Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Résolu :-) PC infecté je sais pas quoi faire Résolu :-)

Delf

Par Delf
dans Analyses et éradication malwares

 Partager

Messages recommandés

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ca ne m'embête pas du tout. :P

 

Le logiciel qui suit n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.

Ne pas utiliser en dehors de ce cas de figure ou seul : dangereux.

 

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).

  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  • Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).

Delf Member

Delf

Posté(e)
  • Auteur
Posté(e)

ComboFix 08-11-02.05 - Administrateur 2008-11-03 21:29:02.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.585 [GMT 1:00]

Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe

* Un nouveau point de restauration a été créé

.

Les fichiers ci-dessous ont été désactivés pendant l'exécution:

c:\program files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll

 

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\ieupdates.exe.tmp

 

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_BOONTY_GAMES

-------\Service_Boonty Games

 

 

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-03 au 2008-11-03 ))))))))))))))))))))))))))))))))))))

.

 

2008-11-03 18:50 . 2008-11-03 18:50 <REP> d-------- C:\rsit

2008-11-03 15:24 . 2008-11-03 16:37 <REP> d-------- C:\ToolBar SD

2008-11-03 09:22 . 2008-11-03 09:22 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-03 09:22 . 2008-11-03 09:22 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

2008-11-03 09:22 . 2008-11-03 09:22 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes

2008-11-03 09:22 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-03 09:22 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-10-24 15:17 . 2008-10-15 17:35 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll

2008-10-22 12:42 . 2008-10-22 12:42 <REP> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)

2008-10-22 12:42 . 2008-10-22 12:42 <REP> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)

2008-10-21 11:53 . 2008-10-21 11:53 <REP> d-------- c:\windows\system32\fr

2008-10-21 11:53 . 2008-10-21 11:53 <REP> d-------- c:\windows\system32\bits

2008-10-21 11:53 . 2008-10-21 11:53 <REP> d-------- c:\windows\l2schemas

2008-10-21 05:10 . 2008-04-14 03:33 1,306,624 --------- c:\windows\system32\msxml6.dll

2008-10-21 05:09 . 2008-04-14 03:33 651,264 --------- c:\windows\system32\dot3ui.dll

2008-10-16 11:02 . 2008-08-14 14:23 2,191,232 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe

2008-10-16 11:02 . 2008-08-14 14:23 2,147,328 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe

2008-10-16 11:02 . 2008-08-14 14:23 2,068,096 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe

2008-10-16 11:02 . 2008-08-14 14:23 2,025,984 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe

2008-10-16 11:02 . 2008-09-15 16:26 1,846,528 -----c--- c:\windows\system32\dllcache\win32k.sys

2008-10-16 11:02 . 2008-09-08 11:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-03 19:40 --------- d-----w c:\program files\eMule

2008-11-03 10:23 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-11-03 10:22 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2008-10-29 14:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help

2008-10-21 11:08 --------- d-----w c:\program files\MSN Messenger

2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys

2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys

2008-09-03 16:34 --------- d-----w c:\documents and settings\Administrateur\Application Data\Petroglyph

2008-09-03 16:32 107,888 ----a-w c:\windows\system32\CmdLineExt.dll

2008-09-03 16:22 --------- d--h--w c:\program files\InstallShield Installation Information

2008-09-03 15:33 --------- d-----w c:\program files\Microsoft Works

2008-09-03 15:32 --------- d-----w c:\program files\MSBuild

2008-08-26 08:11 826,368 ----a-w c:\windows\system32\wininet.dll

2008-08-14 13:23 2,191,232 ----a-w c:\windows\system32\ntoskrnl.exe

2008-08-14 13:23 2,068,096 ----a-w c:\windows\system32\ntkrnlpa.exe

.

 

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-03-27 173368]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]

2008-03-27 13:12 1164600 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 1164600]

 

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]

[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]

[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"TomTomHOME.exe"="d:\logiciels & drivers\tomtom GO\TomTomHOME.exe" [2007-05-15 3975848]

"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 111928]

"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928]

"LogitechCommunicationsManager"="c:\program files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

"nwiz"="nwiz.exe" [2007-06-28 c:\windows\system32\nwiz.exe]

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk

backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2006-01-12 14:40 155648 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService]

--a------ 2004-06-11 10:15 83968 c:\windows\system32\nvraidservice.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

--a------ 2005-05-17 17:48 77824 c:\windows\SOUNDMAN.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"d:\\mes documents\\jeux dede\\star wars\\GameData\\sweaw.exe"=

"d:\\mes documents\\jeux dede\\star wars\\swfoc.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

 

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-19 78416]

R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [2008-03-21 78848]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

S2 NeroNET;NeroNET;c:\program files\Ahead\NeroNET\NeroNET.exe [ ]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a4b0def-f9fb-11dc-964f-00138fe7a43b}]

\Shell\AutoRun\command - J:\InstallTomTomHOME.exe

.

- - - - ORPHELINS SUPPRIMES - - - -

 

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)

HKCU-Run-msnmsgr - ~c:\progra~1\MSNMES~1\msnmsgr.exe

HKU-Default-Run-Nokia.PCSync - d:\logiciels & drivers\Nokia\Nokia PC Suite 6\PcSync2.exe

SharedTaskScheduler-IPC Configuration Utility - (no file)

Notify-WgaLogon - (no file)

MSConfigStartUp-MsnMsgr - ~c:\program files\MSN Messenger\MsnMsgr.Exe

 

 

.

------- Examen supplémentaire -------

.

R0 -: HKLM-Main,Window Title =

O8 -: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

 

O16 -: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab

c:\windows\Downloaded Program Files\OSDED4D.OSD

c:\windows\Downloaded Program Files\InstallerControl.dll

 

O16 -: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://asp03.photoprintit.de/microsite/12188/defaults/activex/IPSUploader.cab

c:\windows\Downloaded Program Files\IPSUploader.inf

c:\windows\system32\unicows.dll

c:\windows\Downloaded Program Files\IPSUploader.ocx

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-03 21:31:44

Windows 5.1.2600 Service Pack 3 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

c:\windows\system32\rundll32.exe

c:\program files\PC Connectivity Solution\ServiceLayer.exe

c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe

c:\program files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe

c:\program files\Alwil Software\Avast4\Setup\avast.setup

c:\program files\Fichiers communs\LogiShrd\LQCVFX\COCIManager.exe

.

**************************************************************************

.

Heure de fin: 2008-11-03 21:39:48 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-11-03 20:39:09

 

Avant-CF: 3 560 730 624 octets libres

Après-CF: 3,519,574,016 octets libres

 

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

 

186 --- E O F --- 2008-10-25 01:00:32

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Il en a eu directement.

 

Désinstalle par ajout/suppression de programmes ceci :

SweetIM Toolbar for Internet Explorer 3.1

puis

SweetIM for Messenger 2.5

(SweetIM fait partie des programmes douteux)

 

 

Voici un autre lib.reg à faire (tu peux effacer l'ancien).

 

  • Ouvre le bloc notes. Copie-colle dedans le contenu de la boite code qui suit, sans ligne blanche vide au début, ça doit commencer par Windows Registry Editor Version 5.00 comme ci dessous :

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=-
"NoActiveDesktopChanges"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a37af66a-8c6b-11dc-b9b4-00138fe7a43b}]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-

  • Sauvegarde cela sur le bureau en donnant comme nom lib.reg (pas d'extension texte donc).
  • Le fichier va être créé avec une icône de base de registre, double clique dessus et confirme pour l'ajouter au registre.

 

Après ça, redémarre, et poste un nouveau rapport HijackThis stp.

Delf Member

Delf

Posté(e)
  • Auteur
Posté(e)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:48:15, on 03/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\Fichiers communs\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\IR4K6L2S\HiJackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\logiciels & drivers\tomtom GO\TomTomHOME.exe" -s

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O15 - Trusted Zone: http://*.secuser.com

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/121...IPSUploader.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NBService - Nero AG - D:\logiciels & drivers\nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 6132 bytes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ca doit aller mieux non ?

 

Je te conseille de changer d'antivirus. Avast est devenu une passoire et laisse passer tous les gros trucs, + les trucs récents (dommage).

Antivir est tout aussi gratuit (bientôt disponible en français) et surtout bien plus efficace.

Tu peux désinstaller avast par le panneau de configuration / ajout-suppression de programmes.

Si ça ne marche pas bien, il y a aussi (au cas où mais normalement pas besoin) cet utilitaire officiel :

http://www.avast.com/fre/avast-uninstall-utility.html

Au besoin en mode sans échec, si ça rouspète.

 

Pour Antivir voici un lien de téléchargement direct :

http://dl1.avgate.net/down/windows/antivir...n_winu_en_h.exe

Tuto : http://www.libellules.ch/tuto_antivir.php

Delf Member

Delf

Posté(e)
  • Auteur
Posté(e)

10 000 merci pour ton aide !!!! Sans toi je serais toujours en train de criser devant l'ordi ou je l'aurais passer par dessus le balcon et il aurait chuté sur les 3 étages !!!

j'ai désinstallé avast et installé antivir. Il m'a demandé de faire un scan dont voici le rapport :

 

03.11.2008 23:00:19 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\

03.11.2008 23:00:19 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\

03.11.2008 23:00:19 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\

03.11.2008 23:00:19 - Using System's global Proxy settings

03.11.2008 23:00:19 - Launching GUI... display mode: 0

03.11.2008 23:00:19 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll

03.11.2008 23:00:19 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll

03.11.2008 23:00:19 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\

03.11.2008 23:00:19 - Backup Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\

03.11.2008 23:00:19 - Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\

03.11.2008 23:00:19 - Using System's global Proxy settings

03.11.2008 23:00:19 - Launching GUI... display mode: 0

03.11.2008 23:00:19 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll

03.11.2008 23:00:19 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll

03.11.2008 23:00:19 - Avira AntiVir Personal - Free Antivirus

03.11.2008 23:00:25 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\idx/master.idx to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX\master.idx

03.11.2008 23:00:25 - Master IDX file has changed

03.11.2008 23:00:26 - Downloading the product.info file from http://dl10.freeav.net/upd/idx/classic-nt-en.info.gz

03.11.2008 23:00:27 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\classic-nt-en.info to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\IDX\classic-nt-en.info

03.11.2008 23:00:27 - Downloading the product.info file from http://dl10.freeav.net/upd/idx/vdf.info.gz

03.11.2008 23:00:27 - Downloading the product.info file from http://dl10.freeav.net/upd/idx/specvir-nt.info.gz

03.11.2008 23:00:28 - Downloading the product.info file from http://dl10.freeav.net/upd/idx/ave2.info.gz

03.11.2008 23:00:28 - Downloading the product.info file from http://dl10.freeav.net/upd/idx/info-wks-cl...c-nt-en.info.gz

03.11.2008 23:00:29 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15

03.11.2008 23:00:29 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 83

03.11.2008 23:00:30 - Module: COMMAPPDATA_AV Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\ Files: 1

03.11.2008 23:00:30 - Module: COMMAPP Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\JOBS\ Files: 4

03.11.2008 23:00:30 - Module: COMMAPDATA_AV_PROFILES Source: winwks\en\ Destination: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\ Files: 2

03.11.2008 23:00:30 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3

03.11.2008 23:00:30 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4

03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf 6.40.0.0 < 7.1.0.0

03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf 7.0.5.1 < 7.1.0.21

03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf 7.0.5.20 < 7.1.0.22

03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.5.23 < 7.1.0.30

03.11.2008 23:00:30 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1

03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avrep.dll 7.0.0.1 < 8.0.0.2

03.11.2008 23:00:30 - Module: AVE2 Source: ave2\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 14

03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll 8.1.2.6 < 8.1.2.9

03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll 8.1.0.41 < 8.1.0.42

03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll 8.1.0.59 < 8.1.0.63

03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll 8.1.0.28 < 8.1.0.29

03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll 8.1.1.8 < 8.1.1.9

03.11.2008 23:00:30 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeset.dat 8.2.0.4 < 8.2.0.10

03.11.2008 23:00:30 - Module: DRV Source: winwks\en\ Destination: C:\WINDOWS\SYSTEM32\drivers\ Files: 4

03.11.2008 23:00:30 - Module: PRODINFO Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1

03.11.2008 23:00:30 - Minifilter is installed

03.11.2008 23:00:30 - Minifilter is possible

03.11.2008 23:00:30 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType

03.11.2008 23:00:30 - Initialize avnotify.exe

03.11.2008 23:00:30 - Starting avnotify.exe successful

03.11.2008 23:00:30 - Preparing to download files

03.11.2008 23:00:30 - 13 files need to be downloaded / copied from http://dl10.freeav.net/upd/

03.11.2008 23:00:30 - #1: Downloading and extracting http://dl10.freeav.net/upd/winwks/en/class...filelist.ini.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\winwks\en\classic-nt/filelist.ini

03.11.2008 23:00:31 - #2: Downloading and extracting http://dl10.freeav.net/upd/winwks/en/class.../product.ini.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\winwks\en\classic-nt/product.ini

03.11.2008 23:00:37 - #3: Downloading and extracting http://dl10.freeav.net/upd/vdf/antivir0.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir0.vdf

03.11.2008 23:01:03 - #4: Downloading and extracting http://dl10.freeav.net/upd/vdf/antivir1.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir1.vdf

03.11.2008 23:01:04 - #5: Downloading and extracting http://dl10.freeav.net/upd/vdf/antivir2.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir2.vdf

03.11.2008 23:01:04 - #6: Downloading and extracting http://dl10.freeav.net/upd/vdf/antivir3.vdf.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir3.vdf

03.11.2008 23:01:05 - #7: Downloading and extracting http://dl10.freeav.net/upd/engine/nt/avrep.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\engine\nt\avrep.dll

03.11.2008 23:01:05 - #8: Downloading and extracting http://dl10.freeav.net/upd/ave2/aecore.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aecore.dll

03.11.2008 23:01:06 - #9: Downloading and extracting http://dl10.freeav.net/upd/ave2/aegen.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aegen.dll

03.11.2008 23:01:06 - #10: Downloading and extracting http://dl10.freeav.net/upd/ave2/aeheur.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aeheur.dll

03.11.2008 23:01:08 - #11: Downloading and extracting http://dl10.freeav.net/upd/ave2/aeoffice.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aeoffice.dll

03.11.2008 23:01:08 - #12: Downloading and extracting http://dl10.freeav.net/upd/ave2/aescript.dll.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aescript.dll

03.11.2008 23:01:09 - #13: Downloading and extracting http://dl10.freeav.net/upd/ave2/aeset.dat.gz to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aeset.dat

03.11.2008 23:01:16 - Keyfile: OK [FULL Mode]

03.11.2008 23:01:16 - Status of service AntiVirService is running

03.11.2008 23:01:16 - Initialize avscan.exe

03.11.2008 23:01:16 - Initialize avcenter.exe

03.11.2008 23:01:16 - Initialize avgnt.exe

03.11.2008 23:01:16 - avscan.exe closed.

03.11.2008 23:01:17 - avgnt.exe closed.

03.11.2008 23:01:17 - Starting to install

03.11.2008 23:01:17 - File C:\Program Files\Avira\AntiVir PersonalEdition Classic\filelist.ini will not be backed up because it doesn't exist

03.11.2008 23:01:17 - File C:\Program Files\Avira\AntiVir PersonalEdition Classic\product.ini will not be backed up because it doesn't exist

03.11.2008 23:01:17 - Processing module MAIN Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\

03.11.2008 23:01:17 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\winwks\en\classic-nt/filelist.ini to C:\Program Files\Avira\AntiVir PersonalEdition Classic\filelist.ini

03.11.2008 23:01:17 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\winwks\en\classic-nt/product.ini to C:\Program Files\Avira\AntiVir PersonalEdition Classic\product.ini

03.11.2008 23:01:18 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir0.vdf

03.11.2008 23:01:18 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir1.vdf

03.11.2008 23:01:18 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir2.vdf

03.11.2008 23:01:18 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir3.vdf

03.11.2008 23:01:18 - Processing module VDF Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\

03.11.2008 23:01:19 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir0.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf

03.11.2008 23:01:19 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir1.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf

03.11.2008 23:01:19 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir2.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf

03.11.2008 23:01:19 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\vdf\antivir3.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf

03.11.2008 23:01:19 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\avrep.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\avrep.dll

03.11.2008 23:01:19 - Processing module AVREP_NT Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\

03.11.2008 23:01:19 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\engine\nt\avrep.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\avrep.dll

03.11.2008 23:01:19 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aecore.dll

03.11.2008 23:01:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aegen.dll

03.11.2008 23:01:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aeheur.dll

03.11.2008 23:01:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aeoffice.dll

03.11.2008 23:01:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aescript.dll

03.11.2008 23:01:20 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeset.dat to C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\aeset.dat

03.11.2008 23:01:20 - Processing module AVE2 Source: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\

03.11.2008 23:01:21 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aecore.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll

03.11.2008 23:01:22 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aegen.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll

03.11.2008 23:01:23 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aeheur.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll

03.11.2008 23:01:24 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aeoffice.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll

03.11.2008 23:01:25 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aescript.dll to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll

03.11.2008 23:01:25 - Copy file C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_490f7472\ave2\aeset.dat to C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeset.dat

03.11.2008 23:01:25 - A total of 13 files were updated

03.11.2008 23:01:25 - Initialize AVWSC.EXE

03.11.2008 23:01:25 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress

03.11.2008 23:01:25 - Status of service AntiVirService is running

03.11.2008 23:01:27 - Reinitialization of AntiVirService carried out successfully.

03.11.2008 23:01:28 - Starting avgnt.exe successful

03.11.2008 23:01:28 - Dialup: 0

03.11.2008 23:01:28 - Downloaded bytes: 16936032

03.11.2008 23:01:28 - Downloaded file(s): 13

03.11.2008 23:01:28 - Downloaded file(s): filelist.ini; product.ini; antivir0.vdf; antivir1.vdf; antivir2.vdf; antivir3.vdf; avrep.dll; aecore.dll; aegen.dll; aeheur.dll

03.11.2008 23:01:28 - Downloaded file(s): aeoffice.dll; aescript.dll; aeset.dat

03.11.2008 23:01:28 - Required time: 01:09

03.11.2008 23:01:28 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate

03.11.2008 23:01:28 - Update finished successfully

 

J'espère que tout est normal.

 

Que dois-je faire à l'avenir pour que ceci ne se reproduise plus?

J'ai un pote qui utilise Fsecurity comme antivirus? C'est bien ou pas?

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Ha, heu ça ce n'est pas le rapport de scan.

 

Tu peux lire tous les anciens rapports sans rescanner : ouvre Antivir (double-clique sur son icône près de l'horloge), clique sur "Overview" dans la colonne de gauche, puis sur "Reports" et trouve la ligne qui correspond à ton rapport elle doit s'appeler Scan, puis double clique dessus : là tu auras un bouton "Report file" pour lire et/ou poster le rapport.

 

J'ai un pote qui utilise Fsecurity comme antivirus? C'est bien ou pas?
Ce n'est pas aussi bon (et c'est payant).

 

Confirme moi le rapport et je te poste de quoi éviter que tout ça ne revienne. :P

Delf Member

Delf

Posté(e)
  • Auteur
Posté(e)

Avira AntiVir Personal

Report file date: lundi 3 novembre 2008 23:05

 

Scanning for 1005296 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: PC-DELPH

 

Version information:

BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52

ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 22:01:03

ANTIVIR1.VDF : 7.1.0.21 130560 Bytes 31/10/2008 22:01:04

ANTIVIR2.VDF : 7.1.0.22 2048 Bytes 31/10/2008 22:01:04

ANTIVIR3.VDF : 7.1.0.30 69120 Bytes 03/11/2008 22:01:05

Engineversion : 8.2.0.10

AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56

AESCRIPT.DLL : 8.1.1.9 319867 Bytes 03/11/2008 22:01:09

AESCN.DLL : 8.1.1.3 123252 Bytes 14/10/2008 11:05:56

AERDL.DLL : 8.1.1.2 438644 Bytes 12/09/2008 07:06:02

AEPACK.DLL : 8.1.2.4 369014 Bytes 14/10/2008 11:05:56

AEOFFICE.DLL : 8.1.0.29 196988 Bytes 03/11/2008 22:01:08

AEHEUR.DLL : 8.1.0.63 1479032 Bytes 03/11/2008 22:01:08

AEHELP.DLL : 8.1.1.2 115062 Bytes 14/10/2008 11:05:56

AEGEN.DLL : 8.1.0.42 319861 Bytes 03/11/2008 22:01:06

AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56

AECORE.DLL : 8.1.2.9 172407 Bytes 03/11/2008 22:01:06

AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 03/11/2008 22:01:05

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:, E:, F:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: lundi 3 novembre 2008 23:05

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'COCIManager.exe' - '1' Module(s) have been scanned

Scan process 'NclRSSrv.exe' - '1' Module(s) have been scanned

Scan process 'LVComSer.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'LVComSer.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'Quickcam.exe' - '1' Module(s) have been scanned

Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned

Scan process 'iTouch.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

36 processes with 36 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Boot sector 'E:\'

[iNFO] No virus was found!

Boot sector 'F:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '0' files ).

 

 

 

End of the scan: lundi 3 novembre 2008 23:05

Used time: 00:08 Minute(s)

 

The scan has been canceled!

 

0 Scanning directories

36 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

0 Files cannot be scanned

36 Files not concerned

0 Archives were scanned

0 Warnings

0 Notes

Falkra Devil Member !

Falkra

Posté(e)
Posté(e)

Oki, ça c'est impeccable ! :P

 

Poste un nouveau rapport HijackThis stp.

On a presque fini (sinon suite demain, pas de souci)

Delf Member

Delf

Posté(e)
  • Auteur
Posté(e)

Ne jamais remettre au lendemain ce qu'on peut faire le jour même...

 

Si pour toi c'est OK, je finirais ce soir.

 

Voici le rapport :

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:33:35, on 03/11/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Logitech\iTouch\iTouch.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe

C:\Program Files\Logitech\QuickCam\Quickcam.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\IR4K6L2S\HiJackThis[1].exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [TomTomHOME.exe] "D:\logiciels & drivers\tomtom GO\TomTomHOME.exe" -s

O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe

O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"

O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O15 - Trusted Zone: http://*.secuser.com

O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/dow...llerControl.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab

O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSUploader Control) - http://asp03.photoprintit.de/microsite/121...IPSUploader.cab

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NBService - Nero AG - D:\logiciels & drivers\nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NeroNET - Unknown owner - C:\Program Files\Ahead\NeroNET\NeroNET.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

 

--

End of file - 6217 bytes

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...