 07.04.2008 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 07.04.2008 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 08.04.2008 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23.01.2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18.02.2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23.01.2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28.02.2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23.01.2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10.03.2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06.03.2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi, 25. juin 2008 13:55

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'msn_sl.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'bgsvcgen.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process '713xRMT.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'scheduleTV.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'SpeedRunner.exe' - '1' Module(s) have been scanned
Scan process 'mjc.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'ipoint.exe' - '1' Module(s) have been scanned
Scan process 'itype.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process '713xRMTMon.exe' - '1' Module(s) have been scanned
Scan process 'opware32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'printray.exe' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Lexpps.exe' - '1' Module(s) have been scanned
Scan process 'LexBceS.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
58 processes with 58 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '35' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{901F5D84-42E7-4CF4-84E1-8E55772FA262}\RP972\A0264650.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Agui.A.3
[NOTE] The file was deleted!
C:\System Volume Information\_restore{901F5D84-42E7-4CF4-84E1-8E55772FA262}\RP974\A0266751.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[NOTE] The file was moved to '48944588.qua'!
C:\System Volume Information\_restore{901F5D84-42E7-4CF4-84E1-8E55772FA262}\RP974\A0266752.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[NOTE] The file was moved to '4894458b.qua'!
C:\System Volume Information\_restore{901F5D84-42E7-4CF4-84E1-8E55772FA262}\RP989\A0277532.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.dck
[NOTE] The file was moved to '489445b5.qua'!

End of the scan: mercredi, 25. juin 2008 15:33
Used time: 1:38:24 min

The scan has been done completely.

10789 Scanning directories
567502 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
567498 Files not concerned
4422 Archives were scanned
1 Warnings
4 Notes

Réponse 28 / 36

yas1217 Messages postés 42 Statut Membre

et voilà le log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:36:48, on 25.06.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\713xRMTMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Documents and Settings\install\lsass.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mjc\mjc.exe
C:\Documents and Settings\install\Application Data\SpeedRunner\SpeedRunner.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\713xRMT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {393D097B-570F-455F-94AC-183373D073C8} - C:\WINDOWS\system32\efcATNGa.dll (file missing)
O2 - BHO: (no name) - {55D099A1-2779-4954-AE92-AE171A87AB23} - C:\WINDOWS\system32\atmf.dll
O2 - BHO: (no name) - {587dbf2d-9145-4c9e-92c2-1f953da73773} - (no file)
O2 - BHO: (no name) - {5A3BF836-D8F6-4E33-89C3-83DD86429528} - C:\WINDOWS\system32\atmf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {799a370d-5993-4887-9df7-0a4756a77d00} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: adzgalore - {81527d35-a848-f18a-62aa-f1bfdec28f94} - C:\WINDOWS\system32\nsy1D.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98dbbf16-ca43-4c33-be80-99e6694468a4} - (no file)
O2 - BHO: (no name) - {a55581dc-2cdb-4089-8878-71a080b22342} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: cpmsky browser optimizer - {b50c1904-415a-9189-6d45-7e8dc86af7b1} - C:\WINDOWS\system32\{323747e9-f21f-c3a1-2b62-a350d1a6f042}.dll
O2 - BHO: (no name) - {b847676d-72ac-4393-bfff-43a1eb979352} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: mysidesearch search enhancer - {c658010d-1c79-9bc3-04f2-7071b264d716} - C:\WINDOWS\system32\ufzzwejtyhwjfp.dll
O2 - BHO: (no name) - {CFF5C0E4-8744-4034-8B12-04C20B895DFF} - C:\WINDOWS\system32\atmf.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{bc04511e-b96b-4188-dfca-a1447a88dc7b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{323747e9-f21f-c3a1-2b62-a350d1a6f042}.dll" DllInit
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\install\lsass.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\install\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\install\Application Data\Microsoft\Windows\sxlap.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ScheduleTV.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: efcATNGa - efcATNGa.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

Réponse 29 / 36

yas1217 Messages postés 42 Statut Membre

Si ça peut t'aider a trouver mes infections_ mtn que j ai installé antivir, dès que j ouvre internet y a 4 ou 5 virus qui sont détectés. ah et j ai vraiment besoin de savoir ce que je dois faire de ces virus???? les effacer, les rejeter, les supprimer???
merci
++

Réponse 30 / 36

yas1217 Messages postés 42 Statut Membre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:57, on 2008-06-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\713xRMTMon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mjc\mjc.exe
C:\WINDOWS\713xRMT.exe
C:\WINDOWS\713xRMT.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis.exe
C:\Program Files\Windows Defender\MpCmdRun.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: cpmsky browser optimizer - {b50c1904-415a-9189-6d45-7e8dc86af7b1} - C:\WINDOWS\system32\{323747e9-f21f-c3a1-2b62-a350d1a6f042}.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: mysidesearch search enhancer - {c658010d-1c79-9bc3-04f2-7071b264d716} - C:\WINDOWS\system32\ufzzwejtyhwjfp.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{bc04511e-b96b-4188-dfca-a1447a88dc7b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{323747e9-f21f-c3a1-2b62-a350d1a6f042}.dll" DllInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ScheduleTV.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: efcATNGa - efcATNGa.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Réponse 31 / 36

yas1217 Messages postés 42 Statut Membre

Par contre j ai 1 ptit prob avec le rapport combofix, a la fin de combofix, le rapport ne s'est pas ouvert, et je l 'ai chercher dans C:/ Combofix.txt mais ne l ai pas trouvé :(

Réponse 32 / 36

yas1217 Messages postés 42 Statut Membre

est-ce que c'est ça???:

ComboFix 08-06-20.4 - install 2008-06-26 10:19:03.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.204 [GMT 2:00]
Endroit: C:\Documents and Settings\install\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\install\Application Data\SpeedRunner
C:\Documents and Settings\install\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\install\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\install\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\install\lsass.exe
C:\Documents and Settings\Jalil\services.exe
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\inetget2
C:\Program Files\inetget2\ISMSetup Venora2 (aid=28 gab10).exe
C:\Program Files\Mozilla Firefox\components\nsBrowserGal.dll
C:\Program Files\network monitor
C:\Program Files\Spcron
C:\Program Files\SpyMaxx
C:\Program Files\SpyMaxx\SpyMaxx.exe.MANIFEST
C:\Program Files\SpyMaxx\uninstall.log
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\setup.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\atmf.dll
C:\WINDOWS\system32\ctuzxsal.exe
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nsy1D.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETWORK_MONITOR

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-26 to 2008-06-26 ))))))))))))))))))))))))))))))))))))
.

2008-06-25 20:25 . 2008-06-25 20:25 0 --a------ C:\WINDOWS\nsreg.dat
2008-06-25 18:39 . 2008-06-25 18:39 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-06-25 13:52 . 2008-06-25 13:52 <REP> d-------- C:\Program Files\Avira
2008-06-25 13:13 . 2008-06-25 13:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-25 10:23 . 2008-06-25 11:06 3,552 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-25 10:22 . 2008-06-23 23:34 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-06-25 10:21 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-06-25 10:21 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-06-25 10:21 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-06-25 10:21 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-06-25 10:21 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-06-25 10:21 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-06-25 10:21 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-06-25 10:21 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-06-24 11:30 . 2008-06-24 16:17 <REP> d-------- C:\Program Files\Navilog1
2008-06-23 14:02 . 2008-06-23 14:03 401,720 --a------ C:\HiJackThis.exe
2008-06-23 09:13 . 2008-06-23 09:13 <REP> d-------- C:\Documents and Settings\install\Application Data\Grisoft
2008-06-23 09:12 . 2008-06-23 09:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-23 09:12 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-23 09:05 . 2008-06-23 13:55 <REP> d-------- C:\Program Files\Yahoo!
2008-06-23 09:05 . 2008-06-23 09:06 <REP> d-------- C:\Program Files\CCleaner
2008-06-19 12:50 . 2008-06-19 12:50 <REP> d-------- C:\Program Files\inKline Global
2008-06-18 13:47 . 2008-06-18 13:47 <REP> d-------- C:\WINDOWS\AU_Temp
2008-06-18 13:47 . 2008-06-18 13:24 34,809,465 --a------ C:\WINDOWS\LPT$VPN.349
2008-06-18 13:28 . 2008-06-18 13:28 <REP> d-------- C:\WINDOWS\backup
2008-06-18 13:27 . 2008-06-18 13:27 <REP> d-------- C:\WINDOWS\report
2008-06-18 13:24 . 2008-06-18 13:47 <REP> d-------- C:\WINDOWS\AU_Backup
2008-06-18 13:24 . 2008-06-18 13:24 1,959,409 --a------ C:\WINDOWS\tsc.ptn
2008-06-18 13:24 . 2008-06-18 13:47 1,213,784 --a------ C:\WINDOWS\vsapi32.dll
2008-06-18 13:24 . 2008-06-18 13:24 333,576 --a------ C:\WINDOWS\TSC.exe
2008-06-18 13:24 . 2008-06-18 13:47 91,744 --a------ C:\WINDOWS\BPMNT.dll
2008-06-18 13:24 . 2008-06-18 13:24 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-06-18 13:24 . 2008-06-18 13:54 823 --a------ C:\WINDOWS\tsc.ini
2008-06-18 13:23 . 2008-06-18 13:24 34,809,465 --a------ C:\WINDOWS\VPTNFILE.349
2008-06-18 13:21 . 2008-06-18 13:47 170 --a------ C:\WINDOWS\GetServer.ini
2008-06-18 13:05 . 2008-06-18 13:05 <REP> d-------- C:\WINDOWS\AU_Log
2008-06-18 12:40 . 2008-06-18 12:40 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-06-18 12:40 . 2008-06-18 12:40 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-06-18 12:40 . 2008-06-18 12:40 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-06-17 19:01 . 2008-06-25 13:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-17 17:51 . 2008-06-17 17:51 77 --a------ C:\Documents and Settings\Jalil\2569.bat
2008-06-17 17:40 . 2008-06-17 18:41 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-17 17:29 . 2008-06-17 17:32 <REP> d-------- C:\Program Files\mjc
2008-06-16 20:05 . 2008-06-16 20:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-16 18:36 . 2008-06-16 18:37 <REP> d-------- C:\Program Files\Safari
2008-06-16 17:25 . 2008-06-16 17:25 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-06-16 17:00 . 2008-06-18 02:11 <REP> d-------- C:\WINDOWS\system32\netrax18
2008-06-16 17:00 . 2008-06-18 02:09 <REP> d-------- C:\WINDOWS\system32\MRI
2008-06-16 17:00 . 2008-06-16 17:02 <REP> d-------- C:\WINDOWS\system32\goc
2008-06-16 17:00 . 2008-06-16 17:02 <REP> d-------- C:\WINDOWS\system32\ert
2008-06-16 17:00 . 2008-06-16 21:04 <REP> d--hs---- C:\WINDOWS\Kg
2008-06-16 17:00 . 2008-06-16 17:00 <REP> d-------- C:\TEMP\itmp4
2008-06-16 17:00 . 2008-06-16 17:01 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-06-16 16:54 . 2008-06-16 16:54 90,923 --a------ C:\WINDOWS\system32\ufzzwejtyhwjfp.dll-uninst.exe
2008-06-16 16:53 . 2008-06-16 16:53 63,916 --a------ C:\WINDOWS\system32\{323747e9-f21f-c3a1-2b62-a350d1a6f042}.dll-uninst.exe
2008-06-16 16:50 . 2008-06-16 16:50 <REP> d-------- C:\Program Files\FBrowserAdvisor
2008-06-16 16:50 . 2008-06-16 16:52 <REP> d-------- C:\Program Files\BrowsingEnhancer
2008-06-16 16:42 . 2008-06-16 16:42 <REP> d-------- C:\Program Files\XLView
2008-06-13 17:35 . 2008-06-13 17:35 <REP> d-------- C:\Documents and Settings\install\Application Data\vlc
2008-06-13 17:32 . 2008-06-13 17:32 <REP> d-------- C:\WINDOWS\MaxTV
2008-06-13 17:32 . 2008-06-13 17:37 <REP> d-------- C:\Program Files\DMV
2008-06-13 17:23 . 2008-06-13 17:23 <REP> d-------- C:\Program Files\Fichiers communs\Vbox
2008-06-13 17:19 . 2008-06-13 17:20 <REP> d-------- C:\AdobePhotoshopCS_Fr
2008-06-13 17:18 . 2008-06-13 17:19 160,808,873 --a------ C:\AdobePhotoshopCS_Fr.zip
2008-06-13 15:32 . 2008-06-13 15:32 <REP> d-------- C:\Program Files\Guitar Pro 5
2008-06-12 15:11 . 2008-06-12 15:19 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-11 10:40 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 10:40 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 10:54 . 2008-06-09 10:55 <REP> d-------- C:\Program Files\iTunes
2008-06-09 10:54 . 2008-06-09 10:54 <REP> d-------- C:\Program Files\iPod
2008-06-09 10:53 . 2008-06-26 10:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-09 10:53 . 2008-06-09 10:53 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-09 10:45 . 2008-06-09 10:45 <REP> d-------- C:\Program Files\Apple Software Update
2008-06-07 09:40 . 2008-06-07 09:40 444,928 --a------ C:\WINDOWS\system32\ufzzwejtyhwjfp.dll
2008-06-03 15:02 . 2008-06-03 15:02 <REP> d-------- C:\Documents and Settings\Jalil\Application Data\Talkback
2008-06-02 17:31 . 2008-06-02 17:31 <REP> d-------- C:\Documents and Settings\yasmine\Application Data\Talkback
2008-06-01 22:29 . 2008-06-01 22:29 <REP> d-------- C:\Documents and Settings\install\Application Data\Talkback
2008-06-01 22:16 . 2006-10-05 04:42 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-06-01 22:16 . 2006-10-05 04:42 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-05-31 13:51 . 2008-05-31 13:51 <REP> d-------- C:\Program Files\Incomplete
2008-05-30 14:36 . 2008-05-30 14:37 <REP> d-------- C:\Program Files\Larousse
2008-05-30 14:34 . 2008-05-30 14:48 <REP> d-------- C:\Program Files\Votre sant‚ au quotidien

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 11:10 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-06-25 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-25 09:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-24 14:55 --------- d-----w C:\Program Files\eMule
2008-06-19 14:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-19 08:11 --------- d-----w C:\Documents and Settings\install\Application Data\Apple Computer
2008-06-17 16:48 --------- d-----w C:\Documents and Settings\install\Application Data\LimeWire
2008-06-16 18:05 --------- d-----w C:\Program Files\Lavasoft
2008-06-16 18:05 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-06-16 16:53 --------- d-----w C:\Documents and Settings\yasmine\Application Data\Apple Computer
2008-06-13 14:53 --------- d-----w C:\Documents and Settings\install\Application Data\Canon
2008-06-13 13:14 --------- d-----w C:\Documents and Settings\yasmine\Application Data\Canon
2008-06-12 13:03 --------- d-----w C:\Program Files\Windows Live
2008-06-09 08:51 --------- d-----w C:\Program Files\QuickTime
2008-06-02 16:55 --------- d-----w C:\Program Files\Google
2008-06-01 20:16 --------- d-----w C:\Program Files\Picasa2
2008-05-30 12:48 --------- d-----w C:\Program Files\Votre santé au quotidien
2008-05-18 18:20 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-02 14:05 --------- d-----w C:\Documents and Settings\Jalil\Application Data\Canon
2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2007-09-19 12:14 92,064 ----a-w C:\Documents and Settings\install\mqdmmdm.sys
2007-09-19 12:14 9,232 ----a-w C:\Documents and Settings\install\mqdmmdfl.sys
2007-09-19 12:14 79,328 ----a-w C:\Documents and Settings\install\mqdmserd.sys
2007-09-19 12:14 66,656 ----a-w C:\Documents and Settings\install\mqdmbus.sys
2007-09-19 12:14 6,208 ----a-w C:\Documents and Settings\install\mqdmcmnt.sys
2007-09-19 12:14 5,936 ----a-w C:\Documents and Settings\install\mqdmwhnt.sys
2007-09-19 12:14 4,048 ----a-w C:\Documents and Settings\install\mqdmcr.sys
2007-09-19 12:14 25,600 ----a-w C:\Documents and Settings\install\usbsermptxp.sys
2007-09-19 12:14 22,768 ----a-w C:\Documents and Settings\install\usbsermpt.sys
2007-05-07 17:30 87,608 ----a-w C:\Documents and Settings\install\Application Data\ezpinst.exe
2007-05-07 17:30 47,360 ----a-w C:\Documents and Settings\install\Application Data\pcouffin.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b50c1904-415a-9189-6d45-7e8dc86af7b1}]
2008-05-05 13:33 332288 --a------ C:\WINDOWS\system32\{323747e9-f21f-c3a1-2b62-a350d1a6f042}.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c658010d-1c79-9bc3-04f2-7071b264d716}]
2008-06-07 09:40 444928 --a------ C:\WINDOWS\system32\ufzzwejtyhwjfp.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 21:57 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"WINSOS VERIFY"="C:\Program Files\Winsos\WINSOS.EXE" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-09 20:17 68856]
"mjc"="C:\Program Files\mjc\mjc.exe" [2008-06-17 17:29 145408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2003-03-11 11:24 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2003-03-11 11:11 114688]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 13:01 1397760]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [2000-05-10 09:55 36864]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\713xRMTMon.exe" [2005-03-25 06:00 352256]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Desktop\V5.1\moffice.exe" [2008-04-26 15:39 0]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-08 01:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 01:15 600896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"{bc04511e-b96b-4188-dfca-a1447a88dc7b}"="C:\WINDOWS\system32\{323747e9-f21f-c3a1-2b62-a350d1a6f042}.dll" [2008-05-05 13:33 332288]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\efcATNGa]
efcATNGa.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
"vidc.xvid"= xvid.dll
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\orbd.exe"=
"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\tnameserv.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Zattoo\\Zattoo1.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 713xTVCard;SAA7130 TV Card;C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2005-03-15 06:00]
R2 WDMTVTuner;Universal WDM TV Tuner;C:\WINDOWS\system32\drivers\WDMTuner.sys [2005-03-30 06:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24dee1f2-6850-11dc-a547-806d6172696f}]
\Shell\Auto\command - F:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e38f62b1-796e-11db-96e3-00112fcc665a}]
\Shell\Auto\command - wscript "esta ig.vbs"
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript "esta ig.vbs"

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-06-24 18:13:54 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-26 08:40:05 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-06-26 08:36:45 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-01 01:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-18 01:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job"
- C:\Program Files\RegistrySmart\RegistrySmart.ex
- C:\Program Files\RegistrySmart
"2008-06-26 08:41:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Réponse 33 / 36

yas1217 Messages postés 42 Statut Membre

que dois-je faire maintenant???
merci

Réponse 34 / 36

^^Marie^^ Messages postés 41884 Date d'inscription Statut Membre Dernière intervention 3 279

Slt

Relance un log hijackthis -- stp

Comment se comporte ton pc ?

Réponse 35 / 36

yas1217 Messages postés 42 Statut Membre

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:20, on 2008-06-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\713xRMTMon.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\mjc\mjc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\honestech\honestech TVR\scheduleTV.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\713xRMT.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: cpmsky browser optimizer - {b50c1904-415a-9189-6d45-7e8dc86af7b1} - C:\WINDOWS\system32\{323747e9-f21f-c3a1-2b62-a350d1a6f042}.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: mysidesearch search enhancer - {c658010d-1c79-9bc3-04f2-7071b264d716} - C:\WINDOWS\system32\ufzzwejtyhwjfp.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Desktop\V5.1\moffice.exe
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{bc04511e-b96b-4188-dfca-a1447a88dc7b}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{323747e9-f21f-c3a1-2b62-a350d1a6f042}.dll" DllInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [mjc] C:\Program Files\mjc\mjc.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: ScheduleTV.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.ch/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: efcATNGa - efcATNGa.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Réponse 36 / 36

yas1217 Messages postés 42 Statut Membre

Quand j allume l ordi un message s'affiche: RUNDLL, erreur de chargement de C:\WINDOWS\system32...avec pleins de chiffres et de lettres, et ca dit aussi : le module spécifié est introuvable

Virus trojan, écran bleu,

36 réponses

Votre réponse

Discussions similaires

Newsletters