Virus infernal sur mon PC

guid -  
 guid -
Bonjour,

J'ai détecté hier un virus semblant s'intituler Virtuomonde, j'ai tenté plusieurs procédures en mode sans échec avec antivir, spybot, malwarebytes et meme avast. Rien à faire, j'ai toujours des alertes windows qui me stipulent que j'ai différentes infections tels que bankfraud, tiny.h, clikker, keylogger, greenscreen ou autre. Bref, je sais plus quoi faire !
J'ai meme l'impression que c'est de pire en pire car apres multiples scans mon antivir me détecte de plus en plus de menaces.
S'il est vrai que je suis prudent sur le net, j'ai cliqué betement sur une mise a jour java qui n'en était pas une !
ET CA M'ENNERVE !

Merci de me venir en aide

PC sous vista
IE7

Ci dessous le raport de mon antivir apres scan :

Avira AntiVir Personal
Report file date: jeudi 4 septembre 2008 17:34

Scanning for 1596463 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: LABECANEGUT

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 16:55:02
ANTIVIR3.VDF : 7.0.6.111 154112 Bytes 03/09/2008 16:55:03
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 03/09/2008 16:55:10
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 03/09/2008 16:55:09
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 03/09/2008 16:55:08
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 03/09/2008 16:55:07
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 03/09/2008 16:55:05
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 03/09/2008 16:55:04
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 03/09/2008 16:55:03
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 4 septembre 2008 17:34

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'izargnwl.exe' - '1' Module(s) have been scanned
C:\Users\GUIDOU~1\AppData\Local\Temp\wtmxszml.exe
[0] Archive type: RAR SFX (self extracting)
--> 0.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 1.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 2.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 3.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 4.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 5.exe
[1] Archive type: RAR SFX (self extracting)
--> MSA.exe
[DETECTION] Is the TR/Fake.UltimaAV.bh Trojan
--> MSA.cpl
[DETECTION] Is the TR/FakeAV.AO Trojan
--> 7.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Frauder.DK.11 back-door program
Scan process 'wtmxszml.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Users\GUIDOU~1\AppData\Local\Temp\wtmxszml.exe'
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'FNPLicensingService.exe' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'acrobat_sl.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'kdsrgpqj.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'acrotray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'VAIOUpdt.exe' - '1' Module(s) have been scanned
Scan process 'Switcher.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SPMgr.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '1' Module(s) have been scanned
Scan process 'VzFw.exe' - '1' Module(s) have been scanned
Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
Scan process 'XAudio.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'VCSW.exe' - '1' Module(s) have been scanned
Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'stacsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'wtmxszml.exe' has been terminated
C:\Users\GUIDOU~1\AppData\Local\Temp\wtmxszml.exe
[0] Archive type: RAR SFX (self extracting)
--> 0.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 1.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 2.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 3.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 4.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
--> 5.exe
[1] Archive type: RAR SFX (self extracting)
--> MSA.exe
[DETECTION] Is the TR/Fake.UltimaAV.bh Trojan
--> MSA.cpl
[DETECTION] Is the TR/FakeAV.AO Trojan
--> 7.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Frauder.DK.11 back-door program
[NOTE] The file was moved to '492d00b6.qua'!

89 processes with 88 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '45' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!

End of the scan: jeudi 4 septembre 2008 18:31
Used time: 56:40 Minute(s)

The scan has been done completely.

16241 Scanning directories
420303 Files were scanned
16 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
420285 Files not concerned
3916 Archives were scanned
4 Warnings
1 Notes
Configuration: Windows Vista
Internet Explorer 7.0

16 réponses

  1. plm69 Messages postés 532 Statut Membre 17
     
    salut pour virtumonde,

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    1
    1. guid
       
      Merci pour la procedure

      voici ce que combofix m'a sorti

      ComboFix 08-09-03.06 - guidouille 2008-09-04 18:56:39.1 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1104 [GMT 2:00]
      Endroit: C:\Users\guidouille\Desktop\ComboFix.exe
      * Création d'un nouveau point de restauration
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-08-04 to 2008-09-04 ))))))))))))))))))))))))))))))))))))
      .

      Pas de nouveau fichier créé dans cet espace de temps

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-09-04 15:34 --------- d-----w C:\Users\guidouille\AppData\Roaming\OpenOffice.org2
      2008-09-04 15:34 --------- d-----w C:\ProgramData\srvmon
      2008-09-04 15:33 49,442 ----a-w C:\Users\guidouille\AppData\Roaming\nvModes.dat
      2008-09-04 08:42 --------- d-----w C:\ProgramData\SysWeb
      2008-09-03 20:48 --------- d-----w C:\ProgramData\winapimon
      2008-09-03 20:48 --------- d-----w C:\ProgramData\DbWinMnt
      2008-09-03 17:28 --------- d-----w C:\ProgramData\MntWinInfo
      2008-09-03 17:01 --------- d-----w C:\Users\guidouille\AppData\Roaming\Malwarebytes
      2008-09-03 17:01 --------- d-----w C:\ProgramData\Malwarebytes
      2008-09-03 17:01 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
      2008-09-03 16:52 --------- d-----w C:\ProgramData\Avira
      2008-09-03 16:52 --------- d-----w C:\Program Files\Avira
      2008-09-03 16:35 --------- d-----w C:\Program Files\Java
      2008-09-03 14:32 --------- d-----w C:\ProgramData\wduxkbyb
      2008-09-03 14:31 --------- d-----w C:\ProgramData\cfgutilsys
      2008-09-01 22:16 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
      2008-09-01 22:16 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys
      2008-08-19 16:27 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
      2008-08-19 16:02 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-08-14 00:01 --------- d-----w C:\ProgramData\Microsoft Help
      2008-08-13 23:57 --------- d-----w C:\Program Files\Windows Mail
      2008-07-31 09:47 --------- d-----w C:\Program Files\Google BAE
      2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
      2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
      2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
      2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
      2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
      2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
      2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
      2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
      2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
      2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll
      2008-07-10 10:37 174 --sha-w C:\Program Files\desktop.ini
      2008-06-27 03:54 826,368 ----a-w C:\Windows\System32\wininet.dll
      2008-06-27 03:54 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-06-27 03:54 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
      2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
      2008-06-19 03:25 61,440 ----a-w C:\Windows\System32\winipsec.dll
      2008-06-19 03:25 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
      2008-06-19 03:25 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
      2008-06-19 03:25 272,896 ----a-w C:\Windows\System32\polstore.dll
      2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
      .

      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
      "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
      "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
      "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
      "x7miK1yjzw"="C:\ProgramData\wduxkbyb\kdsrgpqj.exe" [2008-09-03 65536]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-01 86016]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-01 8429568]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-01 81920]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
      "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
      "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-17 1831424]
      "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
      "Norton Save and Restore 2.0"="C:\Program Files\Norton Save and Restore\Agent\VProTray.exe" [2007-02-13 2020968]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
      "AppMon Utility"="C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" [2007-07-12 534392]
      "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
      "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
      "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
      "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-06-26 C:\Windows\RtHDVCpl.exe]
      "Skytel"="Skytel.exe" [2007-06-26 C:\Windows\SkyTel.exe]

      C:\Users\guidouille\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
      BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-07-03 739880]
      Lancement rapide d'Adobe Acrobat.lnk - C:\Windows\Installer\{AC76BA86-1033-F400-BA7E-000000000003}\_SC_Acrobat.exe [2008-02-08 295606]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
      2007-07-24 19:26 98304 C:\Windows\System32\VESWinlogon.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.dvsd"= C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{701BCD01-FDE0-4149-BBB5-B5E090A574FA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{571EA047-575B-49C9-A2D0-77774AD34244}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{3419DC7B-3145-49F7-A5FA-58F6685DAA5A}"= Disabled:UDP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
      "{2E211903-ED0E-4C0E-A713-5E5C0F56963D}"= Disabled:TCP:C:\Program Files\Sony\VAIO Media 6.0\Vc.exe:[VAIO Media] VAIO Media
      "{3C75A617-5129-4F10-BF73-5F6044B5E5FB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
      "TCP Query User{A2C00F4A-1B00-4C38-B9AD-19690644539E}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
      "UDP Query User{D3899205-3170-4B74-85B7-8C4B2F1C854A}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
      "{B4EB1418-8C52-4170-9945-49FC72754F0E}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
      "{2DCC94DE-98C0-46B5-AD8C-5B6AD2C5739F}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
      "{B448E899-64B3-499E-A248-145E205BD84A}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
      "{670B6771-7F7F-4933-8C05-7F56A4AB2A85}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
      "{526D2131-87BF-4EAF-A133-509C6D02BAA3}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
      "{3FEC3267-B6BC-4934-9CE0-4B9AF8C28594}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
      "TCP Query User{2792AB8A-6DDF-49B3-B9E7-F8C2A300DE72}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
      "UDP Query User{E11CD3D8-5459-4D05-AC0D-3C24C19C2149}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
      "{55BE55F7-46C0-45DF-912B-C20E52DF887E}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
      "{A0CBCAAB-001F-4584-A10F-2B6120D53D1D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
      "DoNotAllowExceptions"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 78416]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 50768]
      R2 regi;regi;C:\Windows\system32\drivers\regi.sys [2007-04-17 11032]
      R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2007-04-20 73472]
      R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2007-04-20 43904]
      R3 ti21sony;ti21sony;C:\Windows\system32\drivers\ti21sony.sys [2007-06-06 812544]
      R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-07-13 246784]
      S3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-07-24 80936]
      S3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-07-24 98608]
      S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [2007-07-24 28464]
      S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-24 17712]
      S3 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe [2007-02-13 2655848]
      S3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2007-07-09 415392]
      S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
      S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
      S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
      S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-05 292152]
      S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-20 79136]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bthsvcs REG_MULTI_SZ BthServ

      *Newly Created Service* - CATCHME
      *Newly Created Service* - PROCEXP90
      .
      - - - - ORPHANS REMOVED - - - -

      HKLM-Run-EoEngine - (no file)
      HKLM-Run-EoWeather - (no file)


      .
      ------- Supplementary Scan -------
      .
      R0 -: HKCU-Main,Start Page = hxxp://www.club-vaio.com
      R1 -: HKCU-Internet Settings,ProxyOverride = *.local
      O8 -: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 -: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 -: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 -: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 -: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 -: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 -: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 -: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 -: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O8 -: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O15 -: Trusted Zone: *.canalplay.com
      O15 -: Trusted Zone: *.canalplusactive.com
      O15 -: Trusted Zone: *.canalplay.com
      O15 -: Trusted Zone: *.canalplusactive.com
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-09-04 18:59:36
      Windows 6.0.6000 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      Temps d'accomplissement: 2008-09-04 19:00:35
      ComboFix-quarantined-files.txt 2008-09-04 17:00:22

      Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
      Post-Run: 91,069,108,224 octets libres

      192 --- E O F --- 2008-09-03 10:54:23
      0
  2. plm69 Messages postés 532 Statut Membre 17
     
    Télécharge et installe Malwarebyte's Anti-Malware:

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
    Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.

    Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK

    Laisse les Mises à jour se télécharger
    *** Referme le programme ***

    3) Scan avec Malwarebyte's Anti-Malware

    Lance Malwarebyte's Anti-Malware
    Onglet "Recherche" >>> coche Executer un examen complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
    A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
    Suppression des éléments détectés >>>>
    supprime ce qu'il a trouvé vide également les éléments de la quarantaine
    S'il t'es demandé de redémarrer >>> clique sur "Yes"

    --> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
    1
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. plm69 Messages postés 532 Statut Membre 17
     
    après ouvre Spybot, menu Mode, Mode avancé, dit oui à la boite de dialogue qui s'est affichée, et ensuite cliquez sur Outils, puis Résident, et décochez "Résident TeaTimer", fermez Spybot, redémarrez l'ordi

    si kaspersky ne fonctionne pas

    Télécharge et installe Malwarebyte's Anti-Malware:

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK
    Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.

    Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK

    Laisse les Mises à jour se télécharger
    *** Referme le programme ***

    3) Scan avec Malwarebyte's Anti-Malware

    Lance Malwarebyte's Anti-Malware
    Onglet "Recherche" >>> coche Executer un examen complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
    A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
    Suppression des éléments détectés >>>>
    supprime ce qu'il a trouvé vide également les éléments de la quarantaine
    S'il t'es demandé de redémarrer >>> clique sur "Yes"

    --> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse
    1
    1. guid
       
      Malwarebytes' Anti-Malware 1.26
      Version de la base de données: 1112
      Windows 6.0.6000

      05/09/2008 03:06:51
      mbam-log-2008-09-05 (03-06-51).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
      Eléments examinés: 144476
      Temps écoulé: 7 hour(s), 45 minute(s), 48 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  5. plm69 Messages postés 532 Statut Membre 17
     
    Pas devirus détécté, quel s'ont tes problèmes ?
    1
    1. guid
       
      Malwarebytes ne detecte rien effectivement apres de nombreux scan. Toutefois, tous les quart d'heure j'ai une fenetre d'avertissement windows qui s'ouvre et stipule que mon firewall a detecté un espion type Bankfraud, green screen, ou autre tel que Keylogger censé memoriser les touches du clavier a des fins de fraudes.
      Bref, je ne sais plus quoi faire riren n'y fait, ces merdes restent sur mon PC. Seul spybot en detecte virtuomonde et un autre mais apres les avoir viré, il reviennent.
      QUOI FAIRE ????
      0
  6. plm69 Messages postés 532 Statut Membre 17
     
    Desinstalle avast ici https://www.avast.com/fr-fr/uninstall-utility

    Telecharge avira qui est meilleur et aussi gratuit mais en anglais : https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html

    Fais une mise a jour et un scan complet, delete(suprime) tout les virus qu'il trouveras, poste le rapport a la fin du scan ici.
    1
    1. guid
       
      Ci dessous le rapport qui ne semble n'avoir rien detecté et pourtant j'ai toujours ces fenetres windows firewall qui s'affiche en disant "windows firewall has detected activity of harmfull software" avec dfferents noms du genre green screen, keylogger, banqfraud ect....
      J'ai des copies ecran si tu veux mais je n'arrive pas a les coller sur le forum.
      Que faire ?



      Avira AntiVir Personal
      Report file date: vendredi 5 septembre 2008 15:14

      Scanning for 1599679 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows Vista
      Windows version: (plain) [6.0.6000]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: LABECANEGUT

      Version information:
      BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
      AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
      AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
      LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
      LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
      ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
      ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 16:55:02
      ANTIVIR3.VDF : 7.0.6.123 198144 Bytes 05/09/2008 13:14:11
      Engineversion : 8.1.1.28
      AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
      AESCRIPT.DLL : 8.1.0.70 319866 Bytes 03/09/2008 16:55:10
      AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
      AERDL.DLL : 8.1.1.1 397683 Bytes 03/09/2008 16:55:09
      AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
      AEOFFICE.DLL : 8.1.0.23 196987 Bytes 03/09/2008 16:55:08
      AEHEUR.DLL : 8.1.0.51 1397111 Bytes 03/09/2008 16:55:07
      AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
      AEGEN.DLL : 8.1.0.36 315764 Bytes 03/09/2008 16:55:05
      AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
      AECORE.DLL : 8.1.1.11 172406 Bytes 03/09/2008 16:55:04
      AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
      AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
      AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
      AVREP.DLL : 8.0.0.2 98344 Bytes 03/09/2008 16:55:03
      AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
      AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
      AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
      SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
      NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
      RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
      RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: C:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: vendredi 5 septembre 2008 15:14

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'conime.exe' - '1' Module(s) have been scanned
      Scan process 'ieuser.exe' - '1' Module(s) have been scanned
      Scan process 'FNPLicensingService.exe' - '1' Module(s) have been scanned
      Scan process 'iPodService.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
      Scan process 'soffice.bin' - '1' Module(s) have been scanned
      Scan process 'soffice.exe' - '1' Module(s) have been scanned
      Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
      Scan process 'BTTray.exe' - '1' Module(s) have been scanned
      Scan process 'kdsrgpqj.exe' - '1' Module(s) have been scanned
      Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
      Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
      Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
      Scan process 'ehtray.exe' - '1' Module(s) have been scanned
      Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
      Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
      Scan process 'acrotray.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
      Scan process 'ISBMgr.exe' - '1' Module(s) have been scanned
      Scan process 'rundll32.exe' - '1' Module(s) have been scanned
      Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
      Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
      Scan process 'rundll32.exe' - '1' Module(s) have been scanned
      Scan process 'VAIOUpdt.exe' - '1' Module(s) have been scanned
      Scan process 'Switcher.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'SPMgr.exe' - '1' Module(s) have been scanned
      Scan process 'dwm.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
      Scan process 'VESMgrSub.exe' - '1' Module(s) have been scanned
      Scan process 'VzFw.exe' - '1' Module(s) have been scanned
      Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
      Scan process 'XAudio.exe' - '1' Module(s) have been scanned
      Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'VCSW.exe' - '1' Module(s) have been scanned
      Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'stacsv.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
      Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
      Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
      Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'aawservice.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
      Scan process 'audiodg.exe' - '0' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'lsm.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'wininit.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      78 processes with 78 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!
      Master boot sector HD1
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.
      [INFO] Please restart the search with Administrator rights
      Master boot sector HD2
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.
      [INFO] Please restart the search with Administrator rights

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '44' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\hiberfil.sys
      [WARNING] The file could not be opened!
      C:\pagefile.sys
      [WARNING] The file could not be opened!


      End of the scan: vendredi 5 septembre 2008 16:02
      Used time: 48:09 Minute(s)

      The scan has been done completely.

      16277 Scanning directories
      420690 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      420688 Files not concerned
      3935 Archives were scanned
      4 Warnings
      0 Notes
      0
  7. plm69 Messages postés 532 Statut Membre 17
     
    Ce keylogger est connu par avira et avira n'a rien détécté.

    Le centre de sécutité est un service Windows qui se lance au démarrage.
    Une solution simple pour le désactiver...
    Démarrer --> Exécuter --> services.msc --> OK
    Une console mmc se lance, repère le service "Centre de sécurité", fais un clic droit puis clique sur Arrêter puis propriétés et dans la partie "Type de démarrage", règle l'option sur Désactiver puis OK.
    Ton centre de sécurité est maintenant arrêté et ne se lancera plus jusqu'à l ce que tu le réactives.
    1
  8. plm69 Messages postés 532 Statut Membre 17
     
    laisse le keylogger infécté ton pc en le debloquant puis refais un scan avira
    1
  9. plm69 Messages postés 532 Statut Membre 17
     
    Donc c'est que tu as fais ce que je t'ai dit pour le centre de securité. fais un scan avec avira maintenant et poste le rapport

    a+
    1
    1. guid
       
      Avira AntiVir Personal
      Report file date: jeudi 11 septembre 2008 11:34

      Scanning for 1608940 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows Vista
      Windows version: (plain) [6.0.6000]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: LABECANEGUT

      Version information:
      BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
      AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
      AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
      LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
      LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
      ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
      ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 16:55:02
      ANTIVIR3.VDF : 7.0.6.145 323072 Bytes 11/09/2008 09:34:00
      Engineversion : 8.1.1.28
      AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
      AESCRIPT.DLL : 8.1.0.70 319866 Bytes 03/09/2008 16:55:10
      AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
      AERDL.DLL : 8.1.1.1 397683 Bytes 03/09/2008 16:55:09
      AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
      AEOFFICE.DLL : 8.1.0.23 196987 Bytes 03/09/2008 16:55:08
      AEHEUR.DLL : 8.1.0.51 1397111 Bytes 03/09/2008 16:55:07
      AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
      AEGEN.DLL : 8.1.0.36 315764 Bytes 03/09/2008 16:55:05
      AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
      AECORE.DLL : 8.1.1.11 172406 Bytes 03/09/2008 16:55:04
      AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
      AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
      AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
      AVREP.DLL : 8.0.0.2 98344 Bytes 03/09/2008 16:55:03
      AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
      AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
      AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
      SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
      NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
      RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
      RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: C:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: jeudi 11 septembre 2008 11:34

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'wercon.exe' - '1' Module(s) have been scanned
      Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
      Scan process 'FlashUtil9b.exe' - '1' Module(s) have been scanned
      Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
      Scan process 'iexplore.exe' - '1' Module(s) have been scanned
      Scan process 'ieuser.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'conime.exe' - '1' Module(s) have been scanned
      Scan process 'FNPLicensingService.exe' - '1' Module(s) have been scanned
      Scan process 'iPodService.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
      Scan process 'soffice.bin' - '1' Module(s) have been scanned
      Scan process 'soffice.exe' - '1' Module(s) have been scanned
      Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
      Scan process 'BTTray.exe' - '1' Module(s) have been scanned
      Scan process 'kdsrgpqj.exe' - '1' Module(s) have been scanned
      Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
      Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
      Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
      Scan process 'ehtray.exe' - '1' Module(s) have been scanned
      Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
      Scan process 'SPMgr.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
      Scan process 'VAIOUpdt.exe' - '1' Module(s) have been scanned
      Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
      Scan process 'Switcher.exe' - '1' Module(s) have been scanned
      Scan process 'rundll32.exe' - '1' Module(s) have been scanned
      Scan process 'acrotray.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'mobsync.exe' - '1' Module(s) have been scanned
      Scan process 'ISBMgr.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
      Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
      Scan process 'rundll32.exe' - '1' Module(s) have been scanned
      Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
      Scan process 'VzFw.exe' - '1' Module(s) have been scanned
      Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
      Scan process 'XAudio.exe' - '1' Module(s) have been scanned
      Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'VCSW.exe' - '1' Module(s) have been scanned
      Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'stacsv.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'PIFSvc.exe' - '1' Module(s) have been scanned
      Scan process 'iviRegMgr.exe' - '1' Module(s) have been scanned
      Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
      Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'dwm.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'aawservice.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
      Scan process 'audiodg.exe' - '0' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'lsm.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'wininit.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      84 processes with 84 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!
      Master boot sector HD1
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.
      [INFO] Please restart the search with Administrator rights
      Master boot sector HD2
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.
      [INFO] Please restart the search with Administrator rights

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '44' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\hiberfil.sys
      [WARNING] The file could not be opened!
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\ProgramData\UtilMsg\abmdenof.exe
      [DETECTION] Is the TR/Obfuscated.GX.840 Trojan
      [NOTE] The file was moved to '4935ecfc.qua'!


      End of the scan: jeudi 11 septembre 2008 12:37
      Used time: 1:02:52 Hour(s)

      The scan has been done completely.

      19274 Scanning directories
      441313 Files were scanned
      1 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      1 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      441310 Files not concerned
      4049 Archives were scanned
      4 Warnings
      1 Notes
      0
  10. Utilisateur anonyme
     
    Salut,

    Télécharge HijackThis ici :

    -> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
    -> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    -> ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    -> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    -> Clique sur Install ensuite sur I Accept

    -> Clique sur Do a scan system and save log file

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
    0
    1. guid
       
      Chiquitine !!!! un peu d'aide stp !
      il commence à m'inquieter ce virus !!
      merci
      0
  11. Leo
     
    Si tu as un bon anti virus (il faut qu il soit a jour c est a dire pas perime)cet anti virus detectera des logiciels malveillants ou autres qu il supprimera.
    0
  12. guid
     
    Voila pour malwarebytes ! je ne comprend pas qu'il ne detecte rien car encore à l'instant une fenetre windows me dit que mon firewall detecte une activité de "Bankfraud"!!!!!!!!!!!!!!!!
    Que dois je faire ensuite ?

    Merci

    Malwarebytes' Anti-Malware 1.26
    Version de la base de données: 1112
    Windows 6.0.6000

    05/09/2008 03:06:51
    mbam-log-2008-09-05 (03-06-51).txt

    Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
    Eléments examinés: 144476
    Temps écoulé: 7 hour(s), 45 minute(s), 48 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  13. guid
     
    Personne pour m'aider ?
    Spybot m'indique qu'il y a des tentatives de modifications de la base de registre !
    modifs que je refuse systématiquement.
    Help !!!
    0
    1. guid
       
      mon rapport hijackthis :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:23:35, on 05/09/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16711)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Windows\System32\rundll32.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Sony\ISB Utility\ISBMgr.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
      C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\ProgramData\wduxkbyb\kdsrgpqj.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      C:\Windows\System32\mobsync.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
      C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\ProgramData\monsmart\rahmlgfo.exe
      C:\Program Files\Internet Explorer\IEUser.exe
      C:\Windows\system32\conime.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
      C:\Users\guidouille\Desktop\scan.exe.exe
      C:\ProgramData\monsmart\rahmlgfo.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
      O4 - HKLM\..\Run: [Norton Save and Restore 2.0] "C:\Program Files\Norton Save and Restore\Agent\VProTray.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [AppMon Utility] "C:\Program Files\Sony\AppMonUtil\AppMonUtility.exe" @@@Start
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [x7miK1yjzw] C:\ProgramData\wduxkbyb\kdsrgpqj.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
      O4 - Global Startup: BTTray.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
      O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
      O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O13 - Gopher Prefix:
      O15 - Trusted Zone: *.canalplay.com
      O15 - Trusted Zone: *.canalplusactive.com
      O15 - Trusted Zone: *.canalplay.com (HKLM)
      O15 - Trusted Zone: *.canalplusactive.com (HKLM)
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldfr-fr.cab
      O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://guidouille.spaces.live.com/PhotoUpload/VistaMsnPUpldfr-fr.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
      O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
      O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
      O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
      O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
      O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
      O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
      O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
      O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
      O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
      O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
      O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
      O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
      O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
      O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
      O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      0
  14. guid
     
    je n'ai plus de fenetre de windows firewall depuis la suppression d'avast !
    j'attend lundi pour considerer le sujet comme resolu.

    Merci pour ton aide
    0