You have a security probleme
halimchou
-
jorginho67 Messages postés 15447 Statut Contributeur sécurité -
jorginho67 Messages postés 15447 Statut Contributeur sécurité -
Bonjour, Depuis ce soir, j'ai chopé une fenètre qui apparait toute les 30s en bas à droite dans ma barre de tache avec le message"You have a security problem".
Si je clique dessus , j'ai internet explorer qui s'ouvre et qui essaie de se connecter sur le site "SecureExpertClean/1/ ...." . A partir de ce moment, j'ai mon antivirus (NOD32) qui bloque l'accés et me donne le message suivant: "MENACE DECTEE....".
Je clique alors sur "METTE EN QUARENTAINE" mais 20 secondes plus tard ça revient !!!! J'ai analysé tout le PC avec NOD32, puis AVIRA ANTIVIR PERSONAL FREE ANTIVIRUS, et 2 DETECTIONS ET 1 WARNING mais j'ai toujours le problème. Le pire c est qu apres redemarrage, les fentres que j ouvre sont sous format win95 ou win98, enfin gris quoi. je sais plus quoi faire.
Connaissez vous ce problème. Pouvez vous m'aider SVP car je suis VRAIMENT NAZE en gestion info.
VOICI LE RAPPORT D ANALYSE :
Avira AntiVir Personal
Report file date: mercredi 1 octobre 2008 22:27
Scanning for 1654895 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: C469AD818AB246E
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 20:25:26
ANTIVIR3.VDF : 7.0.6.236 133632 Bytes 01/10/2008 20:25:27
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 01/10/2008 20:25:38
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 01/10/2008 20:25:37
AEPACK.DLL : 8.1.2.3 364918 Bytes 01/10/2008 20:25:35
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 01/10/2008 20:25:34
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 01/10/2008 20:25:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 01/10/2008 20:25:30
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 01/10/2008 20:25:29
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/10/2008 20:25:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 1 octobre 2008 22:27
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'a.exe' - '1' Module(s) have been scanned
Scan process 'video1019.cfg.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'TweakRAM.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msn.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nod32kui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nod32krn.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '63' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\al\Local Settings\Temp\5685.exe
[0] Archive type: RAR SFX (self extracting)
--> SAV.cpl
[DETECTION] Is the TR/FakeAV.BC.29 Trojan
[DETECTION] Contains recognition pattern of the DR/Agent.1005239 dropper
[NOTE] The file was moved to '491bded3.qua'!
C:\Program Files\SAV\SAV.cpl
[DETECTION] Is the TR/FakeAV.BC.29 Trojan
[NOTE] The file was moved to '4939e6ca.qua'!
C:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078388.cpl
[DETECTION] Is the TR/FakeAV.BC.29 Trojan
[NOTE] The file was moved to '4913e8bd.qua'!
C:\WINDOWS\system32\calc.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was moved to '494feb95.qua'!
C:\WINDOWS\system32\SAV.cpl
[DETECTION] Is the TR/FakeAV.BC.29 Trojan
[NOTE] The file was moved to '4939ebb7.qua'!
Begin scan in 'D:\' <Nouveau nom>
D:\Ma musique\sond\Sony 5.1 Surround Plug-In\RENEGADE KeyGen\Sony 5.1 Surround Plug-in Pack KeyGen 1.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4951edbc.qua'!
D:\Ma musique\sond\Sony 5.1 Surround Plug-In\RENEGADE KeyGen\Sony 5.1 Surround Plug-in Pack KeyGen 2.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4951edbe.qua'!
D:\Ma musique\sond\Sony CD Architect 5.0 (Build 93)\RENEGADE KeyGen\KEYGEN.EXE
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '493ceda1.qua'!
D:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078394.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4913ede8.qua'!
D:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078395.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4913edeb.qua'!
D:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078396.EXE
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4913eded.qua'!
End of the scan: mercredi 1 octobre 2008 23:38
Used time: 1:11:07 Hour(s)
The scan has been done completely.
10654 Scanning directories
393008 Files were scanned
12 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
11 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
392995 Files not concerned
2256 Archives were scanned
1 Warnings
11 Notes
Connaissez vous ce problème. Pouvez vous m'aider SVP car je suis VRAIMENT NAZE en gestion info. MERCI D AVANCE
Si je clique dessus , j'ai internet explorer qui s'ouvre et qui essaie de se connecter sur le site "SecureExpertClean/1/ ...." . A partir de ce moment, j'ai mon antivirus (NOD32) qui bloque l'accés et me donne le message suivant: "MENACE DECTEE....".
Je clique alors sur "METTE EN QUARENTAINE" mais 20 secondes plus tard ça revient !!!! J'ai analysé tout le PC avec NOD32, puis AVIRA ANTIVIR PERSONAL FREE ANTIVIRUS, et 2 DETECTIONS ET 1 WARNING mais j'ai toujours le problème. Le pire c est qu apres redemarrage, les fentres que j ouvre sont sous format win95 ou win98, enfin gris quoi. je sais plus quoi faire.
Connaissez vous ce problème. Pouvez vous m'aider SVP car je suis VRAIMENT NAZE en gestion info.
VOICI LE RAPPORT D ANALYSE :
Avira AntiVir Personal
Report file date: mercredi 1 octobre 2008 22:27
Scanning for 1654895 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: C469AD818AB246E
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 20:25:26
ANTIVIR3.VDF : 7.0.6.236 133632 Bytes 01/10/2008 20:25:27
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 01/10/2008 20:25:38
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 01/10/2008 20:25:37
AEPACK.DLL : 8.1.2.3 364918 Bytes 01/10/2008 20:25:35
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 01/10/2008 20:25:34
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 01/10/2008 20:25:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 01/10/2008 20:25:30
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 01/10/2008 20:25:29
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/10/2008 20:25:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 1 octobre 2008 22:27
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'a.exe' - '1' Module(s) have been scanned
Scan process 'video1019.cfg.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'TweakRAM.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msn.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nod32kui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nod32krn.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '63' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\al\Local Settings\Temp\5685.exe
[0] Archive type: RAR SFX (self extracting)
--> SAV.cpl
[DETECTION] Is the TR/FakeAV.BC.29 Trojan
[DETECTION] Contains recognition pattern of the DR/Agent.1005239 dropper
[NOTE] The file was moved to '491bded3.qua'!
C:\Program Files\SAV\SAV.cpl
[DETECTION] Is the TR/FakeAV.BC.29 Trojan
[NOTE] The file was moved to '4939e6ca.qua'!
C:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078388.cpl
[DETECTION] Is the TR/FakeAV.BC.29 Trojan
[NOTE] The file was moved to '4913e8bd.qua'!
C:\WINDOWS\system32\calc.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was moved to '494feb95.qua'!
C:\WINDOWS\system32\SAV.cpl
[DETECTION] Is the TR/FakeAV.BC.29 Trojan
[NOTE] The file was moved to '4939ebb7.qua'!
Begin scan in 'D:\' <Nouveau nom>
D:\Ma musique\sond\Sony 5.1 Surround Plug-In\RENEGADE KeyGen\Sony 5.1 Surround Plug-in Pack KeyGen 1.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4951edbc.qua'!
D:\Ma musique\sond\Sony 5.1 Surround Plug-In\RENEGADE KeyGen\Sony 5.1 Surround Plug-in Pack KeyGen 2.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4951edbe.qua'!
D:\Ma musique\sond\Sony CD Architect 5.0 (Build 93)\RENEGADE KeyGen\KEYGEN.EXE
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '493ceda1.qua'!
D:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078394.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4913ede8.qua'!
D:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078395.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4913edeb.qua'!
D:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078396.EXE
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4913eded.qua'!
End of the scan: mercredi 1 octobre 2008 23:38
Used time: 1:11:07 Hour(s)
The scan has been done completely.
10654 Scanning directories
393008 Files were scanned
12 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
11 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
392995 Files not concerned
2256 Archives were scanned
1 Warnings
11 Notes
Connaissez vous ce problème. Pouvez vous m'aider SVP car je suis VRAIMENT NAZE en gestion info. MERCI D AVANCE
A voir également:
- You have a security probleme
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Security health systray - Forum Antivirus
- Antivirus gratuit norton internet security - Télécharger - Antivirus & Antimalwares
- Account-security-noreply@ accountprotection.microsoft.com spam ✓ - Forum Hotmail / Outlook.com
- Cube security box - Forum Réseaux sociaux
4 réponses
bonsoir
essaie avec ce programe
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
essaie avec ce programe
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
Salut !
Tu peux vider la 40aine d'Avira Antivir
Regarde ici comment ( Merci Bibou )
ensuite,
Désactive ta "Restauration du système" puis réactive la.
(1) Désactivation
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case " Désactiver la Restauration du système sur tous les lecteurs"
Appliquer . patiente jusqu a que cela soit marqué "désactivée" puis Ok.
(2) Activation
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
Appliquer. attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarre l'ordinateur !
pour finir,
• Télécharge Hijackthis
Hijackthis (HJT) est un outil de diagnostic pour voir si tout va bien avec ton pc....
*. Enregistre HJTInstall.exe sur ton bureau
*. Double-clique sur HJTInstall.exe pour lancer le programme
*. Par défaut, il s'installera là C:\Program Files\Trend Micro\HijackThis
*. Accepte la license en cliquant sur le bouton "I Accept"
*. Choisis l'option "Do a system scan and save a log file"
*. Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
*. Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
*. Colle le rapport que tu viens de copier sur ce forum
*. /!!\ Ne fixe encore AUCUNE ligne /!!\ , cela pourrait empêcher ton PC de fonctionner correctement
Tutoriel Générer un rapport
@+
Tu peux vider la 40aine d'Avira Antivir
Regarde ici comment ( Merci Bibou )
ensuite,
Désactive ta "Restauration du système" puis réactive la.
(1) Désactivation
Clique droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > coche la case " Désactiver la Restauration du système sur tous les lecteurs"
Appliquer . patiente jusqu a que cela soit marqué "désactivée" puis Ok.
(2) Activation
Suivre le même chemin ; décoche la case "Désactiver la Restauration du système sur tous les lecteurs"
Appliquer. attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarre l'ordinateur !
pour finir,
• Télécharge Hijackthis
Hijackthis (HJT) est un outil de diagnostic pour voir si tout va bien avec ton pc....
*. Enregistre HJTInstall.exe sur ton bureau
*. Double-clique sur HJTInstall.exe pour lancer le programme
*. Par défaut, il s'installera là C:\Program Files\Trend Micro\HijackThis
*. Accepte la license en cliquant sur le bouton "I Accept"
*. Choisis l'option "Do a system scan and save a log file"
*. Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
*. Clique sur "Edition -> Sélectionner tout", puis sur "Edition -> Copier" pour copier tout le contenu du rapport
*. Colle le rapport que tu viens de copier sur ce forum
*. /!!\ Ne fixe encore AUCUNE ligne /!!\ , cela pourrait empêcher ton PC de fonctionner correctement
Tutoriel Générer un rapport
@+
MERCI A TOUS CEUX QUI M ONT REPONDU ! et surtout jorginho67. j ai suivi tes instuctions et le bouclier rouge avec la crois blanche " you have a security problem " a disparue ainsi que tout les fenetres de pub pour antivirus. par contre j ai toujours ma barre d outils et de demarrage grise comme si j etais en sous Win95 ou Win98. j ai essayé la restauration du syteme mais ca me proposait 2 choix :
- RESTAURER MON ORIDNATEUR A UNE DATE ANTERIEUR
- CREER UN POINT DE RESTAURATION.
j ai essayer de faire une restauration a une date anterieur ou je suis d avoir eu une config saine. mais l ordi n as pas pu la faire. il s eteignait chargé les parametere puis apres me disaitqu il pouvait pas ( j ai fait plusieur fois la manip sans succes )
apres ca j ais refait des scan avec AVIRA ANTIVIR PERSONAL - FREE ANTIVIRUS ( j ai une copie du rapport que je posterai ( 1* ), puis avec NOD 32 ANTIVIRUS ainsi que SPYBOT SEARCH ET DESTROY ( j ai le rapport aussi que je posterai ( 2*) ) et enfin par HIJACKTHIS ( rapport a la fin ). jvoudrais savoir si je suis encore sous la gene d un ou plusieur virus et si oui comment m en préserver. merci d avance pour le temps et l aide que l on apporte
PS : j espere que les rapport dont dans l ordre
RAPPORT ( 1* ) AVIRA ANTIVIR PERSONAL :
Avira AntiVir Personal
Report file date: dimanche 5 octobre 2008 02:07
Scanning for 1658825 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: C469AD818AB246E
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 20:25:26
ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 00:01:01
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 01/10/2008 20:25:38
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 01/10/2008 20:25:37
AEPACK.DLL : 8.1.2.3 364918 Bytes 01/10/2008 20:25:35
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 01/10/2008 20:25:34
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 01/10/2008 20:25:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 01/10/2008 20:25:30
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 01/10/2008 20:25:29
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/10/2008 20:25:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 5 octobre 2008 02:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'Reminder.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'TweakRAM.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SAV.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msn.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nod32kui.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nod32krn.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '65' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\al\Local Settings\Temp\a.exe
[DETECTION] Is the TR/Agent.87040.I Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\al\Local Settings\Temp\video1019.cfg
[DETECTION] Is the TR/Dldr.Agent.rzi Trojan
[NOTE] The file was deleted!
C:\Program Files\Eset\infected\3JLCLRBA.NQF
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Eset\infected\3JLCLRBA.NQF
[DETECTION] Is the TR/Dldr.FraudL.vaqw Trojan
[NOTE] The file was deleted!
C:\Program Files\SAV\SAV.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078391.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <Nouveau nom>
End of the scan: dimanche 5 octobre 2008 04:06
Used time: 1:59:10 Hour(s)
The scan has been done completely.
10673 Scanning directories
393147 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
393141 Files not concerned
2254 Archives were scanned
2 Warnings
4 Notes
RAPPORT ( 2* ) SPYBOAT SEARCH AND DESTROY ( viruses.bdt ) :
|Spyware |C:\WINDOWS\system32\6to4svc.dll |Spyware.IEMonster.d
|Trojan |C:\WINDOWS\system32\camocx.dll |Trojan.Pirlames
|Backdoor |C:\WINDOWS\system32\DBmsLPCn.dll |Backdoor.Lifefournow
|Worm |injection |W32.Imaut.CO
|Spyware |autoexécution |Spyware.ScreenView
|Adware |injection |Adware.Searchtool
|Dialer |injection |Dialer.Cyberbill
|Adware |registre |Adware.Searchtool
|Worm |C:\WINDOWS\system32\msxml3.dll |W32.Mikbaland
|Trojan |C:\WINDOWS\system32\nwprovau.dll |Trojan.Killwma
|Dialer |injection |Dialer.Sexprovider
|Worm |C:\WINDOWS\system32\rshx32.dll |Downloader.Almanahe
|Adware |C:\WINDOWS\system32\SMMedia.dll |Adware.Searchtool
|Adware |C:\WINDOWS\system32\unrar.dll |Adware.LoveFreeGames
|Trojan |exécution caché |Trojan.Farfli
|Spyware |C:\WINDOWS\system32\wsock32.dll |Spyware.IEMonster.d
|Tracking Cookie|Web browser |01net
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1070995593
|Tracking Cookie|Web browser |123.jeuxvideo-flash
|Tracking Cookie|Web browser |247realmedia
|Tracking Cookie|Web browser |2o7
|Tracking Cookie|Web browser |3animalsex
|Tracking Cookie|Web browser |66.212.232
|Tracking Cookie|Web browser |a2dfp
|Tracking Cookie|Web browser |abmr
|Tracking Cookie|Web browser |acces-adulte
|Tracking Cookie|Web browser |ad.100-gen.tbn
|Tracking Cookie|Web browser |ad.100.tbn
|Tracking Cookie|Web browser |ad.120-gen.tbn
|Tracking Cookie|Web browser |ad.e240.tbn
|Tracking Cookie|Web browser |ad.ent.tbn
|Tracking Cookie|Web browser |ad.ett.tbn
|Tracking Cookie|Web browser |ad.gen.tbn
|Tracking Cookie|Web browser |ad.strict.tbn
|Tracking Cookie|Web browser |ad.text-ent.tbn
|Tracking Cookie|Web browser |ad.text.tbn
|Tracking Cookie|Web browser |ad.zanox
|Tracking Cookie|Web browser |adbrite
|Tracking Cookie|Web browser |adecn
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adriver
|Tracking Cookie|Web browser |ads-dev.youporn
|Tracking Cookie|Web browser |ads.128b
|Tracking Cookie|Web browser |ads.clicksor
|Tracking Cookie|Web browser |ads.pigsbrothers
|Tracking Cookie|Web browser |ads.pointroll
|Tracking Cookie|Web browser |ads.twenga
|Tracking Cookie|Web browser |adtech
|Tracking Cookie|Web browser |adultfriendfinder
|Tracking Cookie|Web browser |advertising.youdagames
|Tracking Cookie|Web browser |aimfar.solution.weborama
|Tracking Cookie|Web browser |alinea
|Tracking Cookie|Web browser |atraxio
|Tracking Cookie|Web browser |awesomesexblog
|Tracking Cookie|Web browser |bangbrosnetwork
|Tracking Cookie|Web browser |bestpaymentsolution
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bidvertiser
|Tracking Cookie|Web browser |bl137w.blu137.mail.live
|Tracking Cookie|Web browser |blogbang
|Tracking Cookie|Web browser |bnpparibasnet.solution.weborama
|Tracking Cookie|Web browser |bobtv
|Tracking Cookie|Web browser |booking
|Tracking Cookie|Web browser |bouchra91000.skyrock
|Tracking Cookie|Web browser |brandreachsys
|Tracking Cookie|Web browser |brazzersnetwork
|Tracking Cookie|Web browser |bs.serving-sys
|Tracking Cookie|Web browser |by102w.bay102.mail.live
|Tracking Cookie|Web browser |by103w.bay103.mail.live
|Tracking Cookie|Web browser |c.msn.co
|Tracking Cookie|Web browser |c.msn
|Tracking Cookie|Web browser |cendrillon75019.skyrock
|Tracking Cookie|Web browser |cetelem.solution.weborama
|Tracking Cookie|Web browser |cgi-bin
|Tracking Cookie|Web browser |chaina01.skyrock
|Tracking Cookie|Web browser |chaines2-c.free
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |click.32ads
|Tracking Cookie|Web browser |clickintext
|Tracking Cookie|Web browser |clicks.adengage
|Tracking Cookie|Web browser |clubic
|Tracking Cookie|Web browser |commentcamarche
|Tracking Cookie|Web browser |criteo
|Tracking Cookie|Web browser |cybermonitor
|Tracking Cookie|Web browser |dailymotion
|Tracking Cookie|Web browser |DCSh43pleXwn91CTTmXF47Qs5_4Z7X
|Tracking Cookie|Web browser |dcsv5srln00000kj0h3cxtx6u_3y9l
|Tracking Cookie|Web browser |diffusion
|Tracking Cookie|Web browser |directivepub
|Tracking Cookie|Web browser |dirtyc.skyrock
|Tracking Cookie|Web browser |domusparis
|Tracking Cookie|Web browser |edt02
|Tracking Cookie|Web browser |em.aveno
|Tracking Cookie|Web browser |emule-france
|Tracking Cookie|Web browser |en.maintds
|Tracking Cookie|Web browser |escro-13-o-15.skyrock
|Tracking Cookie|Web browser |estat
|Tracking Cookie|Web browser |etology
|Tracking Cookie|Web browser |exoclick
|Tracking Cookie|Web browser |ext.infos-du-net
|Tracking Cookie|Web browser |extrait-gratos
|Tracking Cookie|Web browser |facebook
|Tracking Cookie|Web browser |fbcdn
|Tracking Cookie|Web browser |fl01.ct2.comclick
|Tracking Cookie|Web browser |fling
|Tracking Cookie|Web browser |fnac
|Tracking Cookie|Web browser |fr.a2dfp
|Tracking Cookie|Web browser |fr.msn
|Tracking Cookie|Web browser |fr.virusremover2008
|Tracking Cookie|Web browser |freehotmovie
|Tracking Cookie|Web browser |free
|Tracking Cookie|Web browser |garnierpure.solution.weborama
|Tracking Cookie|Web browser |genhit
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |govoyages
|Tracking Cookie|Web browser |guesswatches
RAPPORT ( 3* ) HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:12:43, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [msn] c:\win\4.7\msn.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\al\LOCALS~1\Temp\video1019.cfg.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8d6ff5211f4942bd9ff558fec0deb4f1
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8d6ff5211f4942bd9ff558fec0deb4f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
- RESTAURER MON ORIDNATEUR A UNE DATE ANTERIEUR
- CREER UN POINT DE RESTAURATION.
j ai essayer de faire une restauration a une date anterieur ou je suis d avoir eu une config saine. mais l ordi n as pas pu la faire. il s eteignait chargé les parametere puis apres me disaitqu il pouvait pas ( j ai fait plusieur fois la manip sans succes )
apres ca j ais refait des scan avec AVIRA ANTIVIR PERSONAL - FREE ANTIVIRUS ( j ai une copie du rapport que je posterai ( 1* ), puis avec NOD 32 ANTIVIRUS ainsi que SPYBOT SEARCH ET DESTROY ( j ai le rapport aussi que je posterai ( 2*) ) et enfin par HIJACKTHIS ( rapport a la fin ). jvoudrais savoir si je suis encore sous la gene d un ou plusieur virus et si oui comment m en préserver. merci d avance pour le temps et l aide que l on apporte
PS : j espere que les rapport dont dans l ordre
RAPPORT ( 1* ) AVIRA ANTIVIR PERSONAL :
Avira AntiVir Personal
Report file date: dimanche 5 octobre 2008 02:07
Scanning for 1658825 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: C469AD818AB246E
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 20:25:26
ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 00:01:01
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 01/10/2008 20:25:38
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 01/10/2008 20:25:37
AEPACK.DLL : 8.1.2.3 364918 Bytes 01/10/2008 20:25:35
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 01/10/2008 20:25:34
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 01/10/2008 20:25:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 01/10/2008 20:25:30
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 01/10/2008 20:25:29
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/10/2008 20:25:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 5 octobre 2008 02:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'Reminder.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'TweakRAM.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SAV.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msn.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nod32kui.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nod32krn.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '65' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\al\Local Settings\Temp\a.exe
[DETECTION] Is the TR/Agent.87040.I Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\al\Local Settings\Temp\video1019.cfg
[DETECTION] Is the TR/Dldr.Agent.rzi Trojan
[NOTE] The file was deleted!
C:\Program Files\Eset\infected\3JLCLRBA.NQF
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Eset\infected\3JLCLRBA.NQF
[DETECTION] Is the TR/Dldr.FraudL.vaqw Trojan
[NOTE] The file was deleted!
C:\Program Files\SAV\SAV.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078391.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <Nouveau nom>
End of the scan: dimanche 5 octobre 2008 04:06
Used time: 1:59:10 Hour(s)
The scan has been done completely.
10673 Scanning directories
393147 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
393141 Files not concerned
2254 Archives were scanned
2 Warnings
4 Notes
RAPPORT ( 2* ) SPYBOAT SEARCH AND DESTROY ( viruses.bdt ) :
|Spyware |C:\WINDOWS\system32\6to4svc.dll |Spyware.IEMonster.d
|Trojan |C:\WINDOWS\system32\camocx.dll |Trojan.Pirlames
|Backdoor |C:\WINDOWS\system32\DBmsLPCn.dll |Backdoor.Lifefournow
|Worm |injection |W32.Imaut.CO
|Spyware |autoexécution |Spyware.ScreenView
|Adware |injection |Adware.Searchtool
|Dialer |injection |Dialer.Cyberbill
|Adware |registre |Adware.Searchtool
|Worm |C:\WINDOWS\system32\msxml3.dll |W32.Mikbaland
|Trojan |C:\WINDOWS\system32\nwprovau.dll |Trojan.Killwma
|Dialer |injection |Dialer.Sexprovider
|Worm |C:\WINDOWS\system32\rshx32.dll |Downloader.Almanahe
|Adware |C:\WINDOWS\system32\SMMedia.dll |Adware.Searchtool
|Adware |C:\WINDOWS\system32\unrar.dll |Adware.LoveFreeGames
|Trojan |exécution caché |Trojan.Farfli
|Spyware |C:\WINDOWS\system32\wsock32.dll |Spyware.IEMonster.d
|Tracking Cookie|Web browser |01net
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1070995593
|Tracking Cookie|Web browser |123.jeuxvideo-flash
|Tracking Cookie|Web browser |247realmedia
|Tracking Cookie|Web browser |2o7
|Tracking Cookie|Web browser |3animalsex
|Tracking Cookie|Web browser |66.212.232
|Tracking Cookie|Web browser |a2dfp
|Tracking Cookie|Web browser |abmr
|Tracking Cookie|Web browser |acces-adulte
|Tracking Cookie|Web browser |ad.100-gen.tbn
|Tracking Cookie|Web browser |ad.100.tbn
|Tracking Cookie|Web browser |ad.120-gen.tbn
|Tracking Cookie|Web browser |ad.e240.tbn
|Tracking Cookie|Web browser |ad.ent.tbn
|Tracking Cookie|Web browser |ad.ett.tbn
|Tracking Cookie|Web browser |ad.gen.tbn
|Tracking Cookie|Web browser |ad.strict.tbn
|Tracking Cookie|Web browser |ad.text-ent.tbn
|Tracking Cookie|Web browser |ad.text.tbn
|Tracking Cookie|Web browser |ad.zanox
|Tracking Cookie|Web browser |adbrite
|Tracking Cookie|Web browser |adecn
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adriver
|Tracking Cookie|Web browser |ads-dev.youporn
|Tracking Cookie|Web browser |ads.128b
|Tracking Cookie|Web browser |ads.clicksor
|Tracking Cookie|Web browser |ads.pigsbrothers
|Tracking Cookie|Web browser |ads.pointroll
|Tracking Cookie|Web browser |ads.twenga
|Tracking Cookie|Web browser |adtech
|Tracking Cookie|Web browser |adultfriendfinder
|Tracking Cookie|Web browser |advertising.youdagames
|Tracking Cookie|Web browser |aimfar.solution.weborama
|Tracking Cookie|Web browser |alinea
|Tracking Cookie|Web browser |atraxio
|Tracking Cookie|Web browser |awesomesexblog
|Tracking Cookie|Web browser |bangbrosnetwork
|Tracking Cookie|Web browser |bestpaymentsolution
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bidvertiser
|Tracking Cookie|Web browser |bl137w.blu137.mail.live
|Tracking Cookie|Web browser |blogbang
|Tracking Cookie|Web browser |bnpparibasnet.solution.weborama
|Tracking Cookie|Web browser |bobtv
|Tracking Cookie|Web browser |booking
|Tracking Cookie|Web browser |bouchra91000.skyrock
|Tracking Cookie|Web browser |brandreachsys
|Tracking Cookie|Web browser |brazzersnetwork
|Tracking Cookie|Web browser |bs.serving-sys
|Tracking Cookie|Web browser |by102w.bay102.mail.live
|Tracking Cookie|Web browser |by103w.bay103.mail.live
|Tracking Cookie|Web browser |c.msn.co
|Tracking Cookie|Web browser |c.msn
|Tracking Cookie|Web browser |cendrillon75019.skyrock
|Tracking Cookie|Web browser |cetelem.solution.weborama
|Tracking Cookie|Web browser |cgi-bin
|Tracking Cookie|Web browser |chaina01.skyrock
|Tracking Cookie|Web browser |chaines2-c.free
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |click.32ads
|Tracking Cookie|Web browser |clickintext
|Tracking Cookie|Web browser |clicks.adengage
|Tracking Cookie|Web browser |clubic
|Tracking Cookie|Web browser |commentcamarche
|Tracking Cookie|Web browser |criteo
|Tracking Cookie|Web browser |cybermonitor
|Tracking Cookie|Web browser |dailymotion
|Tracking Cookie|Web browser |DCSh43pleXwn91CTTmXF47Qs5_4Z7X
|Tracking Cookie|Web browser |dcsv5srln00000kj0h3cxtx6u_3y9l
|Tracking Cookie|Web browser |diffusion
|Tracking Cookie|Web browser |directivepub
|Tracking Cookie|Web browser |dirtyc.skyrock
|Tracking Cookie|Web browser |domusparis
|Tracking Cookie|Web browser |edt02
|Tracking Cookie|Web browser |em.aveno
|Tracking Cookie|Web browser |emule-france
|Tracking Cookie|Web browser |en.maintds
|Tracking Cookie|Web browser |escro-13-o-15.skyrock
|Tracking Cookie|Web browser |estat
|Tracking Cookie|Web browser |etology
|Tracking Cookie|Web browser |exoclick
|Tracking Cookie|Web browser |ext.infos-du-net
|Tracking Cookie|Web browser |extrait-gratos
|Tracking Cookie|Web browser |facebook
|Tracking Cookie|Web browser |fbcdn
|Tracking Cookie|Web browser |fl01.ct2.comclick
|Tracking Cookie|Web browser |fling
|Tracking Cookie|Web browser |fnac
|Tracking Cookie|Web browser |fr.a2dfp
|Tracking Cookie|Web browser |fr.msn
|Tracking Cookie|Web browser |fr.virusremover2008
|Tracking Cookie|Web browser |freehotmovie
|Tracking Cookie|Web browser |free
|Tracking Cookie|Web browser |garnierpure.solution.weborama
|Tracking Cookie|Web browser |genhit
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |govoyages
|Tracking Cookie|Web browser |guesswatches
RAPPORT ( 3* ) HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:12:43, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [msn] c:\win\4.7\msn.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\al\LOCALS~1\Temp\video1019.cfg.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8d6ff5211f4942bd9ff558fec0deb4f1
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8d6ff5211f4942bd9ff558fec0deb4f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
MERCI A TOUS CEUX QUI M ONT REPONDU ! et surtout jorginho67. j ai suivi tes instuctions et le bouclier rouge avec la crois blanche " you have a security problem " a disparue ainsi que tout les fenetres de pub pour antivirus. par contre j ai toujours ma barre d outils et de demarrage grise comme si j etais en sous Win95 ou Win98. j ai essayé la restauration du syteme mais ca me proposait 2 choix :
- RESTAURER MON ORIDNATEUR A UNE DATE ANTERIEUR
- CREER UN POINT DE RESTAURATION.
j ai essayer de faire une restauration a une date anterieur ou je suis d avoir eu une config saine. mais l ordi n as pas pu la faire. il s eteignait chargé les parametere puis apres me disaitqu il pouvait pas ( j ai fait plusieur fois la manip sans succes )
apres ca j ais refait des scan avec AVIRA ANTIVIR PERSONAL - FREE ANTIVIRUS ( j ai une copie du rapport que je posterai ( 1* ), puis avec NOD 32 ANTIVIRUS ainsi que SPYBOT SEARCH ET DESTROY ( j ai le rapport aussi que je posterai ( 2*) ) et enfin par HIJACKTHIS ( rapport a la fin ). jvoudrais savoir si je suis encore sous la gene d un ou plusieur virus et si oui comment m en préserver. merci d avance pour le temps et l aide que l on apporte
PS : j espere que les rapport dont dans l ordre
RAPPORT ( 1* ) AVIRA ANTIVIR PERSONAL :
Avira AntiVir Personal
Report file date: dimanche 5 octobre 2008 02:07
Scanning for 1658825 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: C469AD818AB246E
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 20:25:26
ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 00:01:01
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 01/10/2008 20:25:38
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 01/10/2008 20:25:37
AEPACK.DLL : 8.1.2.3 364918 Bytes 01/10/2008 20:25:35
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 01/10/2008 20:25:34
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 01/10/2008 20:25:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 01/10/2008 20:25:30
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 01/10/2008 20:25:29
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/10/2008 20:25:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 5 octobre 2008 02:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'Reminder.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'TweakRAM.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SAV.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msn.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nod32kui.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nod32krn.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '65' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\al\Local Settings\Temp\a.exe
[DETECTION] Is the TR/Agent.87040.I Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\al\Local Settings\Temp\video1019.cfg
[DETECTION] Is the TR/Dldr.Agent.rzi Trojan
[NOTE] The file was deleted!
C:\Program Files\Eset\infected\3JLCLRBA.NQF
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Eset\infected\3JLCLRBA.NQF
[DETECTION] Is the TR/Dldr.FraudL.vaqw Trojan
[NOTE] The file was deleted!
C:\Program Files\SAV\SAV.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078391.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <Nouveau nom>
End of the scan: dimanche 5 octobre 2008 04:06
Used time: 1:59:10 Hour(s)
The scan has been done completely.
10673 Scanning directories
393147 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
393141 Files not concerned
2254 Archives were scanned
2 Warnings
4 Notes
RAPPORT ( 2* ) SPYBOAT SEARCH AND DESTROY ( viruses.bdt ) :
|Spyware |C:\WINDOWS\system32\6to4svc.dll |Spyware.IEMonster.d
|Trojan |C:\WINDOWS\system32\camocx.dll |Trojan.Pirlames
|Backdoor |C:\WINDOWS\system32\DBmsLPCn.dll |Backdoor.Lifefournow
|Worm |injection |W32.Imaut.CO
|Spyware |autoexécution |Spyware.ScreenView
|Adware |injection |Adware.Searchtool
|Dialer |injection |Dialer.Cyberbill
|Adware |registre |Adware.Searchtool
|Worm |C:\WINDOWS\system32\msxml3.dll |W32.Mikbaland
|Trojan |C:\WINDOWS\system32\nwprovau.dll |Trojan.Killwma
|Dialer |injection |Dialer.Sexprovider
|Worm |C:\WINDOWS\system32\rshx32.dll |Downloader.Almanahe
|Adware |C:\WINDOWS\system32\SMMedia.dll |Adware.Searchtool
|Adware |C:\WINDOWS\system32\unrar.dll |Adware.LoveFreeGames
|Trojan |exécution caché |Trojan.Farfli
|Spyware |C:\WINDOWS\system32\wsock32.dll |Spyware.IEMonster.d
|Tracking Cookie|Web browser |01net
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1070995593
|Tracking Cookie|Web browser |123.jeuxvideo-flash
|Tracking Cookie|Web browser |247realmedia
|Tracking Cookie|Web browser |2o7
|Tracking Cookie|Web browser |3animalsex
|Tracking Cookie|Web browser |66.212.232
|Tracking Cookie|Web browser |a2dfp
|Tracking Cookie|Web browser |abmr
|Tracking Cookie|Web browser |acces-adulte
|Tracking Cookie|Web browser |ad.100-gen.tbn
|Tracking Cookie|Web browser |ad.100.tbn
|Tracking Cookie|Web browser |ad.120-gen.tbn
|Tracking Cookie|Web browser |ad.e240.tbn
|Tracking Cookie|Web browser |ad.ent.tbn
|Tracking Cookie|Web browser |ad.ett.tbn
|Tracking Cookie|Web browser |ad.gen.tbn
|Tracking Cookie|Web browser |ad.strict.tbn
|Tracking Cookie|Web browser |ad.text-ent.tbn
|Tracking Cookie|Web browser |ad.text.tbn
|Tracking Cookie|Web browser |ad.zanox
|Tracking Cookie|Web browser |adbrite
|Tracking Cookie|Web browser |adecn
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adriver
|Tracking Cookie|Web browser |ads-dev.youporn
|Tracking Cookie|Web browser |ads.128b
|Tracking Cookie|Web browser |ads.clicksor
|Tracking Cookie|Web browser |ads.pigsbrothers
|Tracking Cookie|Web browser |ads.pointroll
|Tracking Cookie|Web browser |ads.twenga
|Tracking Cookie|Web browser |adtech
|Tracking Cookie|Web browser |adultfriendfinder
|Tracking Cookie|Web browser |advertising.youdagames
|Tracking Cookie|Web browser |aimfar.solution.weborama
|Tracking Cookie|Web browser |alinea
|Tracking Cookie|Web browser |atraxio
|Tracking Cookie|Web browser |awesomesexblog
|Tracking Cookie|Web browser |bangbrosnetwork
|Tracking Cookie|Web browser |bestpaymentsolution
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bidvertiser
|Tracking Cookie|Web browser |bl137w.blu137.mail.live
|Tracking Cookie|Web browser |blogbang
|Tracking Cookie|Web browser |bnpparibasnet.solution.weborama
|Tracking Cookie|Web browser |bobtv
|Tracking Cookie|Web browser |booking
|Tracking Cookie|Web browser |bouchra91000.skyrock
|Tracking Cookie|Web browser |brandreachsys
|Tracking Cookie|Web browser |brazzersnetwork
|Tracking Cookie|Web browser |bs.serving-sys
|Tracking Cookie|Web browser |by102w.bay102.mail.live
|Tracking Cookie|Web browser |by103w.bay103.mail.live
|Tracking Cookie|Web browser |c.msn.co
|Tracking Cookie|Web browser |c.msn
|Tracking Cookie|Web browser |cendrillon75019.skyrock
|Tracking Cookie|Web browser |cetelem.solution.weborama
|Tracking Cookie|Web browser |cgi-bin
|Tracking Cookie|Web browser |chaina01.skyrock
|Tracking Cookie|Web browser |chaines2-c.free
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |click.32ads
|Tracking Cookie|Web browser |clickintext
|Tracking Cookie|Web browser |clicks.adengage
|Tracking Cookie|Web browser |clubic
|Tracking Cookie|Web browser |commentcamarche
|Tracking Cookie|Web browser |criteo
|Tracking Cookie|Web browser |cybermonitor
|Tracking Cookie|Web browser |dailymotion
|Tracking Cookie|Web browser |DCSh43pleXwn91CTTmXF47Qs5_4Z7X
|Tracking Cookie|Web browser |dcsv5srln00000kj0h3cxtx6u_3y9l
|Tracking Cookie|Web browser |diffusion
|Tracking Cookie|Web browser |directivepub
|Tracking Cookie|Web browser |dirtyc.skyrock
|Tracking Cookie|Web browser |domusparis
|Tracking Cookie|Web browser |edt02
|Tracking Cookie|Web browser |em.aveno
|Tracking Cookie|Web browser |emule-france
|Tracking Cookie|Web browser |en.maintds
|Tracking Cookie|Web browser |escro-13-o-15.skyrock
|Tracking Cookie|Web browser |estat
|Tracking Cookie|Web browser |etology
|Tracking Cookie|Web browser |exoclick
|Tracking Cookie|Web browser |ext.infos-du-net
|Tracking Cookie|Web browser |extrait-gratos
|Tracking Cookie|Web browser |facebook
|Tracking Cookie|Web browser |fbcdn
|Tracking Cookie|Web browser |fl01.ct2.comclick
|Tracking Cookie|Web browser |fling
|Tracking Cookie|Web browser |fnac
|Tracking Cookie|Web browser |fr.a2dfp
|Tracking Cookie|Web browser |fr.msn
|Tracking Cookie|Web browser |fr.virusremover2008
|Tracking Cookie|Web browser |freehotmovie
|Tracking Cookie|Web browser |free
|Tracking Cookie|Web browser |garnierpure.solution.weborama
|Tracking Cookie|Web browser |genhit
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |govoyages
|Tracking Cookie|Web browser |guesswatches
RAPPORT ( 3* ) HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:12:43, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [msn] c:\win\4.7\msn.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\al\LOCALS~1\Temp\video1019.cfg.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8d6ff5211f4942bd9ff558fec0deb4f1
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8d6ff5211f4942bd9ff558fec0deb4f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
- RESTAURER MON ORIDNATEUR A UNE DATE ANTERIEUR
- CREER UN POINT DE RESTAURATION.
j ai essayer de faire une restauration a une date anterieur ou je suis d avoir eu une config saine. mais l ordi n as pas pu la faire. il s eteignait chargé les parametere puis apres me disaitqu il pouvait pas ( j ai fait plusieur fois la manip sans succes )
apres ca j ais refait des scan avec AVIRA ANTIVIR PERSONAL - FREE ANTIVIRUS ( j ai une copie du rapport que je posterai ( 1* ), puis avec NOD 32 ANTIVIRUS ainsi que SPYBOT SEARCH ET DESTROY ( j ai le rapport aussi que je posterai ( 2*) ) et enfin par HIJACKTHIS ( rapport a la fin ). jvoudrais savoir si je suis encore sous la gene d un ou plusieur virus et si oui comment m en préserver. merci d avance pour le temps et l aide que l on apporte
PS : j espere que les rapport dont dans l ordre
RAPPORT ( 1* ) AVIRA ANTIVIR PERSONAL :
Avira AntiVir Personal
Report file date: dimanche 5 octobre 2008 02:07
Scanning for 1658825 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: C469AD818AB246E
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 20:25:26
ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 00:01:01
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 01/10/2008 20:25:38
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 01/10/2008 20:25:37
AEPACK.DLL : 8.1.2.3 364918 Bytes 01/10/2008 20:25:35
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 01/10/2008 20:25:34
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 01/10/2008 20:25:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 01/10/2008 20:25:30
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 01/10/2008 20:25:29
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/10/2008 20:25:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 5 octobre 2008 02:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'Reminder.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'TweakRAM.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SAV.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msn.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nod32kui.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nod32krn.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '65' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\al\Local Settings\Temp\a.exe
[DETECTION] Is the TR/Agent.87040.I Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\al\Local Settings\Temp\video1019.cfg
[DETECTION] Is the TR/Dldr.Agent.rzi Trojan
[NOTE] The file was deleted!
C:\Program Files\Eset\infected\3JLCLRBA.NQF
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Eset\infected\3JLCLRBA.NQF
[DETECTION] Is the TR/Dldr.FraudL.vaqw Trojan
[NOTE] The file was deleted!
C:\Program Files\SAV\SAV.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078391.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <Nouveau nom>
End of the scan: dimanche 5 octobre 2008 04:06
Used time: 1:59:10 Hour(s)
The scan has been done completely.
10673 Scanning directories
393147 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
393141 Files not concerned
2254 Archives were scanned
2 Warnings
4 Notes
RAPPORT ( 2* ) SPYBOAT SEARCH AND DESTROY ( viruses.bdt ) :
|Spyware |C:\WINDOWS\system32\6to4svc.dll |Spyware.IEMonster.d
|Trojan |C:\WINDOWS\system32\camocx.dll |Trojan.Pirlames
|Backdoor |C:\WINDOWS\system32\DBmsLPCn.dll |Backdoor.Lifefournow
|Worm |injection |W32.Imaut.CO
|Spyware |autoexécution |Spyware.ScreenView
|Adware |injection |Adware.Searchtool
|Dialer |injection |Dialer.Cyberbill
|Adware |registre |Adware.Searchtool
|Worm |C:\WINDOWS\system32\msxml3.dll |W32.Mikbaland
|Trojan |C:\WINDOWS\system32\nwprovau.dll |Trojan.Killwma
|Dialer |injection |Dialer.Sexprovider
|Worm |C:\WINDOWS\system32\rshx32.dll |Downloader.Almanahe
|Adware |C:\WINDOWS\system32\SMMedia.dll |Adware.Searchtool
|Adware |C:\WINDOWS\system32\unrar.dll |Adware.LoveFreeGames
|Trojan |exécution caché |Trojan.Farfli
|Spyware |C:\WINDOWS\system32\wsock32.dll |Spyware.IEMonster.d
|Tracking Cookie|Web browser |01net
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1070995593
|Tracking Cookie|Web browser |123.jeuxvideo-flash
|Tracking Cookie|Web browser |247realmedia
|Tracking Cookie|Web browser |2o7
|Tracking Cookie|Web browser |3animalsex
|Tracking Cookie|Web browser |66.212.232
|Tracking Cookie|Web browser |a2dfp
|Tracking Cookie|Web browser |abmr
|Tracking Cookie|Web browser |acces-adulte
|Tracking Cookie|Web browser |ad.100-gen.tbn
|Tracking Cookie|Web browser |ad.100.tbn
|Tracking Cookie|Web browser |ad.120-gen.tbn
|Tracking Cookie|Web browser |ad.e240.tbn
|Tracking Cookie|Web browser |ad.ent.tbn
|Tracking Cookie|Web browser |ad.ett.tbn
|Tracking Cookie|Web browser |ad.gen.tbn
|Tracking Cookie|Web browser |ad.strict.tbn
|Tracking Cookie|Web browser |ad.text-ent.tbn
|Tracking Cookie|Web browser |ad.text.tbn
|Tracking Cookie|Web browser |ad.zanox
|Tracking Cookie|Web browser |adbrite
|Tracking Cookie|Web browser |adecn
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adriver
|Tracking Cookie|Web browser |ads-dev.youporn
|Tracking Cookie|Web browser |ads.128b
|Tracking Cookie|Web browser |ads.clicksor
|Tracking Cookie|Web browser |ads.pigsbrothers
|Tracking Cookie|Web browser |ads.pointroll
|Tracking Cookie|Web browser |ads.twenga
|Tracking Cookie|Web browser |adtech
|Tracking Cookie|Web browser |adultfriendfinder
|Tracking Cookie|Web browser |advertising.youdagames
|Tracking Cookie|Web browser |aimfar.solution.weborama
|Tracking Cookie|Web browser |alinea
|Tracking Cookie|Web browser |atraxio
|Tracking Cookie|Web browser |awesomesexblog
|Tracking Cookie|Web browser |bangbrosnetwork
|Tracking Cookie|Web browser |bestpaymentsolution
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bidvertiser
|Tracking Cookie|Web browser |bl137w.blu137.mail.live
|Tracking Cookie|Web browser |blogbang
|Tracking Cookie|Web browser |bnpparibasnet.solution.weborama
|Tracking Cookie|Web browser |bobtv
|Tracking Cookie|Web browser |booking
|Tracking Cookie|Web browser |bouchra91000.skyrock
|Tracking Cookie|Web browser |brandreachsys
|Tracking Cookie|Web browser |brazzersnetwork
|Tracking Cookie|Web browser |bs.serving-sys
|Tracking Cookie|Web browser |by102w.bay102.mail.live
|Tracking Cookie|Web browser |by103w.bay103.mail.live
|Tracking Cookie|Web browser |c.msn.co
|Tracking Cookie|Web browser |c.msn
|Tracking Cookie|Web browser |cendrillon75019.skyrock
|Tracking Cookie|Web browser |cetelem.solution.weborama
|Tracking Cookie|Web browser |cgi-bin
|Tracking Cookie|Web browser |chaina01.skyrock
|Tracking Cookie|Web browser |chaines2-c.free
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |click.32ads
|Tracking Cookie|Web browser |clickintext
|Tracking Cookie|Web browser |clicks.adengage
|Tracking Cookie|Web browser |clubic
|Tracking Cookie|Web browser |commentcamarche
|Tracking Cookie|Web browser |criteo
|Tracking Cookie|Web browser |cybermonitor
|Tracking Cookie|Web browser |dailymotion
|Tracking Cookie|Web browser |DCSh43pleXwn91CTTmXF47Qs5_4Z7X
|Tracking Cookie|Web browser |dcsv5srln00000kj0h3cxtx6u_3y9l
|Tracking Cookie|Web browser |diffusion
|Tracking Cookie|Web browser |directivepub
|Tracking Cookie|Web browser |dirtyc.skyrock
|Tracking Cookie|Web browser |domusparis
|Tracking Cookie|Web browser |edt02
|Tracking Cookie|Web browser |em.aveno
|Tracking Cookie|Web browser |emule-france
|Tracking Cookie|Web browser |en.maintds
|Tracking Cookie|Web browser |escro-13-o-15.skyrock
|Tracking Cookie|Web browser |estat
|Tracking Cookie|Web browser |etology
|Tracking Cookie|Web browser |exoclick
|Tracking Cookie|Web browser |ext.infos-du-net
|Tracking Cookie|Web browser |extrait-gratos
|Tracking Cookie|Web browser |facebook
|Tracking Cookie|Web browser |fbcdn
|Tracking Cookie|Web browser |fl01.ct2.comclick
|Tracking Cookie|Web browser |fling
|Tracking Cookie|Web browser |fnac
|Tracking Cookie|Web browser |fr.a2dfp
|Tracking Cookie|Web browser |fr.msn
|Tracking Cookie|Web browser |fr.virusremover2008
|Tracking Cookie|Web browser |freehotmovie
|Tracking Cookie|Web browser |free
|Tracking Cookie|Web browser |garnierpure.solution.weborama
|Tracking Cookie|Web browser |genhit
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |govoyages
|Tracking Cookie|Web browser |guesswatches
RAPPORT ( 3* ) HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:12:43, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [msn] c:\win\4.7\msn.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\al\LOCALS~1\Temp\video1019.cfg.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8d6ff5211f4942bd9ff558fec0deb4f1
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8d6ff5211f4942bd9ff558fec0deb4f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
MERCI A TOUS CEUX QUI M ONT REPONDU ! et surtout jorginho67. j ai suivi tes instuctions et le bouclier rouge avec la crois blanche " you have a security problem " a disparue ainsi que tout les fenetres de pub pour antivirus. par contre j ai toujours ma barre d outils et de demarrage grise comme si j etais en sous Win95 ou Win98. j ai essayé la restauration du syteme mais ca me proposait 2 choix :
- RESTAURER MON ORIDNATEUR A UNE DATE ANTERIEUR
- CREER UN POINT DE RESTAURATION.
j ai essayer de faire une restauration a une date anterieur ou je suis d avoir eu une config saine. mais l ordi n as pas pu la faire. il s eteignait chargé les parametere puis apres me disaitqu il pouvait pas ( j ai fait plusieur fois la manip sans succes )
apres ca j ais refait des scan avec AVIRA ANTIVIR PERSONAL - FREE ANTIVIRUS ( j ai une copie du rapport que je posterai ( 1* ), puis avec NOD 32 ANTIVIRUS ainsi que SPYBOT SEARCH ET DESTROY ( j ai le rapport aussi que je posterai ( 2*) ) et enfin par HIJACKTHIS ( rapport a la fin ). jvoudrais savoir si je suis encore sous la gene d un ou plusieur virus et si oui comment m en préserver. merci d avance pour le temps et l aide que l on apporte
PS : j espere que les rapport dont dans l ordre
RAPPORT ( 1* ) AVIRA ANTIVIR PERSONAL :
Avira AntiVir Personal
Report file date: dimanche 5 octobre 2008 02:07
Scanning for 1658825 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: C469AD818AB246E
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 20:25:26
ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 00:01:01
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 01/10/2008 20:25:38
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 01/10/2008 20:25:37
AEPACK.DLL : 8.1.2.3 364918 Bytes 01/10/2008 20:25:35
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 01/10/2008 20:25:34
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 01/10/2008 20:25:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 01/10/2008 20:25:30
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 01/10/2008 20:25:29
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/10/2008 20:25:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 5 octobre 2008 02:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'Reminder.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'TweakRAM.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SAV.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msn.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nod32kui.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nod32krn.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '65' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\al\Local Settings\Temp\a.exe
[DETECTION] Is the TR/Agent.87040.I Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\al\Local Settings\Temp\video1019.cfg
[DETECTION] Is the TR/Dldr.Agent.rzi Trojan
[NOTE] The file was deleted!
C:\Program Files\Eset\infected\3JLCLRBA.NQF
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Eset\infected\3JLCLRBA.NQF
[DETECTION] Is the TR/Dldr.FraudL.vaqw Trojan
[NOTE] The file was deleted!
C:\Program Files\SAV\SAV.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078391.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <Nouveau nom>
End of the scan: dimanche 5 octobre 2008 04:06
Used time: 1:59:10 Hour(s)
The scan has been done completely.
10673 Scanning directories
393147 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
393141 Files not concerned
2254 Archives were scanned
2 Warnings
4 Notes
RAPPORT ( 2* ) SPYBOAT SEARCH AND DESTROY ( viruses.bdt ) :
|Spyware |C:\WINDOWS\system32\6to4svc.dll |Spyware.IEMonster.d
|Trojan |C:\WINDOWS\system32\camocx.dll |Trojan.Pirlames
|Backdoor |C:\WINDOWS\system32\DBmsLPCn.dll |Backdoor.Lifefournow
|Worm |injection |W32.Imaut.CO
|Spyware |autoexécution |Spyware.ScreenView
|Adware |injection |Adware.Searchtool
|Dialer |injection |Dialer.Cyberbill
|Adware |registre |Adware.Searchtool
|Worm |C:\WINDOWS\system32\msxml3.dll |W32.Mikbaland
|Trojan |C:\WINDOWS\system32\nwprovau.dll |Trojan.Killwma
|Dialer |injection |Dialer.Sexprovider
|Worm |C:\WINDOWS\system32\rshx32.dll |Downloader.Almanahe
|Adware |C:\WINDOWS\system32\SMMedia.dll |Adware.Searchtool
|Adware |C:\WINDOWS\system32\unrar.dll |Adware.LoveFreeGames
|Trojan |exécution caché |Trojan.Farfli
|Spyware |C:\WINDOWS\system32\wsock32.dll |Spyware.IEMonster.d
|Tracking Cookie|Web browser |01net
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1070995593
|Tracking Cookie|Web browser |123.jeuxvideo-flash
|Tracking Cookie|Web browser |247realmedia
|Tracking Cookie|Web browser |2o7
|Tracking Cookie|Web browser |3animalsex
|Tracking Cookie|Web browser |66.212.232
|Tracking Cookie|Web browser |a2dfp
|Tracking Cookie|Web browser |abmr
|Tracking Cookie|Web browser |acces-adulte
|Tracking Cookie|Web browser |ad.100-gen.tbn
|Tracking Cookie|Web browser |ad.100.tbn
|Tracking Cookie|Web browser |ad.120-gen.tbn
|Tracking Cookie|Web browser |ad.e240.tbn
|Tracking Cookie|Web browser |ad.ent.tbn
|Tracking Cookie|Web browser |ad.ett.tbn
|Tracking Cookie|Web browser |ad.gen.tbn
|Tracking Cookie|Web browser |ad.strict.tbn
|Tracking Cookie|Web browser |ad.text-ent.tbn
|Tracking Cookie|Web browser |ad.text.tbn
|Tracking Cookie|Web browser |ad.zanox
|Tracking Cookie|Web browser |adbrite
|Tracking Cookie|Web browser |adecn
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adriver
|Tracking Cookie|Web browser |ads-dev.youporn
|Tracking Cookie|Web browser |ads.128b
|Tracking Cookie|Web browser |ads.clicksor
|Tracking Cookie|Web browser |ads.pigsbrothers
|Tracking Cookie|Web browser |ads.pointroll
|Tracking Cookie|Web browser |ads.twenga
|Tracking Cookie|Web browser |adtech
|Tracking Cookie|Web browser |adultfriendfinder
|Tracking Cookie|Web browser |advertising.youdagames
|Tracking Cookie|Web browser |aimfar.solution.weborama
|Tracking Cookie|Web browser |alinea
|Tracking Cookie|Web browser |atraxio
|Tracking Cookie|Web browser |awesomesexblog
|Tracking Cookie|Web browser |bangbrosnetwork
|Tracking Cookie|Web browser |bestpaymentsolution
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bidvertiser
|Tracking Cookie|Web browser |bl137w.blu137.mail.live
|Tracking Cookie|Web browser |blogbang
|Tracking Cookie|Web browser |bnpparibasnet.solution.weborama
|Tracking Cookie|Web browser |bobtv
|Tracking Cookie|Web browser |booking
|Tracking Cookie|Web browser |bouchra91000.skyrock
|Tracking Cookie|Web browser |brandreachsys
|Tracking Cookie|Web browser |brazzersnetwork
|Tracking Cookie|Web browser |bs.serving-sys
|Tracking Cookie|Web browser |by102w.bay102.mail.live
|Tracking Cookie|Web browser |by103w.bay103.mail.live
|Tracking Cookie|Web browser |c.msn.co
|Tracking Cookie|Web browser |c.msn
|Tracking Cookie|Web browser |cendrillon75019.skyrock
|Tracking Cookie|Web browser |cetelem.solution.weborama
|Tracking Cookie|Web browser |cgi-bin
|Tracking Cookie|Web browser |chaina01.skyrock
|Tracking Cookie|Web browser |chaines2-c.free
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |click.32ads
|Tracking Cookie|Web browser |clickintext
|Tracking Cookie|Web browser |clicks.adengage
|Tracking Cookie|Web browser |clubic
|Tracking Cookie|Web browser |commentcamarche
|Tracking Cookie|Web browser |criteo
|Tracking Cookie|Web browser |cybermonitor
|Tracking Cookie|Web browser |dailymotion
|Tracking Cookie|Web browser |DCSh43pleXwn91CTTmXF47Qs5_4Z7X
|Tracking Cookie|Web browser |dcsv5srln00000kj0h3cxtx6u_3y9l
|Tracking Cookie|Web browser |diffusion
|Tracking Cookie|Web browser |directivepub
|Tracking Cookie|Web browser |dirtyc.skyrock
|Tracking Cookie|Web browser |domusparis
|Tracking Cookie|Web browser |edt02
|Tracking Cookie|Web browser |em.aveno
|Tracking Cookie|Web browser |emule-france
|Tracking Cookie|Web browser |en.maintds
|Tracking Cookie|Web browser |escro-13-o-15.skyrock
|Tracking Cookie|Web browser |estat
|Tracking Cookie|Web browser |etology
|Tracking Cookie|Web browser |exoclick
|Tracking Cookie|Web browser |ext.infos-du-net
|Tracking Cookie|Web browser |extrait-gratos
|Tracking Cookie|Web browser |facebook
|Tracking Cookie|Web browser |fbcdn
|Tracking Cookie|Web browser |fl01.ct2.comclick
|Tracking Cookie|Web browser |fling
|Tracking Cookie|Web browser |fnac
|Tracking Cookie|Web browser |fr.a2dfp
|Tracking Cookie|Web browser |fr.msn
|Tracking Cookie|Web browser |fr.virusremover2008
|Tracking Cookie|Web browser |freehotmovie
|Tracking Cookie|Web browser |free
|Tracking Cookie|Web browser |garnierpure.solution.weborama
|Tracking Cookie|Web browser |genhit
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |govoyages
|Tracking Cookie|Web browser |guesswatches
RAPPORT ( 3* ) HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:12:43, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [msn] c:\win\4.7\msn.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\al\LOCALS~1\Temp\video1019.cfg.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8d6ff5211f4942bd9ff558fec0deb4f1
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8d6ff5211f4942bd9ff558fec0deb4f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
- RESTAURER MON ORIDNATEUR A UNE DATE ANTERIEUR
- CREER UN POINT DE RESTAURATION.
j ai essayer de faire une restauration a une date anterieur ou je suis d avoir eu une config saine. mais l ordi n as pas pu la faire. il s eteignait chargé les parametere puis apres me disaitqu il pouvait pas ( j ai fait plusieur fois la manip sans succes )
apres ca j ais refait des scan avec AVIRA ANTIVIR PERSONAL - FREE ANTIVIRUS ( j ai une copie du rapport que je posterai ( 1* ), puis avec NOD 32 ANTIVIRUS ainsi que SPYBOT SEARCH ET DESTROY ( j ai le rapport aussi que je posterai ( 2*) ) et enfin par HIJACKTHIS ( rapport a la fin ). jvoudrais savoir si je suis encore sous la gene d un ou plusieur virus et si oui comment m en préserver. merci d avance pour le temps et l aide que l on apporte
PS : j espere que les rapport dont dans l ordre
RAPPORT ( 1* ) AVIRA ANTIVIR PERSONAL :
Avira AntiVir Personal
Report file date: dimanche 5 octobre 2008 02:07
Scanning for 1658825 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: C469AD818AB246E
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 20:25:26
ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 00:01:01
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 01/10/2008 20:25:38
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 01/10/2008 20:25:37
AEPACK.DLL : 8.1.2.3 364918 Bytes 01/10/2008 20:25:35
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 01/10/2008 20:25:34
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 01/10/2008 20:25:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 01/10/2008 20:25:30
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 01/10/2008 20:25:29
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/10/2008 20:25:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 5 octobre 2008 02:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'Reminder.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'TweakRAM.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SAV.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msn.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nod32kui.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nod32krn.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '65' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\al\Local Settings\Temp\a.exe
[DETECTION] Is the TR/Agent.87040.I Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\al\Local Settings\Temp\video1019.cfg
[DETECTION] Is the TR/Dldr.Agent.rzi Trojan
[NOTE] The file was deleted!
C:\Program Files\Eset\infected\3JLCLRBA.NQF
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Eset\infected\3JLCLRBA.NQF
[DETECTION] Is the TR/Dldr.FraudL.vaqw Trojan
[NOTE] The file was deleted!
C:\Program Files\SAV\SAV.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078391.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <Nouveau nom>
End of the scan: dimanche 5 octobre 2008 04:06
Used time: 1:59:10 Hour(s)
The scan has been done completely.
10673 Scanning directories
393147 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
393141 Files not concerned
2254 Archives were scanned
2 Warnings
4 Notes
RAPPORT ( 2* ) SPYBOAT SEARCH AND DESTROY ( viruses.bdt ) :
|Spyware |C:\WINDOWS\system32\6to4svc.dll |Spyware.IEMonster.d
|Trojan |C:\WINDOWS\system32\camocx.dll |Trojan.Pirlames
|Backdoor |C:\WINDOWS\system32\DBmsLPCn.dll |Backdoor.Lifefournow
|Worm |injection |W32.Imaut.CO
|Spyware |autoexécution |Spyware.ScreenView
|Adware |injection |Adware.Searchtool
|Dialer |injection |Dialer.Cyberbill
|Adware |registre |Adware.Searchtool
|Worm |C:\WINDOWS\system32\msxml3.dll |W32.Mikbaland
|Trojan |C:\WINDOWS\system32\nwprovau.dll |Trojan.Killwma
|Dialer |injection |Dialer.Sexprovider
|Worm |C:\WINDOWS\system32\rshx32.dll |Downloader.Almanahe
|Adware |C:\WINDOWS\system32\SMMedia.dll |Adware.Searchtool
|Adware |C:\WINDOWS\system32\unrar.dll |Adware.LoveFreeGames
|Trojan |exécution caché |Trojan.Farfli
|Spyware |C:\WINDOWS\system32\wsock32.dll |Spyware.IEMonster.d
|Tracking Cookie|Web browser |01net
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1070995593
|Tracking Cookie|Web browser |123.jeuxvideo-flash
|Tracking Cookie|Web browser |247realmedia
|Tracking Cookie|Web browser |2o7
|Tracking Cookie|Web browser |3animalsex
|Tracking Cookie|Web browser |66.212.232
|Tracking Cookie|Web browser |a2dfp
|Tracking Cookie|Web browser |abmr
|Tracking Cookie|Web browser |acces-adulte
|Tracking Cookie|Web browser |ad.100-gen.tbn
|Tracking Cookie|Web browser |ad.100.tbn
|Tracking Cookie|Web browser |ad.120-gen.tbn
|Tracking Cookie|Web browser |ad.e240.tbn
|Tracking Cookie|Web browser |ad.ent.tbn
|Tracking Cookie|Web browser |ad.ett.tbn
|Tracking Cookie|Web browser |ad.gen.tbn
|Tracking Cookie|Web browser |ad.strict.tbn
|Tracking Cookie|Web browser |ad.text-ent.tbn
|Tracking Cookie|Web browser |ad.text.tbn
|Tracking Cookie|Web browser |ad.zanox
|Tracking Cookie|Web browser |adbrite
|Tracking Cookie|Web browser |adecn
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adriver
|Tracking Cookie|Web browser |ads-dev.youporn
|Tracking Cookie|Web browser |ads.128b
|Tracking Cookie|Web browser |ads.clicksor
|Tracking Cookie|Web browser |ads.pigsbrothers
|Tracking Cookie|Web browser |ads.pointroll
|Tracking Cookie|Web browser |ads.twenga
|Tracking Cookie|Web browser |adtech
|Tracking Cookie|Web browser |adultfriendfinder
|Tracking Cookie|Web browser |advertising.youdagames
|Tracking Cookie|Web browser |aimfar.solution.weborama
|Tracking Cookie|Web browser |alinea
|Tracking Cookie|Web browser |atraxio
|Tracking Cookie|Web browser |awesomesexblog
|Tracking Cookie|Web browser |bangbrosnetwork
|Tracking Cookie|Web browser |bestpaymentsolution
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bidvertiser
|Tracking Cookie|Web browser |bl137w.blu137.mail.live
|Tracking Cookie|Web browser |blogbang
|Tracking Cookie|Web browser |bnpparibasnet.solution.weborama
|Tracking Cookie|Web browser |bobtv
|Tracking Cookie|Web browser |booking
|Tracking Cookie|Web browser |bouchra91000.skyrock
|Tracking Cookie|Web browser |brandreachsys
|Tracking Cookie|Web browser |brazzersnetwork
|Tracking Cookie|Web browser |bs.serving-sys
|Tracking Cookie|Web browser |by102w.bay102.mail.live
|Tracking Cookie|Web browser |by103w.bay103.mail.live
|Tracking Cookie|Web browser |c.msn.co
|Tracking Cookie|Web browser |c.msn
|Tracking Cookie|Web browser |cendrillon75019.skyrock
|Tracking Cookie|Web browser |cetelem.solution.weborama
|Tracking Cookie|Web browser |cgi-bin
|Tracking Cookie|Web browser |chaina01.skyrock
|Tracking Cookie|Web browser |chaines2-c.free
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |click.32ads
|Tracking Cookie|Web browser |clickintext
|Tracking Cookie|Web browser |clicks.adengage
|Tracking Cookie|Web browser |clubic
|Tracking Cookie|Web browser |commentcamarche
|Tracking Cookie|Web browser |criteo
|Tracking Cookie|Web browser |cybermonitor
|Tracking Cookie|Web browser |dailymotion
|Tracking Cookie|Web browser |DCSh43pleXwn91CTTmXF47Qs5_4Z7X
|Tracking Cookie|Web browser |dcsv5srln00000kj0h3cxtx6u_3y9l
|Tracking Cookie|Web browser |diffusion
|Tracking Cookie|Web browser |directivepub
|Tracking Cookie|Web browser |dirtyc.skyrock
|Tracking Cookie|Web browser |domusparis
|Tracking Cookie|Web browser |edt02
|Tracking Cookie|Web browser |em.aveno
|Tracking Cookie|Web browser |emule-france
|Tracking Cookie|Web browser |en.maintds
|Tracking Cookie|Web browser |escro-13-o-15.skyrock
|Tracking Cookie|Web browser |estat
|Tracking Cookie|Web browser |etology
|Tracking Cookie|Web browser |exoclick
|Tracking Cookie|Web browser |ext.infos-du-net
|Tracking Cookie|Web browser |extrait-gratos
|Tracking Cookie|Web browser |facebook
|Tracking Cookie|Web browser |fbcdn
|Tracking Cookie|Web browser |fl01.ct2.comclick
|Tracking Cookie|Web browser |fling
|Tracking Cookie|Web browser |fnac
|Tracking Cookie|Web browser |fr.a2dfp
|Tracking Cookie|Web browser |fr.msn
|Tracking Cookie|Web browser |fr.virusremover2008
|Tracking Cookie|Web browser |freehotmovie
|Tracking Cookie|Web browser |free
|Tracking Cookie|Web browser |garnierpure.solution.weborama
|Tracking Cookie|Web browser |genhit
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |govoyages
|Tracking Cookie|Web browser |guesswatches
RAPPORT ( 3* ) HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:12:43, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [msn] c:\win\4.7\msn.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\al\LOCALS~1\Temp\video1019.cfg.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8d6ff5211f4942bd9ff558fec0deb4f1
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8d6ff5211f4942bd9ff558fec0deb4f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
MERCI A TOUS CEUX QUI M ONT REPONDU ! et surtout jorginho67. j ai suivi tes instuctions et le bouclier rouge avec la crois blanche " you have a security problem " a disparue ainsi que tout les fenetres de pub pour antivirus. par contre j ai toujours ma barre d outils et de demarrage grise comme si j etais en sous Win95 ou Win98. j ai essayé la restauration du syteme mais ca me proposait 2 choix :
- RESTAURER MON ORIDNATEUR A UNE DATE ANTERIEUR
- CREER UN POINT DE RESTAURATION.
j ai essayer de faire une restauration a une date anterieur ou je suis d avoir eu une config saine. mais l ordi n as pas pu la faire. il s eteignait chargé les parametere puis apres me disaitqu il pouvait pas ( j ai fait plusieur fois la manip sans succes )
apres ca j ais refait des scan avec AVIRA ANTIVIR PERSONAL - FREE ANTIVIRUS ( j ai une copie du rapport que je posterai ( 1* ), puis avec NOD 32 ANTIVIRUS ainsi que SPYBOT SEARCH ET DESTROY ( j ai le rapport aussi que je posterai ( 2*) ) et enfin par HIJACKTHIS ( rapport a la fin ). jvoudrais savoir si je suis encore sous la gene d un ou plusieur virus et si oui comment m en préserver. merci d avance pour le temps et l aide que l on apporte
PS : j espere que les rapport dont dans l ordre
RAPPORT ( 1* ) AVIRA ANTIVIR PERSONAL :
Avira AntiVir Personal
Report file date: dimanche 5 octobre 2008 02:07
Scanning for 1658825 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: C469AD818AB246E
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 20:25:26
ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 00:01:01
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 01/10/2008 20:25:38
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 01/10/2008 20:25:37
AEPACK.DLL : 8.1.2.3 364918 Bytes 01/10/2008 20:25:35
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 01/10/2008 20:25:34
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 01/10/2008 20:25:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 01/10/2008 20:25:30
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 01/10/2008 20:25:29
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/10/2008 20:25:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 5 octobre 2008 02:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'Reminder.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'TweakRAM.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SAV.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msn.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nod32kui.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nod32krn.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '65' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\al\Local Settings\Temp\a.exe
[DETECTION] Is the TR/Agent.87040.I Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\al\Local Settings\Temp\video1019.cfg
[DETECTION] Is the TR/Dldr.Agent.rzi Trojan
[NOTE] The file was deleted!
C:\Program Files\Eset\infected\3JLCLRBA.NQF
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Eset\infected\3JLCLRBA.NQF
[DETECTION] Is the TR/Dldr.FraudL.vaqw Trojan
[NOTE] The file was deleted!
C:\Program Files\SAV\SAV.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078391.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <Nouveau nom>
End of the scan: dimanche 5 octobre 2008 04:06
Used time: 1:59:10 Hour(s)
The scan has been done completely.
10673 Scanning directories
393147 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
393141 Files not concerned
2254 Archives were scanned
2 Warnings
4 Notes
RAPPORT ( 2* ) SPYBOAT SEARCH AND DESTROY ( viruses.bdt ) :
|Spyware |C:\WINDOWS\system32\6to4svc.dll |Spyware.IEMonster.d
|Trojan |C:\WINDOWS\system32\camocx.dll |Trojan.Pirlames
|Backdoor |C:\WINDOWS\system32\DBmsLPCn.dll |Backdoor.Lifefournow
|Worm |injection |W32.Imaut.CO
|Spyware |autoexécution |Spyware.ScreenView
|Adware |injection |Adware.Searchtool
|Dialer |injection |Dialer.Cyberbill
|Adware |registre |Adware.Searchtool
|Worm |C:\WINDOWS\system32\msxml3.dll |W32.Mikbaland
|Trojan |C:\WINDOWS\system32\nwprovau.dll |Trojan.Killwma
|Dialer |injection |Dialer.Sexprovider
|Worm |C:\WINDOWS\system32\rshx32.dll |Downloader.Almanahe
|Adware |C:\WINDOWS\system32\SMMedia.dll |Adware.Searchtool
|Adware |C:\WINDOWS\system32\unrar.dll |Adware.LoveFreeGames
|Trojan |exécution caché |Trojan.Farfli
|Spyware |C:\WINDOWS\system32\wsock32.dll |Spyware.IEMonster.d
|Tracking Cookie|Web browser |01net
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1070995593
|Tracking Cookie|Web browser |123.jeuxvideo-flash
|Tracking Cookie|Web browser |247realmedia
|Tracking Cookie|Web browser |2o7
|Tracking Cookie|Web browser |3animalsex
|Tracking Cookie|Web browser |66.212.232
|Tracking Cookie|Web browser |a2dfp
|Tracking Cookie|Web browser |abmr
|Tracking Cookie|Web browser |acces-adulte
|Tracking Cookie|Web browser |ad.100-gen.tbn
|Tracking Cookie|Web browser |ad.100.tbn
|Tracking Cookie|Web browser |ad.120-gen.tbn
|Tracking Cookie|Web browser |ad.e240.tbn
|Tracking Cookie|Web browser |ad.ent.tbn
|Tracking Cookie|Web browser |ad.ett.tbn
|Tracking Cookie|Web browser |ad.gen.tbn
|Tracking Cookie|Web browser |ad.strict.tbn
|Tracking Cookie|Web browser |ad.text-ent.tbn
|Tracking Cookie|Web browser |ad.text.tbn
|Tracking Cookie|Web browser |ad.zanox
|Tracking Cookie|Web browser |adbrite
|Tracking Cookie|Web browser |adecn
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adriver
|Tracking Cookie|Web browser |ads-dev.youporn
|Tracking Cookie|Web browser |ads.128b
|Tracking Cookie|Web browser |ads.clicksor
|Tracking Cookie|Web browser |ads.pigsbrothers
|Tracking Cookie|Web browser |ads.pointroll
|Tracking Cookie|Web browser |ads.twenga
|Tracking Cookie|Web browser |adtech
|Tracking Cookie|Web browser |adultfriendfinder
|Tracking Cookie|Web browser |advertising.youdagames
|Tracking Cookie|Web browser |aimfar.solution.weborama
|Tracking Cookie|Web browser |alinea
|Tracking Cookie|Web browser |atraxio
|Tracking Cookie|Web browser |awesomesexblog
|Tracking Cookie|Web browser |bangbrosnetwork
|Tracking Cookie|Web browser |bestpaymentsolution
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bidvertiser
|Tracking Cookie|Web browser |bl137w.blu137.mail.live
|Tracking Cookie|Web browser |blogbang
|Tracking Cookie|Web browser |bnpparibasnet.solution.weborama
|Tracking Cookie|Web browser |bobtv
|Tracking Cookie|Web browser |booking
|Tracking Cookie|Web browser |bouchra91000.skyrock
|Tracking Cookie|Web browser |brandreachsys
|Tracking Cookie|Web browser |brazzersnetwork
|Tracking Cookie|Web browser |bs.serving-sys
|Tracking Cookie|Web browser |by102w.bay102.mail.live
|Tracking Cookie|Web browser |by103w.bay103.mail.live
|Tracking Cookie|Web browser |c.msn.co
|Tracking Cookie|Web browser |c.msn
|Tracking Cookie|Web browser |cendrillon75019.skyrock
|Tracking Cookie|Web browser |cetelem.solution.weborama
|Tracking Cookie|Web browser |cgi-bin
|Tracking Cookie|Web browser |chaina01.skyrock
|Tracking Cookie|Web browser |chaines2-c.free
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |click.32ads
|Tracking Cookie|Web browser |clickintext
|Tracking Cookie|Web browser |clicks.adengage
|Tracking Cookie|Web browser |clubic
|Tracking Cookie|Web browser |commentcamarche
|Tracking Cookie|Web browser |criteo
|Tracking Cookie|Web browser |cybermonitor
|Tracking Cookie|Web browser |dailymotion
|Tracking Cookie|Web browser |DCSh43pleXwn91CTTmXF47Qs5_4Z7X
|Tracking Cookie|Web browser |dcsv5srln00000kj0h3cxtx6u_3y9l
|Tracking Cookie|Web browser |diffusion
|Tracking Cookie|Web browser |directivepub
|Tracking Cookie|Web browser |dirtyc.skyrock
|Tracking Cookie|Web browser |domusparis
|Tracking Cookie|Web browser |edt02
|Tracking Cookie|Web browser |em.aveno
|Tracking Cookie|Web browser |emule-france
|Tracking Cookie|Web browser |en.maintds
|Tracking Cookie|Web browser |escro-13-o-15.skyrock
|Tracking Cookie|Web browser |estat
|Tracking Cookie|Web browser |etology
|Tracking Cookie|Web browser |exoclick
|Tracking Cookie|Web browser |ext.infos-du-net
|Tracking Cookie|Web browser |extrait-gratos
|Tracking Cookie|Web browser |facebook
|Tracking Cookie|Web browser |fbcdn
|Tracking Cookie|Web browser |fl01.ct2.comclick
|Tracking Cookie|Web browser |fling
|Tracking Cookie|Web browser |fnac
|Tracking Cookie|Web browser |fr.a2dfp
|Tracking Cookie|Web browser |fr.msn
|Tracking Cookie|Web browser |fr.virusremover2008
|Tracking Cookie|Web browser |freehotmovie
|Tracking Cookie|Web browser |free
|Tracking Cookie|Web browser |garnierpure.solution.weborama
|Tracking Cookie|Web browser |genhit
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |govoyages
|Tracking Cookie|Web browser |guesswatches
RAPPORT ( 3* ) HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:12:43, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [msn] c:\win\4.7\msn.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\al\LOCALS~1\Temp\video1019.cfg.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8d6ff5211f4942bd9ff558fec0deb4f1
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8d6ff5211f4942bd9ff558fec0deb4f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
- RESTAURER MON ORIDNATEUR A UNE DATE ANTERIEUR
- CREER UN POINT DE RESTAURATION.
j ai essayer de faire une restauration a une date anterieur ou je suis d avoir eu une config saine. mais l ordi n as pas pu la faire. il s eteignait chargé les parametere puis apres me disaitqu il pouvait pas ( j ai fait plusieur fois la manip sans succes )
apres ca j ais refait des scan avec AVIRA ANTIVIR PERSONAL - FREE ANTIVIRUS ( j ai une copie du rapport que je posterai ( 1* ), puis avec NOD 32 ANTIVIRUS ainsi que SPYBOT SEARCH ET DESTROY ( j ai le rapport aussi que je posterai ( 2*) ) et enfin par HIJACKTHIS ( rapport a la fin ). jvoudrais savoir si je suis encore sous la gene d un ou plusieur virus et si oui comment m en préserver. merci d avance pour le temps et l aide que l on apporte
PS : j espere que les rapport dont dans l ordre
RAPPORT ( 1* ) AVIRA ANTIVIR PERSONAL :
Avira AntiVir Personal
Report file date: dimanche 5 octobre 2008 02:07
Scanning for 1658825 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: C469AD818AB246E
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 20:25:26
ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 00:01:01
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 01/10/2008 20:25:38
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 01/10/2008 20:25:37
AEPACK.DLL : 8.1.2.3 364918 Bytes 01/10/2008 20:25:35
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 01/10/2008 20:25:34
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 01/10/2008 20:25:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 01/10/2008 20:25:30
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 01/10/2008 20:25:29
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/10/2008 20:25:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 5 octobre 2008 02:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'Reminder.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'TweakRAM.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SAV.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msn.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nod32kui.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nod32krn.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '65' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\al\Local Settings\Temp\a.exe
[DETECTION] Is the TR/Agent.87040.I Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\al\Local Settings\Temp\video1019.cfg
[DETECTION] Is the TR/Dldr.Agent.rzi Trojan
[NOTE] The file was deleted!
C:\Program Files\Eset\infected\3JLCLRBA.NQF
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Eset\infected\3JLCLRBA.NQF
[DETECTION] Is the TR/Dldr.FraudL.vaqw Trojan
[NOTE] The file was deleted!
C:\Program Files\SAV\SAV.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078391.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <Nouveau nom>
End of the scan: dimanche 5 octobre 2008 04:06
Used time: 1:59:10 Hour(s)
The scan has been done completely.
10673 Scanning directories
393147 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
393141 Files not concerned
2254 Archives were scanned
2 Warnings
4 Notes
RAPPORT ( 2* ) SPYBOAT SEARCH AND DESTROY ( viruses.bdt ) :
|Spyware |C:\WINDOWS\system32\6to4svc.dll |Spyware.IEMonster.d
|Trojan |C:\WINDOWS\system32\camocx.dll |Trojan.Pirlames
|Backdoor |C:\WINDOWS\system32\DBmsLPCn.dll |Backdoor.Lifefournow
|Worm |injection |W32.Imaut.CO
|Spyware |autoexécution |Spyware.ScreenView
|Adware |injection |Adware.Searchtool
|Dialer |injection |Dialer.Cyberbill
|Adware |registre |Adware.Searchtool
|Worm |C:\WINDOWS\system32\msxml3.dll |W32.Mikbaland
|Trojan |C:\WINDOWS\system32\nwprovau.dll |Trojan.Killwma
|Dialer |injection |Dialer.Sexprovider
|Worm |C:\WINDOWS\system32\rshx32.dll |Downloader.Almanahe
|Adware |C:\WINDOWS\system32\SMMedia.dll |Adware.Searchtool
|Adware |C:\WINDOWS\system32\unrar.dll |Adware.LoveFreeGames
|Trojan |exécution caché |Trojan.Farfli
|Spyware |C:\WINDOWS\system32\wsock32.dll |Spyware.IEMonster.d
|Tracking Cookie|Web browser |01net
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1070995593
|Tracking Cookie|Web browser |123.jeuxvideo-flash
|Tracking Cookie|Web browser |247realmedia
|Tracking Cookie|Web browser |2o7
|Tracking Cookie|Web browser |3animalsex
|Tracking Cookie|Web browser |66.212.232
|Tracking Cookie|Web browser |a2dfp
|Tracking Cookie|Web browser |abmr
|Tracking Cookie|Web browser |acces-adulte
|Tracking Cookie|Web browser |ad.100-gen.tbn
|Tracking Cookie|Web browser |ad.100.tbn
|Tracking Cookie|Web browser |ad.120-gen.tbn
|Tracking Cookie|Web browser |ad.e240.tbn
|Tracking Cookie|Web browser |ad.ent.tbn
|Tracking Cookie|Web browser |ad.ett.tbn
|Tracking Cookie|Web browser |ad.gen.tbn
|Tracking Cookie|Web browser |ad.strict.tbn
|Tracking Cookie|Web browser |ad.text-ent.tbn
|Tracking Cookie|Web browser |ad.text.tbn
|Tracking Cookie|Web browser |ad.zanox
|Tracking Cookie|Web browser |adbrite
|Tracking Cookie|Web browser |adecn
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adriver
|Tracking Cookie|Web browser |ads-dev.youporn
|Tracking Cookie|Web browser |ads.128b
|Tracking Cookie|Web browser |ads.clicksor
|Tracking Cookie|Web browser |ads.pigsbrothers
|Tracking Cookie|Web browser |ads.pointroll
|Tracking Cookie|Web browser |ads.twenga
|Tracking Cookie|Web browser |adtech
|Tracking Cookie|Web browser |adultfriendfinder
|Tracking Cookie|Web browser |advertising.youdagames
|Tracking Cookie|Web browser |aimfar.solution.weborama
|Tracking Cookie|Web browser |alinea
|Tracking Cookie|Web browser |atraxio
|Tracking Cookie|Web browser |awesomesexblog
|Tracking Cookie|Web browser |bangbrosnetwork
|Tracking Cookie|Web browser |bestpaymentsolution
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bidvertiser
|Tracking Cookie|Web browser |bl137w.blu137.mail.live
|Tracking Cookie|Web browser |blogbang
|Tracking Cookie|Web browser |bnpparibasnet.solution.weborama
|Tracking Cookie|Web browser |bobtv
|Tracking Cookie|Web browser |booking
|Tracking Cookie|Web browser |bouchra91000.skyrock
|Tracking Cookie|Web browser |brandreachsys
|Tracking Cookie|Web browser |brazzersnetwork
|Tracking Cookie|Web browser |bs.serving-sys
|Tracking Cookie|Web browser |by102w.bay102.mail.live
|Tracking Cookie|Web browser |by103w.bay103.mail.live
|Tracking Cookie|Web browser |c.msn.co
|Tracking Cookie|Web browser |c.msn
|Tracking Cookie|Web browser |cendrillon75019.skyrock
|Tracking Cookie|Web browser |cetelem.solution.weborama
|Tracking Cookie|Web browser |cgi-bin
|Tracking Cookie|Web browser |chaina01.skyrock
|Tracking Cookie|Web browser |chaines2-c.free
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |click.32ads
|Tracking Cookie|Web browser |clickintext
|Tracking Cookie|Web browser |clicks.adengage
|Tracking Cookie|Web browser |clubic
|Tracking Cookie|Web browser |commentcamarche
|Tracking Cookie|Web browser |criteo
|Tracking Cookie|Web browser |cybermonitor
|Tracking Cookie|Web browser |dailymotion
|Tracking Cookie|Web browser |DCSh43pleXwn91CTTmXF47Qs5_4Z7X
|Tracking Cookie|Web browser |dcsv5srln00000kj0h3cxtx6u_3y9l
|Tracking Cookie|Web browser |diffusion
|Tracking Cookie|Web browser |directivepub
|Tracking Cookie|Web browser |dirtyc.skyrock
|Tracking Cookie|Web browser |domusparis
|Tracking Cookie|Web browser |edt02
|Tracking Cookie|Web browser |em.aveno
|Tracking Cookie|Web browser |emule-france
|Tracking Cookie|Web browser |en.maintds
|Tracking Cookie|Web browser |escro-13-o-15.skyrock
|Tracking Cookie|Web browser |estat
|Tracking Cookie|Web browser |etology
|Tracking Cookie|Web browser |exoclick
|Tracking Cookie|Web browser |ext.infos-du-net
|Tracking Cookie|Web browser |extrait-gratos
|Tracking Cookie|Web browser |facebook
|Tracking Cookie|Web browser |fbcdn
|Tracking Cookie|Web browser |fl01.ct2.comclick
|Tracking Cookie|Web browser |fling
|Tracking Cookie|Web browser |fnac
|Tracking Cookie|Web browser |fr.a2dfp
|Tracking Cookie|Web browser |fr.msn
|Tracking Cookie|Web browser |fr.virusremover2008
|Tracking Cookie|Web browser |freehotmovie
|Tracking Cookie|Web browser |free
|Tracking Cookie|Web browser |garnierpure.solution.weborama
|Tracking Cookie|Web browser |genhit
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |govoyages
|Tracking Cookie|Web browser |guesswatches
RAPPORT ( 3* ) HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:12:43, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [msn] c:\win\4.7\msn.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\al\LOCALS~1\Temp\video1019.cfg.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8d6ff5211f4942bd9ff558fec0deb4f1
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8d6ff5211f4942bd9ff558fec0deb4f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
MERCI A TOUS CEUX QUI M ONT REPONDU ! et surtout jorginho67. j ai suivi tes instuctions et le bouclier rouge avec la crois blanche " you have a security problem " a disparue ainsi que tout les fenetres de pub pour antivirus. par contre j ai toujours ma barre d outils et de demarrage grise comme si j etais en sous Win95 ou Win98. j ai essayé la restauration du syteme mais ca me proposait 2 choix :
- RESTAURER MON ORIDNATEUR A UNE DATE ANTERIEUR
- CREER UN POINT DE RESTAURATION.
j ai essayer de faire une restauration a une date anterieur ou je suis d avoir eu une config saine. mais l ordi n as pas pu la faire. il s eteignait chargé les parametere puis apres me disaitqu il pouvait pas ( j ai fait plusieur fois la manip sans succes )
apres ca j ais refait des scan avec AVIRA ANTIVIR PERSONAL - FREE ANTIVIRUS ( j ai une copie du rapport que je posterai ( 1* ), puis avec NOD 32 ANTIVIRUS ainsi que SPYBOT SEARCH ET DESTROY ( j ai le rapport aussi que je posterai ( 2*) ) et enfin par HIJACKTHIS ( rapport a la fin ). jvoudrais savoir si je suis encore sous la gene d un ou plusieur virus et si oui comment m en préserver. merci d avance pour le temps et l aide que l on apporte
PS : j espere que les rapport dont dans l ordre
RAPPORT ( 1* ) AVIRA ANTIVIR PERSONAL :
Avira AntiVir Personal
Report file date: dimanche 5 octobre 2008 02:07
Scanning for 1658825 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: C469AD818AB246E
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 20:25:26
ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 00:01:01
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 01/10/2008 20:25:38
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 01/10/2008 20:25:37
AEPACK.DLL : 8.1.2.3 364918 Bytes 01/10/2008 20:25:35
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 01/10/2008 20:25:34
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 01/10/2008 20:25:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 01/10/2008 20:25:30
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 01/10/2008 20:25:29
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/10/2008 20:25:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 5 octobre 2008 02:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'Reminder.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'TweakRAM.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SAV.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msn.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nod32kui.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nod32krn.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '65' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\al\Local Settings\Temp\a.exe
[DETECTION] Is the TR/Agent.87040.I Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\al\Local Settings\Temp\video1019.cfg
[DETECTION] Is the TR/Dldr.Agent.rzi Trojan
[NOTE] The file was deleted!
C:\Program Files\Eset\infected\3JLCLRBA.NQF
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Eset\infected\3JLCLRBA.NQF
[DETECTION] Is the TR/Dldr.FraudL.vaqw Trojan
[NOTE] The file was deleted!
C:\Program Files\SAV\SAV.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078391.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <Nouveau nom>
End of the scan: dimanche 5 octobre 2008 04:06
Used time: 1:59:10 Hour(s)
The scan has been done completely.
10673 Scanning directories
393147 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
393141 Files not concerned
2254 Archives were scanned
2 Warnings
4 Notes
RAPPORT ( 2* ) SPYBOAT SEARCH AND DESTROY ( viruses.bdt ) :
|Spyware |C:\WINDOWS\system32\6to4svc.dll |Spyware.IEMonster.d
|Trojan |C:\WINDOWS\system32\camocx.dll |Trojan.Pirlames
|Backdoor |C:\WINDOWS\system32\DBmsLPCn.dll |Backdoor.Lifefournow
|Worm |injection |W32.Imaut.CO
|Spyware |autoexécution |Spyware.ScreenView
|Adware |injection |Adware.Searchtool
|Dialer |injection |Dialer.Cyberbill
|Adware |registre |Adware.Searchtool
|Worm |C:\WINDOWS\system32\msxml3.dll |W32.Mikbaland
|Trojan |C:\WINDOWS\system32\nwprovau.dll |Trojan.Killwma
|Dialer |injection |Dialer.Sexprovider
|Worm |C:\WINDOWS\system32\rshx32.dll |Downloader.Almanahe
|Adware |C:\WINDOWS\system32\SMMedia.dll |Adware.Searchtool
|Adware |C:\WINDOWS\system32\unrar.dll |Adware.LoveFreeGames
|Trojan |exécution caché |Trojan.Farfli
|Spyware |C:\WINDOWS\system32\wsock32.dll |Spyware.IEMonster.d
|Tracking Cookie|Web browser |01net
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1070995593
|Tracking Cookie|Web browser |123.jeuxvideo-flash
|Tracking Cookie|Web browser |247realmedia
|Tracking Cookie|Web browser |2o7
|Tracking Cookie|Web browser |3animalsex
|Tracking Cookie|Web browser |66.212.232
|Tracking Cookie|Web browser |a2dfp
|Tracking Cookie|Web browser |abmr
|Tracking Cookie|Web browser |acces-adulte
|Tracking Cookie|Web browser |ad.100-gen.tbn
|Tracking Cookie|Web browser |ad.100.tbn
|Tracking Cookie|Web browser |ad.120-gen.tbn
|Tracking Cookie|Web browser |ad.e240.tbn
|Tracking Cookie|Web browser |ad.ent.tbn
|Tracking Cookie|Web browser |ad.ett.tbn
|Tracking Cookie|Web browser |ad.gen.tbn
|Tracking Cookie|Web browser |ad.strict.tbn
|Tracking Cookie|Web browser |ad.text-ent.tbn
|Tracking Cookie|Web browser |ad.text.tbn
|Tracking Cookie|Web browser |ad.zanox
|Tracking Cookie|Web browser |adbrite
|Tracking Cookie|Web browser |adecn
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adriver
|Tracking Cookie|Web browser |ads-dev.youporn
|Tracking Cookie|Web browser |ads.128b
|Tracking Cookie|Web browser |ads.clicksor
|Tracking Cookie|Web browser |ads.pigsbrothers
|Tracking Cookie|Web browser |ads.pointroll
|Tracking Cookie|Web browser |ads.twenga
|Tracking Cookie|Web browser |adtech
|Tracking Cookie|Web browser |adultfriendfinder
|Tracking Cookie|Web browser |advertising.youdagames
|Tracking Cookie|Web browser |aimfar.solution.weborama
|Tracking Cookie|Web browser |alinea
|Tracking Cookie|Web browser |atraxio
|Tracking Cookie|Web browser |awesomesexblog
|Tracking Cookie|Web browser |bangbrosnetwork
|Tracking Cookie|Web browser |bestpaymentsolution
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bidvertiser
|Tracking Cookie|Web browser |bl137w.blu137.mail.live
|Tracking Cookie|Web browser |blogbang
|Tracking Cookie|Web browser |bnpparibasnet.solution.weborama
|Tracking Cookie|Web browser |bobtv
|Tracking Cookie|Web browser |booking
|Tracking Cookie|Web browser |bouchra91000.skyrock
|Tracking Cookie|Web browser |brandreachsys
|Tracking Cookie|Web browser |brazzersnetwork
|Tracking Cookie|Web browser |bs.serving-sys
|Tracking Cookie|Web browser |by102w.bay102.mail.live
|Tracking Cookie|Web browser |by103w.bay103.mail.live
|Tracking Cookie|Web browser |c.msn.co
|Tracking Cookie|Web browser |c.msn
|Tracking Cookie|Web browser |cendrillon75019.skyrock
|Tracking Cookie|Web browser |cetelem.solution.weborama
|Tracking Cookie|Web browser |cgi-bin
|Tracking Cookie|Web browser |chaina01.skyrock
|Tracking Cookie|Web browser |chaines2-c.free
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |click.32ads
|Tracking Cookie|Web browser |clickintext
|Tracking Cookie|Web browser |clicks.adengage
|Tracking Cookie|Web browser |clubic
|Tracking Cookie|Web browser |commentcamarche
|Tracking Cookie|Web browser |criteo
|Tracking Cookie|Web browser |cybermonitor
|Tracking Cookie|Web browser |dailymotion
|Tracking Cookie|Web browser |DCSh43pleXwn91CTTmXF47Qs5_4Z7X
|Tracking Cookie|Web browser |dcsv5srln00000kj0h3cxtx6u_3y9l
|Tracking Cookie|Web browser |diffusion
|Tracking Cookie|Web browser |directivepub
|Tracking Cookie|Web browser |dirtyc.skyrock
|Tracking Cookie|Web browser |domusparis
|Tracking Cookie|Web browser |edt02
|Tracking Cookie|Web browser |em.aveno
|Tracking Cookie|Web browser |emule-france
|Tracking Cookie|Web browser |en.maintds
|Tracking Cookie|Web browser |escro-13-o-15.skyrock
|Tracking Cookie|Web browser |estat
|Tracking Cookie|Web browser |etology
|Tracking Cookie|Web browser |exoclick
|Tracking Cookie|Web browser |ext.infos-du-net
|Tracking Cookie|Web browser |extrait-gratos
|Tracking Cookie|Web browser |facebook
|Tracking Cookie|Web browser |fbcdn
|Tracking Cookie|Web browser |fl01.ct2.comclick
|Tracking Cookie|Web browser |fling
|Tracking Cookie|Web browser |fnac
|Tracking Cookie|Web browser |fr.a2dfp
|Tracking Cookie|Web browser |fr.msn
|Tracking Cookie|Web browser |fr.virusremover2008
|Tracking Cookie|Web browser |freehotmovie
|Tracking Cookie|Web browser |free
|Tracking Cookie|Web browser |garnierpure.solution.weborama
|Tracking Cookie|Web browser |genhit
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |govoyages
|Tracking Cookie|Web browser |guesswatches
RAPPORT ( 3* ) HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:12:43, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [msn] c:\win\4.7\msn.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\al\LOCALS~1\Temp\video1019.cfg.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8d6ff5211f4942bd9ff558fec0deb4f1
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8d6ff5211f4942bd9ff558fec0deb4f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
- RESTAURER MON ORIDNATEUR A UNE DATE ANTERIEUR
- CREER UN POINT DE RESTAURATION.
j ai essayer de faire une restauration a une date anterieur ou je suis d avoir eu une config saine. mais l ordi n as pas pu la faire. il s eteignait chargé les parametere puis apres me disaitqu il pouvait pas ( j ai fait plusieur fois la manip sans succes )
apres ca j ais refait des scan avec AVIRA ANTIVIR PERSONAL - FREE ANTIVIRUS ( j ai une copie du rapport que je posterai ( 1* ), puis avec NOD 32 ANTIVIRUS ainsi que SPYBOT SEARCH ET DESTROY ( j ai le rapport aussi que je posterai ( 2*) ) et enfin par HIJACKTHIS ( rapport a la fin ). jvoudrais savoir si je suis encore sous la gene d un ou plusieur virus et si oui comment m en préserver. merci d avance pour le temps et l aide que l on apporte
PS : j espere que les rapport dont dans l ordre
RAPPORT ( 1* ) AVIRA ANTIVIR PERSONAL :
Avira AntiVir Personal
Report file date: dimanche 5 octobre 2008 02:07
Scanning for 1658825 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: C469AD818AB246E
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 20:25:26
ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 00:01:01
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 01/10/2008 20:25:38
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 01/10/2008 20:25:37
AEPACK.DLL : 8.1.2.3 364918 Bytes 01/10/2008 20:25:35
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 01/10/2008 20:25:34
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 01/10/2008 20:25:33
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 01/10/2008 20:25:30
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 01/10/2008 20:25:29
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 01/10/2008 20:25:28
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 5 octobre 2008 02:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'Reminder.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'UberIcon Manager.exe' - '1' Module(s) have been scanned
Scan process 'VisualTaskTips.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LClock.exe' - '1' Module(s) have been scanned
Scan process 'TweakRAM.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SAV.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'msn.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'PWRISOVM.EXE' - '1' Module(s) have been scanned
Scan process 'SMSTray.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'nod32kui.exe' - '1' Module(s) have been scanned
Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nod32krn.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '65' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\al\Local Settings\Temp\a.exe
[DETECTION] Is the TR/Agent.87040.I Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\al\Local Settings\Temp\video1019.cfg
[DETECTION] Is the TR/Dldr.Agent.rzi Trojan
[NOTE] The file was deleted!
C:\Program Files\Eset\infected\3JLCLRBA.NQF
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Program Files\Eset\infected\3JLCLRBA.NQF
[DETECTION] Is the TR/Dldr.FraudL.vaqw Trojan
[NOTE] The file was deleted!
C:\Program Files\SAV\SAV.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{451113E3-2C69-4D4F-983C-22C72566DD71}\RP510\A0078391.exe
[DETECTION] Is the TR/Vaklik.cnd Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\' <Nouveau nom>
End of the scan: dimanche 5 octobre 2008 04:06
Used time: 1:59:10 Hour(s)
The scan has been done completely.
10673 Scanning directories
393147 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
393141 Files not concerned
2254 Archives were scanned
2 Warnings
4 Notes
RAPPORT ( 2* ) SPYBOAT SEARCH AND DESTROY ( viruses.bdt ) :
|Spyware |C:\WINDOWS\system32\6to4svc.dll |Spyware.IEMonster.d
|Trojan |C:\WINDOWS\system32\camocx.dll |Trojan.Pirlames
|Backdoor |C:\WINDOWS\system32\DBmsLPCn.dll |Backdoor.Lifefournow
|Worm |injection |W32.Imaut.CO
|Spyware |autoexécution |Spyware.ScreenView
|Adware |injection |Adware.Searchtool
|Dialer |injection |Dialer.Cyberbill
|Adware |registre |Adware.Searchtool
|Worm |C:\WINDOWS\system32\msxml3.dll |W32.Mikbaland
|Trojan |C:\WINDOWS\system32\nwprovau.dll |Trojan.Killwma
|Dialer |injection |Dialer.Sexprovider
|Worm |C:\WINDOWS\system32\rshx32.dll |Downloader.Almanahe
|Adware |C:\WINDOWS\system32\SMMedia.dll |Adware.Searchtool
|Adware |C:\WINDOWS\system32\unrar.dll |Adware.LoveFreeGames
|Trojan |exécution caché |Trojan.Farfli
|Spyware |C:\WINDOWS\system32\wsock32.dll |Spyware.IEMonster.d
|Tracking Cookie|Web browser |01net
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1019
|Tracking Cookie|Web browser |1070995593
|Tracking Cookie|Web browser |123.jeuxvideo-flash
|Tracking Cookie|Web browser |247realmedia
|Tracking Cookie|Web browser |2o7
|Tracking Cookie|Web browser |3animalsex
|Tracking Cookie|Web browser |66.212.232
|Tracking Cookie|Web browser |a2dfp
|Tracking Cookie|Web browser |abmr
|Tracking Cookie|Web browser |acces-adulte
|Tracking Cookie|Web browser |ad.100-gen.tbn
|Tracking Cookie|Web browser |ad.100.tbn
|Tracking Cookie|Web browser |ad.120-gen.tbn
|Tracking Cookie|Web browser |ad.e240.tbn
|Tracking Cookie|Web browser |ad.ent.tbn
|Tracking Cookie|Web browser |ad.ett.tbn
|Tracking Cookie|Web browser |ad.gen.tbn
|Tracking Cookie|Web browser |ad.strict.tbn
|Tracking Cookie|Web browser |ad.text-ent.tbn
|Tracking Cookie|Web browser |ad.text.tbn
|Tracking Cookie|Web browser |ad.zanox
|Tracking Cookie|Web browser |adbrite
|Tracking Cookie|Web browser |adecn
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adopt.euroclick
|Tracking Cookie|Web browser |adriver
|Tracking Cookie|Web browser |ads-dev.youporn
|Tracking Cookie|Web browser |ads.128b
|Tracking Cookie|Web browser |ads.clicksor
|Tracking Cookie|Web browser |ads.pigsbrothers
|Tracking Cookie|Web browser |ads.pointroll
|Tracking Cookie|Web browser |ads.twenga
|Tracking Cookie|Web browser |adtech
|Tracking Cookie|Web browser |adultfriendfinder
|Tracking Cookie|Web browser |advertising.youdagames
|Tracking Cookie|Web browser |aimfar.solution.weborama
|Tracking Cookie|Web browser |alinea
|Tracking Cookie|Web browser |atraxio
|Tracking Cookie|Web browser |awesomesexblog
|Tracking Cookie|Web browser |bangbrosnetwork
|Tracking Cookie|Web browser |bestpaymentsolution
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bhv
|Tracking Cookie|Web browser |bidvertiser
|Tracking Cookie|Web browser |bl137w.blu137.mail.live
|Tracking Cookie|Web browser |blogbang
|Tracking Cookie|Web browser |bnpparibasnet.solution.weborama
|Tracking Cookie|Web browser |bobtv
|Tracking Cookie|Web browser |booking
|Tracking Cookie|Web browser |bouchra91000.skyrock
|Tracking Cookie|Web browser |brandreachsys
|Tracking Cookie|Web browser |brazzersnetwork
|Tracking Cookie|Web browser |bs.serving-sys
|Tracking Cookie|Web browser |by102w.bay102.mail.live
|Tracking Cookie|Web browser |by103w.bay103.mail.live
|Tracking Cookie|Web browser |c.msn.co
|Tracking Cookie|Web browser |c.msn
|Tracking Cookie|Web browser |cendrillon75019.skyrock
|Tracking Cookie|Web browser |cetelem.solution.weborama
|Tracking Cookie|Web browser |cgi-bin
|Tracking Cookie|Web browser |chaina01.skyrock
|Tracking Cookie|Web browser |chaines2-c.free
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |chat.tchatche
|Tracking Cookie|Web browser |click.32ads
|Tracking Cookie|Web browser |clickintext
|Tracking Cookie|Web browser |clicks.adengage
|Tracking Cookie|Web browser |clubic
|Tracking Cookie|Web browser |commentcamarche
|Tracking Cookie|Web browser |criteo
|Tracking Cookie|Web browser |cybermonitor
|Tracking Cookie|Web browser |dailymotion
|Tracking Cookie|Web browser |DCSh43pleXwn91CTTmXF47Qs5_4Z7X
|Tracking Cookie|Web browser |dcsv5srln00000kj0h3cxtx6u_3y9l
|Tracking Cookie|Web browser |diffusion
|Tracking Cookie|Web browser |directivepub
|Tracking Cookie|Web browser |dirtyc.skyrock
|Tracking Cookie|Web browser |domusparis
|Tracking Cookie|Web browser |edt02
|Tracking Cookie|Web browser |em.aveno
|Tracking Cookie|Web browser |emule-france
|Tracking Cookie|Web browser |en.maintds
|Tracking Cookie|Web browser |escro-13-o-15.skyrock
|Tracking Cookie|Web browser |estat
|Tracking Cookie|Web browser |etology
|Tracking Cookie|Web browser |exoclick
|Tracking Cookie|Web browser |ext.infos-du-net
|Tracking Cookie|Web browser |extrait-gratos
|Tracking Cookie|Web browser |facebook
|Tracking Cookie|Web browser |fbcdn
|Tracking Cookie|Web browser |fl01.ct2.comclick
|Tracking Cookie|Web browser |fling
|Tracking Cookie|Web browser |fnac
|Tracking Cookie|Web browser |fr.a2dfp
|Tracking Cookie|Web browser |fr.msn
|Tracking Cookie|Web browser |fr.virusremover2008
|Tracking Cookie|Web browser |freehotmovie
|Tracking Cookie|Web browser |free
|Tracking Cookie|Web browser |garnierpure.solution.weborama
|Tracking Cookie|Web browser |genhit
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |google
|Tracking Cookie|Web browser |govoyages
|Tracking Cookie|Web browser |guesswatches
RAPPORT ( 3* ) HIJACKTHIS :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:12:43, on 05/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Azureus\Azureus.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [msn] c:\win\4.7\msn.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [MSFox] C:\DOCUME~1\al\LOCALS~1\Temp\video1019.cfg.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?8d6ff5211f4942bd9ff558fec0deb4f1
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?8d6ff5211f4942bd9ff558fec0deb4f1
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Program Files\CDPoker\casino.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://www.visiogood.com/jalss/cfweb_activex.camfrogweb.com-advanced-2.0.2.20_instmodule.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O4 - HKLM\..\Run: [ANTIVIRUS] C:\Program Files\SAV\sav.exe <= encore une ifection qui traine !
Télécharge SmitfraudFix
Utilitaire de S!Ri: Moe et balltrap34
Installe le à la racine de C : tuto d'utilisation
Double clique sur l'exe pour le décompresser et lancer le fix.
Utilisation option 1 Recherche :
Double clique sur smitfraudfix.cmd
Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
Ne fais rien d'autre sans notre avis
Copie/colle le RAPPORT sur ta prochaine réponse sur ce post stp.
Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
@+
Télécharge SmitfraudFix
Utilitaire de S!Ri: Moe et balltrap34
Installe le à la racine de C : tuto d'utilisation
Double clique sur l'exe pour le décompresser et lancer le fix.
Utilisation option 1 Recherche :
Double clique sur smitfraudfix.cmd
Sélectionne 1 pour créer un rapport des fichiers responsables de l'infection.
Ne fais rien d'autre sans notre avis
Copie/colle le RAPPORT sur ta prochaine réponse sur ce post stp.
Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
@+
MERCI jorginho67, j ai telecharger et exécuté SmitfraudFix comme il l est expliqué sur le tuto d utilisation que tu m as founi. VOICI LE RAPPORT :
SmitFraudFix v2.356
Rapport fait à 16:52:28,69, 07/10/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\al
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\al\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\al\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\sav\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{21A9D663-A61A-4EBE-97F5-50AA246B2217}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FD90BB57-824F-469F-A83E-460E703C7E73}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{21A9D663-A61A-4EBE-97F5-50AA246B2217}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FD90BB57-824F-469F-A83E-460E703C7E73}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
desolé pour la lenteur de mes reponse mais j ai été absent ces derniers temps pour des raisons tres impportantes. en esperant que ca ne t as pas enlever l envi de m aider. desormais dans l attente de ta reponse. merci d avance
SmitFraudFix v2.356
Rapport fait à 16:52:28,69, 07/10/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\al
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\al\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\al\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\sav\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{21A9D663-A61A-4EBE-97F5-50AA246B2217}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FD90BB57-824F-469F-A83E-460E703C7E73}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{21A9D663-A61A-4EBE-97F5-50AA246B2217}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FD90BB57-824F-469F-A83E-460E703C7E73}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
desolé pour la lenteur de mes reponse mais j ai été absent ces derniers temps pour des raisons tres impportantes. en esperant que ca ne t as pas enlever l envi de m aider. desormais dans l attente de ta reponse. merci d avance
MERCI jorginho67, j ai telecharger et exécuté SmitfraudFix comme il l est expliqué sur le tuto d utilisation que tu m as founi. VOICI LE RAPPORT :
SmitFraudFix v2.356
Rapport fait à 16:52:28,69, 07/10/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\al
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\al\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\al\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\sav\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{21A9D663-A61A-4EBE-97F5-50AA246B2217}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FD90BB57-824F-469F-A83E-460E703C7E73}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{21A9D663-A61A-4EBE-97F5-50AA246B2217}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FD90BB57-824F-469F-A83E-460E703C7E73}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
desolé pour la lenteur de mes reponse mais j ai été absent ces derniers temps pour des raisons tres impportantes. en esperant que ca ne t as pas enlever l envi de m aider. desormais dans l attente de ta reponse. merci d avance
SmitFraudFix v2.356
Rapport fait à 16:52:28,69, 07/10/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\win\4.7\msn.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroym\TeaTimer.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
Fichier hosts corrompu !
127.0.0.1 mpa.one.microsoft.com
127.0.0.1 www.legal-at-spybot.info
127.0.0.1 legal-at-spybot.info
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\al
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\al\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\al\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\sav\ PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Miniport de pont MAC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.240
DNS Server Search Order: 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{21A9D663-A61A-4EBE-97F5-50AA246B2217}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CCS\Services\Tcpip\..\{FD90BB57-824F-469F-A83E-460E703C7E73}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{21A9D663-A61A-4EBE-97F5-50AA246B2217}: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FD90BB57-824F-469F-A83E-460E703C7E73}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.240 212.27.40.241
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
desolé pour la lenteur de mes reponse mais j ai été absent ces derniers temps pour des raisons tres impportantes. en esperant que ca ne t as pas enlever l envi de m aider. desormais dans l attente de ta reponse. merci d avance
Bien joué... Mais évite de poster 15 fois la même chose ;-)
Une fois suffit, je suis averti de ta réponse.
On continue !
Option 2
Redémarre en mode sans échec :
Pour cela, tapotes la touche F8 (Si F8 ne marche pas utilise la touche F5).
dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
comment demarrer en mode sans echec en images
Une fois suffit, je suis averti de ta réponse.
On continue !
Option 2
Redémarre en mode sans échec :
Pour cela, tapotes la touche F8 (Si F8 ne marche pas utilise la touche F5).
dès le début de l’allumage du pc sans t’arrêter.
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
comment demarrer en mode sans echec en images
