Infection par antivirus XP 2008 (RESOLU)

[Apollo]

Il ne voit rien.

 

Il faudra donc installer Antivir, le mettre à jour et lancer l'analyse complète.

 

Donne le rapport ensuite stp.

 

@+ tard.

[stef44]

Antivir est installé et le rapport de scan est le suivant :

 

 

 

Avira AntiVir Personal

Report file date: jeudi 14 août 2008 14:35

 

Scanning for 1552011 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: PAUCHET

Computer name: ACER-BBF60584A3

 

Version information:

BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16

ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 12:07:30

ANTIVIR3.VDF : 7.0.6.14 11776 Bytes 14/08/2008 12:07:30

Engineversion : 8.1.1.19

AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:52

AESCRIPT.DLL : 8.1.0.63 311673 Bytes 14/08/2008 12:07:48

AESCN.DLL : 8.1.0.23 119156 Bytes 14/08/2008 12:07:46

AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:52

AEPACK.DLL : 8.1.2.1 364917 Bytes 14/08/2008 12:07:44

AEOFFICE.DLL : 8.1.0.21 192891 Bytes 14/08/2008 12:07:42

AEHEUR.DLL : 8.1.0.47 1368437 Bytes 14/08/2008 12:07:38

AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:52

AEGEN.DLL : 8.1.0.35 315764 Bytes 14/08/2008 12:07:34

AEEMU.DLL : 8.1.0.7 430452 Bytes 14/08/2008 12:07:32

AECORE.DLL : 8.1.1.8 172406 Bytes 14/08/2008 12:07:32

AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02

AVREP.DLL : 8.0.0.2 98344 Bytes 14/08/2008 12:07:32

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: repair

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: jeudi 14 août 2008 14:35

 

Starting search for hidden objects.

'41415' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avconfig.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'ALG.EXE' - '1' Module(s) have been scanned

Scan process 'CALMAIN.EXE' - '1' Module(s) have been scanned

Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned

Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned

Scan process 'grmhkjyf.exe' - '1' Module(s) have been scanned

Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned

Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned

Scan process 'SFAgent.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned

Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned

Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned

Scan process 'SP_RSSER.EXE' - '1' Module(s) have been scanned

Scan process 'SFUS.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned

Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned

Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned

Scan process 'SMSS.EXE' - '1' Module(s) have been scanned

38 processes with 38 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '60' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <ACER>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\ARK4.tmp

[DETECTION] Is the TR/Vundo.ffs.21 Trojan

[NOTE] A backup was created as '48ef2743.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4a94d454.qua' ( QUARANTINE )

C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP671\A0139058.dll

[DETECTION] Is the TR/Inject.34688 Trojan

[NOTE] A backup was created as '48d52d9d.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '48d52d9f.qua' ( QUARANTINE )

C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP671\A0139062.exe

[DETECTION] Is the TR/Fakealert.CP Trojan

[NOTE] A backup was created as '48d52da0.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '48d52da1.qua' ( QUARANTINE )

C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP671\A0139067.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] A backup was created as '48d52da5.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4a575f86.qua' ( QUARANTINE )

C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP671\A0139117.DLL

[DETECTION] Is the TR/Monder.fdn Trojan

[NOTE] A backup was created as '48d52da7.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '48d52da9.qua' ( QUARANTINE )

C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP673\A0139198.dll

[DETECTION] Is the TR/Inject.34688 Trojan

[NOTE] A backup was created as '48d52dac.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4a575f8d.qua' ( QUARANTINE )

C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP673\A0139242.dll

[DETECTION] Is the TR/Inject.34688 Trojan

[NOTE] A backup was created as '48d52dad.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4a565f8e.qua' ( QUARANTINE )

C:\System Volume Information\_restore{C088B59D-00E1-4866-9985-462F55916981}\RP674\A0139444.exe

[DETECTION] Is the TR/Dldr.Agent.aaar Trojan

[NOTE] A backup was created as '48d52db3.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '48d52db5.qua' ( QUARANTINE )

C:\SDFix\backups\backups.zip

[0] Archive type: ZIP

--> backups/ddcCRJdB.dll

[DETECTION] Is the TR/Inject.34688 Trojan

[NOTE] A backup was created as '49072e0f.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '49072e11.qua' ( QUARANTINE )

C:\_OTMoveIt\MovedFiles\08142008_123358\windows\system32\bcbenyji.exe

[DETECTION] Is the TR/Downloader.Gen Trojan

[NOTE] A backup was created as '49062e15.qua' ( QUARANTINE )

[NOTE] Attempting to perform action using the ARK lib.

[NOTE] A backup was created as '4b83af76.qua' ( QUARANTINE )

Begin scan in 'D:\' <ACERDATA>

 

 

End of the scan: jeudi 14 août 2008 15:06

Used time: 30:20 Minute(s)

 

The scan has been done completely.

 

5123 Scanning directories

324238 Files were scanned

10 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

20 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

324226 Files not concerned

6926 Archives were scanned

2 Warnings

10 Notes

41415 Objects were scanned with rootkit scan

0 Hidden objects were found

[Apollo]

Re,

 

"Légèrement" plus performant qu'avast non?

 

Poste un nouveau log Hijackthis stp.

[stef44]

En effet, y'a pas photo.

 

Sinon voici le rapport HiJack :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:29:55, on 14/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\grmhkjyf.exe

C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7EDD07C3-716C-4ED8-92A0-1A8F29C028ED} - C:\WINDOWS\system32\tuvSkLcY.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: {ce3bab1e-b972-a6b9-51c4-d1b22756d8db} - {bd8d6572-2b1d-4c15-9b6a-279be1bab3ec} - C:\WINDOWS\system32\pvvhss.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\fmlwphwg.dll",b

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MntChkSys] C:\WINDOWS\system32\grmhkjyf.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: EPM-DM.exe

O4 - Startup: .security

O4 - Global Startup: .security

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab

O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab

O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

End of file - 8087 bytes

[Apollo]

Lances Hijackthis en "Do a system Scan Only" et coche les cases devant les lignes suivantes:

 

O2 - BHO: (no name) - {7EDD07C3-716C-4ED8-92A0-1A8F29C028ED} - C:\WINDOWS\system32\tuvSkLcY.dll (file missing)

O2 - BHO: {ce3bab1e-b972-a6b9-51c4-d1b22756d8db} - {bd8d6572-2b1d-4c15-9b6a-279be1bab3ec} - C:\WINDOWS\system32\pvvhss.dll

O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\fmlwphwg.dll",b

O4 - Startup: .security

O4 - Global Startup: .security

 

Ferme les applications dont le navigateur et clique sur Fix Checked.

 

Télécharger OTMoveIt2 par OldTimer.

• Enregistrer ce fichier sur le Bureau.
  
• Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).
  
• Copier les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):
  

  c:\windows\system32\tuvsklcy.dll
  c:\windows\system32\pvvhss.dll
  c:\windows\system32\fmlwphwg.dll

  
  

• Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone de gauche intitulée "Paste List Of Files/Folders to Move" (sous la barre jaune) puis choisir Coller.
  
• Cliquer sur le bouton rouge Moveit!.
  
• Fermer OTMoveIt2
  
• Envoyer en réponse le rapport de OTMoveIt2 (contenu du fichier SystemDrive\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
  [systemDrive représente la partition sur laquelle est installé le système, généralement C:]
  

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire pour permettre de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes.

 

Refais un nouveau log Hijackthis après tout ça stp.

 

@+

[stef44]

Je viens d'exécuter la procédure et les rapports de OTMoveIt2 et HiJack sont les suivants:

 

PS : aucun redémarrage machine demandé.

 

File/Folder c:\windows\system32\tuvsklcy.dll not found.

DllUnregisterServer procedure not found in c:\windows\system32\pvvhss.dll

c:\windows\system32\pvvhss.dll NOT unregistered.

c:\windows\system32\pvvhss.dll moved successfully.

DllUnregisterServer procedure not found in c:\windows\system32\fmlwphwg.dll

c:\windows\system32\fmlwphwg.dll NOT unregistered.

c:\windows\system32\fmlwphwg.dll moved successfully.

 

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08142008_195004

 

 

----------------------------------------------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:50:59, on 14/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\grmhkjyf.exe

C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\PAUCHET\Bureau\OTMoveIt2.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7EDD07C3-716C-4ED8-92A0-1A8F29C028ED} - C:\WINDOWS\system32\tuvSkLcY.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MntChkSys] C:\WINDOWS\system32\grmhkjyf.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: EPM-DM.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab

O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab

O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

End of file - 7848 bytes

[Apollo]

Stp rends- toi sur cette page afin de télécharger Winreg5.reg

 

> http://www.sendspace.com/file/h7tx0p

pour cela, clique sur le lien en bas de page > Download Link: Winreg5.reg et enregistre-le sur le bureau.

 

Il ressemblera à ceci:

 

Double-clique sur ce fichier et accepte la fusion dans le registre; cela dure une fraction de seconde.

*** Sous VISTA: clic droit/exécuter en temps qu'administrateur***

 

Tu peux ensuite mettre le fichier Winreg5 à la corbeille et vider celle-ci.

 

Redémarre le pc et poste un nouveau log Hijackthis stp.

++

[stef44]

Donc après effectué la manip précédente et redémarré le PC, voicile nouveau rapport HiJack :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:37:03, on 14/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe

C:\Program Files\SPAMfighter\SFAgent.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\grmhkjyf.exe

C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Démarrage\EPM-DM.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\SPAMfighter\sfus.exe

C:\Program Files\Spyware Terminator\sp_rsser.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S85.tmp" /EF "HKLM"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKLM\..\Run: [sPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MntChkSys] C:\WINDOWS\system32\grmhkjyf.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: EPM-DM.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - (no file)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_0.cab

O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab

O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} (PhotoBox uploader) - http://www.photoways.com/assets/aurigma/ImageUploader4.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

 

--

End of file - 7625 bytes

[Apollo]

Re,

 

Si tu ne te sers pas de Boonty désinstalle-le.

 

ToolsCleaner2 est téléchargeable à l'adresse suivante :

 

>>> http://pc-system.fr/TC/ToolsCleaner2.exe

 

 

1°) Double cliquez dessus à l'endroit où vous l'avez téléchargé

***Sous Vista : Clic droit/exécuter en temps qu'administrateur.***

 

2°) Une fois la fenêtre de l'application ouverte, cliquer sur " Recherche " soyez patient un moment le temps qu'il travaille...

 

3°) Lorsque la recherche est terminée ToolsCleaner affiche une liste des différents outils trouvés, cliquez sur "Suppression" afin de les supprimer.

Fermez le programme en cliquant sur "Quitter ".

 

Postez le rapport qui se trouve ici >>> C:\TCleaner.txt

 

Options facultatives

 

A utiliser si vous le souhaitez :

 

Création d'un nouveau point de restauration (conseillé)

Vidage de la corbeille

Nettoyage de vos fichiers temporaires

 

Fais un scan en ligne pour dernière vérification:

 

Assure toi que la console Java est bien la plus récente; pour le savoir rends-toi sur cette page et clique sur Vérifier la version de Java -> http://www.java.com/fr/download/installed.jsp -> Il te sera indiqué si tu dois installer la dernière version.

 

TUTO: http://www.vista-xp.fr/forum/topic109.html

 

• Fais un scan en ligne Kaspersky
  
• Clique sur Accept
  
• Patiente le temps d'installation du Webscanner.
  
• Les bases de mises à jour vont s'installer, patiente un moment
  
• Clique sur Next.
  
• Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
  

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

@++

[stef44]

Salut,

 

Le scan Kapersky est en cours.

 

Sinon, je t'envoie le rapport de ToolsCleaner :

 

-->- Recherche:

 

C:\SDFIX: trouvé !

C:\Lop SD: trouvé !

C:\_OtMoveIt: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !

C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Lop S&D: trouvé !

C:\Documents and Settings\PAUCHET\Bureau\SdFix.exe: trouvé !

C:\Documents and Settings\PAUCHET\Bureau\HijackThis.lnk: trouvé !

C:\Documents and Settings\PAUCHET\Bureau\Lop S&D.lnk: trouvé !

C:\Documents and Settings\PAUCHET\Bureau\LopSD.exe: trouvé !

C:\Documents and Settings\PAUCHET\Bureau\OtMoveIt2.exe: trouvé !

C:\Documents and Settings\PAUCHET\Bureau\HJTInstall.exe: trouvé !

C:\Documents and Settings\PAUCHET\Bureau\SmitFraudFix.exe: trouvé !

C:\Documents and Settings\PAUCHET\Bureau\SmitFraudfix: trouvé !

C:\Program Files\Trend Micro\HijackThis: trouvé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

C:\Lop SD\Lop S&D.lnk: trouvé !

 

---------------------------------

-->- Suppression:

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !

C:\Documents and Settings\PAUCHET\Bureau\SdFix.exe: supprimé !

C:\Documents and Settings\PAUCHET\Bureau\HijackThis.lnk: supprimé !

C:\Documents and Settings\PAUCHET\Bureau\Lop S&D.lnk: supprimé !

C:\Documents and Settings\PAUCHET\Bureau\LopSD.exe: supprimé !

C:\Documents and Settings\PAUCHET\Bureau\OtMoveIt2.exe: supprimé !

C:\Documents and Settings\PAUCHET\Bureau\HJTInstall.exe: supprimé !

C:\Documents and Settings\PAUCHET\Bureau\SmitFraudFix.exe: supprimé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !

C:\Lop SD\Lop S&D.lnk: supprimé !

C:\SDFIX: supprimé !

C:\Lop SD: supprimé !

C:\_OtMoveIt: supprimé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !

C:\Documents and Settings\PAUCHET\Menu Démarrer\Programmes\Lop S&D: supprimé !

C:\Documents and Settings\PAUCHET\Bureau\SmitFraudfix: supprimé !

C:\Program Files\Trend Micro\HijackThis: supprimé !

 

Point de restauration crée !

Corbeille vidée!

Fichiers temporaires nettoyés !

Modifié le 15 août 2008 par stef44