Me revoici
J'ai toujours mon problème...je n'ai pas réussi à revenir depuis mon inscription l'autre jour !
J'ai suivi la première étape conseillée, voici le rapport du bloc note :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:39, on 24/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\mrofinu880.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\MalwareAlarm\MalwareAlarm.exe
C:\Program Files\MalwareAlarm\pv.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfcdbx.dll,#1
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu880.exe 61A847B5BBF7281A3A9B284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Nous\AppData\Local\Temp\pmnnl.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Nous\AppData\Local\Temp\mljgd.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BM236e7e8c] Rundll32.exe "C:\Users\Nous\AppData\Local\Temp\mliphxkc.dll",s
O4 - HKCU\..\Run: [205d4d10] rundll32.exe "C:\Users\Nous\AppData\Local\Temp\rjbygpxy.dll",b
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 13376 bytes
-C'est grave Doc ? Merci pour vos réponses...
Eve
2ème tentative
-
eveauborddelo
- Novice
- Messages : 9
- Enregistré le : 18 mars 2008, 18:38
- Configuration matérielle : Windows vista
-
nardino
- Modérateurs
- Messages : 11993
- Enregistré le : 05 févr. 2007, 17:38
- Localisation : Reims
- Contact :
Re: 2ème tentative
Bonsoir.
Cette procédure sera effectuée en mode sans échec pour la majeure partie.
Je te conseille :
-Ou de l'imprimer et de cocher les actions effectuées au fur et à mesure.
-Ou de l'enregistrer sur le bureau avec le blocnote sous "Procédure.txt" par exemple, afin de pouvoir le consulter.
Prends le temps de bien lire, d'appliquer ce qui est préconisé et si tu rencontres des difficultés, n'hésite pas à poser des questions.
Chaque phrase a son importance et il faut bien respecter cette procédure dans l'ordre pour agir efficacement.
Cependant, si tu rencontres un problème, saute une étape et informe-moi sur cette difficulté.
**Mises à jour à effectuer**
-Java Runtime Environment (JRE) :
http://java.sun.com/javase/downloads/index.jsp
Clique sur Download Java Runtime Environment (JRE) 6u5
Dans la page suivante coche "I accept" et télécharge " Windows Offline Installation, Multi-language //jre-6u5-windows-i586-p.exe //15.18 MB"
Tu l'installeras navigateur fermé.
Dans Programmes et fonctionnalités tu supprimes toutes les autres versions.
**A télécharger si nécessaire**
-"OTMoveIt" : http://download.bleepingcomputer.com/ol ... oveIt2.exe
Sur ton bureau.
-"CCleaner slim" : http://www.ccleaner.com/download/builds ... ading-slim
Installes-le sans l'utiliser pour le moment.
Un excellent tutoriel de Jesses pour le paramétrer :
http://perso.orange.fr/jesses/Docs/Logi ... leaner.htm
Le plus important est de décocher dans Options - Avancé = Effacer uniquement les fichiers ... plus vieux que 48 heures.
-"Malwarebytes' Anti-Malware" : http://majorgeeks.com/downloadget.php?i ... 666f809b26
Installes-le, mets-le à jour, et refermes-le.
Tutoriel par nico_dodo
http://forum.pcastuces.com/malwarebytes ... -f31s3.htm
-"Antivir" de Avira : http://www.free-av.com/
Clique sur "download here" en bas de la colonne Classic et dans la fenêtre suivante clique sur la version de ton système.
Enregistre le fichier (16.4 Mo) et installe le programme.
Voici un tutoriel pour ce faire et bien paramétrer le programme.
http://speedweb1.free.fr/frames2.php?page=tuto5
Merci à Tesgaz.
Mets-le à jour et referme-le.
**Démarrage en mode sans échec**
Après la fermeture de la première fenêtre, au tout début de la phase de démarrage du PC (boot), appuyer sur F8.
Une fenêtre de type DOS s'ouvre, sélectionner Mode sans échec à l'aide des flèches du clavier et cliquer sur Entrée (Enter) une fois surligné.
Ne t'inquiète pas de l'aspect, Windows démarre avec le minimum nécessaire.
Et le démarrage peut prendre un certain temps, sois patient.
**Nettoyage des fichiers temporaires**
Ouvre CCleaner et clique sur Analyse, puis quand elle est terminée, clique sur Lancer le nettoyage.
Il sera effectué même si tu vois encore l'affichage dans le cadre principal.
**Hijackthis**
Tu lances Hijackthis par le bouton "Do a scan system only" et tu coches:
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfcdbx.dll,#1
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu880.exe 61A847B5BBF7281A3A9B284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Nous\AppData\Local\Temp\pmnnl.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Nous\AppData\Local\Temp\mljgd.dll,c
O4 - HKCU\..\Run: [BM236e7e8c] Rundll32.exe "C:\Users\Nous\AppData\Local\Temp\mliphxkc.dll",s
O4 - HKCU\..\Run: [205d4d10] rundll32.exe "C:\Users\Nous\AppData\Local\Temp\rjbygpxy.dll",b
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
**Nettoyage**
Lance OTMoveIt.
Copie et colle la liste ci-dessous dans le volet de gauche "Paste List of Files/Folders to Move" et clique sur "MoveIt!" pour lancer la suppression.
La case "Unregister Dll's and OCX's" doit être cochée.
C:\Program Files\Best_Security_Tips
C:\Windows\system32\khfcdbx.dll
C:\Windows\mrofinu880.exe
C:\Users\Nous\AppData\Local\Temp\pmnnl.dll
C:\Users\Nous\AppData\Local\Temp\mljgd.dll
C:\Users\Nous\AppData\Local\Temp\mliphxkc.dll
C:\Users\Nous\AppData\Local\Temp\rjbygpxy.dll
C:\Windows\xpupdate.exe
C:\Program Files\MalwareAlarm
Le résultat apparaitra dans le cadre Results à droite.
Clique sur Exit pour fermer.
Un rapport sera enregistré dans C:\\_OTMoveIt\MovedFiles.(xxxxxxxx_xxxxxx.log)
Les x sont des chiffres qui correspondent à la date et l'heure du scan.
Il te sera peut-être demander de redémarrer le pc pour achever la suppression.
Si c'est le cas attends la fin de la procédure pour redémarrer.
**Scan anti-malwares**
Lance Malwarebyte's Anti-Malware
Onglet "Recherche", coche Exécuter un examen complet et Rechercher
Sélectionne ton disque dur et clique sur Lancer l'examen
A la fin du scan, clique sur Afficher les résultats et Enregistrer le Rapport
Suppression des éléments détectés, clique sur Supprimer la sélection.
Un rapport final sera enregistré dans l'onglet Rapport/Logs.
Lance Antivir, tu cliques sur l'icône du bureau pour le lancer.
Dans l'onglet Scanner,; tu cliques sur la croix devant Manual Selection et tu coches Poste de travail.
Tu laisses tout coché pour la première analyse.
Tu cliques sur l'icône en forme de loupe en-dessous de Status pour lancer l'analyse qui peut durée une heure.
A la première alerte :
Tu choisis "Moved to quarantine" à la première alerte et tu coches la case "Apply selection to the all following detections".
Quand le scan est terminé, tu clique sur End.
**Redémarrage en mode normal**
Poste les rapports Malwarebyte's Anti-Malware, OTMoveIt, Antivir et un nouveau log Hijackthis établi en mode normal.
Donne des infos sur l'évolution de la situation et les problèmes éventuellement rencontrés lors de la procédure.
@+
Cette procédure sera effectuée en mode sans échec pour la majeure partie.
Je te conseille :
-Ou de l'imprimer et de cocher les actions effectuées au fur et à mesure.
-Ou de l'enregistrer sur le bureau avec le blocnote sous "Procédure.txt" par exemple, afin de pouvoir le consulter.
Prends le temps de bien lire, d'appliquer ce qui est préconisé et si tu rencontres des difficultés, n'hésite pas à poser des questions.
Chaque phrase a son importance et il faut bien respecter cette procédure dans l'ordre pour agir efficacement.
Cependant, si tu rencontres un problème, saute une étape et informe-moi sur cette difficulté.
**Mises à jour à effectuer**
-Java Runtime Environment (JRE) :
http://java.sun.com/javase/downloads/index.jsp
Clique sur Download Java Runtime Environment (JRE) 6u5
Dans la page suivante coche "I accept" et télécharge " Windows Offline Installation, Multi-language //jre-6u5-windows-i586-p.exe //15.18 MB"
Tu l'installeras navigateur fermé.
Dans Programmes et fonctionnalités tu supprimes toutes les autres versions.
**A télécharger si nécessaire**
-"OTMoveIt" : http://download.bleepingcomputer.com/ol ... oveIt2.exe
Sur ton bureau.
-"CCleaner slim" : http://www.ccleaner.com/download/builds ... ading-slim
Installes-le sans l'utiliser pour le moment.
Un excellent tutoriel de Jesses pour le paramétrer :
http://perso.orange.fr/jesses/Docs/Logi ... leaner.htm
Le plus important est de décocher dans Options - Avancé = Effacer uniquement les fichiers ... plus vieux que 48 heures.
-"Malwarebytes' Anti-Malware" : http://majorgeeks.com/downloadget.php?i ... 666f809b26
Installes-le, mets-le à jour, et refermes-le.
Tutoriel par nico_dodo
http://forum.pcastuces.com/malwarebytes ... -f31s3.htm
-"Antivir" de Avira : http://www.free-av.com/
Clique sur "download here" en bas de la colonne Classic et dans la fenêtre suivante clique sur la version de ton système.
Enregistre le fichier (16.4 Mo) et installe le programme.
Voici un tutoriel pour ce faire et bien paramétrer le programme.
http://speedweb1.free.fr/frames2.php?page=tuto5
Merci à Tesgaz.
Mets-le à jour et referme-le.
**Démarrage en mode sans échec**
Après la fermeture de la première fenêtre, au tout début de la phase de démarrage du PC (boot), appuyer sur F8.
Une fenêtre de type DOS s'ouvre, sélectionner Mode sans échec à l'aide des flèches du clavier et cliquer sur Entrée (Enter) une fois surligné.
Ne t'inquiète pas de l'aspect, Windows démarre avec le minimum nécessaire.
Et le démarrage peut prendre un certain temps, sois patient.
**Nettoyage des fichiers temporaires**
Ouvre CCleaner et clique sur Analyse, puis quand elle est terminée, clique sur Lancer le nettoyage.
Il sera effectué même si tu vois encore l'affichage dans le cadre principal.
**Hijackthis**
Tu lances Hijackthis par le bouton "Do a scan system only" et tu coches:
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfcdbx.dll,#1
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu880.exe 61A847B5BBF7281A3A9B284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Nous\AppData\Local\Temp\pmnnl.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Nous\AppData\Local\Temp\mljgd.dll,c
O4 - HKCU\..\Run: [BM236e7e8c] Rundll32.exe "C:\Users\Nous\AppData\Local\Temp\mliphxkc.dll",s
O4 - HKCU\..\Run: [205d4d10] rundll32.exe "C:\Users\Nous\AppData\Local\Temp\rjbygpxy.dll",b
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
**Nettoyage**
Lance OTMoveIt.
Copie et colle la liste ci-dessous dans le volet de gauche "Paste List of Files/Folders to Move" et clique sur "MoveIt!" pour lancer la suppression.
La case "Unregister Dll's and OCX's" doit être cochée.
C:\Program Files\Best_Security_Tips
C:\Windows\system32\khfcdbx.dll
C:\Windows\mrofinu880.exe
C:\Users\Nous\AppData\Local\Temp\pmnnl.dll
C:\Users\Nous\AppData\Local\Temp\mljgd.dll
C:\Users\Nous\AppData\Local\Temp\mliphxkc.dll
C:\Users\Nous\AppData\Local\Temp\rjbygpxy.dll
C:\Windows\xpupdate.exe
C:\Program Files\MalwareAlarm
Le résultat apparaitra dans le cadre Results à droite.
Clique sur Exit pour fermer.
Un rapport sera enregistré dans C:\\_OTMoveIt\MovedFiles.(xxxxxxxx_xxxxxx.log)
Les x sont des chiffres qui correspondent à la date et l'heure du scan.
Il te sera peut-être demander de redémarrer le pc pour achever la suppression.
Si c'est le cas attends la fin de la procédure pour redémarrer.
**Scan anti-malwares**
Lance Malwarebyte's Anti-Malware
Onglet "Recherche", coche Exécuter un examen complet et Rechercher
Sélectionne ton disque dur et clique sur Lancer l'examen
A la fin du scan, clique sur Afficher les résultats et Enregistrer le Rapport
Suppression des éléments détectés, clique sur Supprimer la sélection.
Un rapport final sera enregistré dans l'onglet Rapport/Logs.
Lance Antivir, tu cliques sur l'icône du bureau pour le lancer.
Dans l'onglet Scanner,; tu cliques sur la croix devant Manual Selection et tu coches Poste de travail.
Tu laisses tout coché pour la première analyse.
Tu cliques sur l'icône en forme de loupe en-dessous de Status pour lancer l'analyse qui peut durée une heure.
A la première alerte :
Tu choisis "Moved to quarantine" à la première alerte et tu coches la case "Apply selection to the all following detections".
Quand le scan est terminé, tu clique sur End.
**Redémarrage en mode normal**
Poste les rapports Malwarebyte's Anti-Malware, OTMoveIt, Antivir et un nouveau log Hijackthis établi en mode normal.
Donne des infos sur l'évolution de la situation et les problèmes éventuellement rencontrés lors de la procédure.
@+
Clic sur l'image pour ouvrir le site.
-
eveauborddelo
- Novice
- Messages : 9
- Enregistré le : 18 mars 2008, 18:38
- Configuration matérielle : Windows vista
Re: 2ème tentative
Merci bien, j'imprime et je trouve le temps de faire ça aujourd'hui !
La suite au prochain numéro...
La suite au prochain numéro...
-
eveauborddelo
- Novice
- Messages : 9
- Enregistré le : 18 mars 2008, 18:38
- Configuration matérielle : Windows vista
Re: 2ème tentative
Bon je donne de mes nouvelles : me voici arrivée à la phase ouverture "Hijackthis" j'ai coché et................j'en fais quoi maintenant ?
Sinon jusque là tout s'est passé sans encombres...merci pour vos tuyaux !
Eve
-
nardino
- Modérateurs
- Messages : 11993
- Enregistré le : 05 févr. 2007, 17:38
- Localisation : Reims
- Contact :
Re: 2ème tentative
Bonjour,
Excuses-moi j'ai oublié cette ligne :
Tu cliques sur Fix checked une fois les lignes cochées.
@+
Excuses-moi j'ai oublié cette ligne :
Tu cliques sur Fix checked une fois les lignes cochées.
@+
Clic sur l'image pour ouvrir le site.
-
eveauborddelo
- Novice
- Messages : 9
- Enregistré le : 18 mars 2008, 18:38
- Configuration matérielle : Windows vista
Re: 2ème tentative
OK merci, je continue d'un pas allègre cette merveilleuse aventure anti-virus, dont comme tout à chacun je me serais bien passée !!! 
La suite au prochain numéro.
Eve
La suite au prochain numéro.
Eve
-
eveauborddelo
- Novice
- Messages : 9
- Enregistré le : 18 mars 2008, 18:38
- Configuration matérielle : Windows vista
Re: 2ème tentative
Opération terminée.
Au redémarrage en mode normal j'ai eu un nouveau mesage d'erreur :
Erreur de chargement de :
C:\Users\Nous\AppData\Local\Temp\wooeivir.dll
Le module spécifié est introuvable.
D'autre part j'ai des alertes virus toutes les 10 secondes avec Antivir. Il me dit : A virus ou unwanted program was founded. Is the Trojan horse. Puis j'ai le nom d'un fichier. J'ai demandé la mise en quarantaine à chaque fois...mais y a t-il autre chose à faire ?
Quand tu dis "Poster les rapports..." Tu veux dire que je dois mettre une copie des rapports içi sur le forum ? ou autre chose ?
Bon je crois que j'ai fait le tour de mes doutes, questions existencielles...
Très bon vendredi à tout le monde, je cours au boulot l'esprit dégagée des virus !
Merci à l'équipe de choc.
Eve
Au redémarrage en mode normal j'ai eu un nouveau mesage d'erreur :
Erreur de chargement de :
C:\Users\Nous\AppData\Local\Temp\wooeivir.dll
Le module spécifié est introuvable.
D'autre part j'ai des alertes virus toutes les 10 secondes avec Antivir. Il me dit : A virus ou unwanted program was founded. Is the Trojan horse. Puis j'ai le nom d'un fichier. J'ai demandé la mise en quarantaine à chaque fois...mais y a t-il autre chose à faire ?
Quand tu dis "Poster les rapports..." Tu veux dire que je dois mettre une copie des rapports içi sur le forum ? ou autre chose ?
Bon je crois que j'ai fait le tour de mes doutes, questions existencielles...
Très bon vendredi à tout le monde, je cours au boulot l'esprit dégagée des virus !
Merci à l'équipe de choc.
Eve-
nardino
- Modérateurs
- Messages : 11993
- Enregistré le : 05 févr. 2007, 17:38
- Localisation : Reims
- Contact :
Re: 2ème tentative
Bonjour.
Oui tu postes par copier-coller tous les rapports demandés.
Tu pourras même y ajouter celui-ci:
Télécharge Combofix de sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sur ton bureau et clic droit dessus, Propriétés, onglet Compatibilité, coche la case Exécuter en tant qu'administrateur.
Ferme toutes les applications en cours.
Double-clique sur ComboFix.exe (ne clique pas sur la fenêtre qui s'ouvre)
Appuie sur Y pour lancer le scan
Il y aura un redémarrage assez lent, ne t'en inquiète pas.
A la fin du scan (cela peut prendre du temps), un rapport sera créé.
Poste ce rapport dans ton prochain message.
@+
Oui tu postes par copier-coller tous les rapports demandés.
Tu pourras même y ajouter celui-ci:
Télécharge Combofix de sUBs :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sur ton bureau et clic droit dessus, Propriétés, onglet Compatibilité, coche la case Exécuter en tant qu'administrateur.
Ferme toutes les applications en cours.
Double-clique sur ComboFix.exe (ne clique pas sur la fenêtre qui s'ouvre)
Appuie sur Y pour lancer le scan
Il y aura un redémarrage assez lent, ne t'en inquiète pas.
A la fin du scan (cela peut prendre du temps), un rapport sera créé.
Poste ce rapport dans ton prochain message.
@+
Clic sur l'image pour ouvrir le site.
-
eveauborddelo
- Novice
- Messages : 9
- Enregistré le : 18 mars 2008, 18:38
- Configuration matérielle : Windows vista
Re: 2ème tentative
OK nardino, là j'ai un peu les paupières qui tombent sur mes chaussettes donc je vais me coucher et je reviens vite poster tout ça qui va bien !
Dodo
Eve
Dodo
Eve
-
eveauborddelo
- Novice
- Messages : 9
- Enregistré le : 18 mars 2008, 18:38
- Configuration matérielle : Windows vista
Re: 2ème tentative
Après un long silence sans internet je me remets en piste en espérant user avec délice des joies de cet outil merveilleux qui m'a fait perdre mes nerfs (il faut bien l'avouer).
Alors je poste les rapports:
Malwarebytes' Anti-Malware 1.09
Version de la base de données: 551
Type de recherche: Examen complet (C:\|D:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 158719
Temps écoulé: 18 minute(s), 28 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Windows\System32\x64 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Nous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Users\pti sam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OL59Q4K\93e4c2046fcb4ac4bdc3dbbcc28127fb[1].zip (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\pti sam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9MN4F0\c70bfcdfc030e694a9d4fcbd6c8484af[1].zip (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\titi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8TQD3E1S\17PHolmes[1].cmt (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Users\titi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JR68IZP3\17PHolmes[1].cmt (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Windows\mrofinu2000382.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\03272008_212555\Windows\mrofinu880.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Users\Nous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MalwareAlarm\MalwareAlarm.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Users\Nous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MalwareAlarm\Uninstall.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Windows\System32\rqrqnlj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rqrrpqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
Et d'un
[Custom Input]
< C:\Program Files\Best_Security_Tips >
C:\Program Files\Best_Security_Tips moved successfully.
< C:\Windows\system32\khfcdbx.dll >
DllUnregisterServer procedure not found in C:\Windows\system32\khfcdbx.dll
C:\Windows\system32\khfcdbx.dll NOT unregistered.
C:\Windows\system32\khfcdbx.dll moved successfully.
< C:\Windows\mrofinu880.exe >
C:\Windows\mrofinu880.exe moved successfully.
< C:\Users\Nous\AppData\Local\Temp\pmnnl.dll >
File/Folder C:\Users\Nous\AppData\Local\Temp\pmnnl.dll not found.
< C:\Users\Nous\AppData\Local\Temp\mljgd.dll >
File/Folder C:\Users\Nous\AppData\Local\Temp\mljgd.dll not found.
< C:\Users\Nous\AppData\Local\Temp\mliphxkc.dll >
File/Folder C:\Users\Nous\AppData\Local\Temp\mliphxkc.dll not found.
< C:\Users\Nous\AppData\Local\Temp\rjbygpxy.dll >
File/Folder C:\Users\Nous\AppData\Local\Temp\rjbygpxy.dll not found.
< C:\Windows\xpupdate.exe >
C:\Windows\xpupdate.exe moved successfully.
< C:\Program Files\MalwareAlarm >
C:\Program Files\MalwareAlarm moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03272008_212555
Et de deux
06.04.2008 17:20:48 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
06.04.2008 17:20:48 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
06.04.2008 17:20:48 - Temp Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f8ea50\
06.04.2008 17:20:48 - Start the Update GUI... Displaymode: 1
06.04.2008 17:20:48 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
06.04.2008 17:20:48 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
06.04.2008 17:20:48 - Temp Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f8ea50\
06.04.2008 17:20:48 - Start the Update GUI... Displaymode: 1
06.04.2008 17:20:51 - Keyfile: OK [FULL Mode]
06.04.2008 17:20:51 - Avira AntiVir PersonalEdition Classic
06.04.2008 17:20:52 - Master IDX file has changed
06.04.2008 17:20:58 - Keyfile: OK [FULL Mode]
06.04.2008 17:20:58 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/vdf.info.gz
06.04.2008 17:21:01 - Keyfile: OK [FULL Mode]
06.04.2008 17:21:01 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/specvir-nt.info.gz
06.04.2008 17:21:02 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine.info.gz
06.04.2008 17:21:02 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine-nt-en.info.gz
06.04.2008 17:21:04 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
06.04.2008 17:21:04 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 77
06.04.2008 17:21:06 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\ProgramData\ Files: 1
06.04.2008 17:21:06 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
06.04.2008 17:21:07 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
06.04.2008 17:21:07 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.3.121 < 7.0.3.122
06.04.2008 17:21:07 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
06.04.2008 17:21:07 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
06.04.2008 17:21:07 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
06.04.2008 17:21:07 - Module: DRV Source: winwks\en\ Destination: C:\Windows\SYSTEM32\drivers\ Files: 4
06.04.2008 17:21:07 - Minifilter is installed
06.04.2008 17:21:07 - Minifilter is possible
06.04.2008 17:21:07 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType
06.04.2008 17:21:07 - File basic-nt/xp/avgntdd.sys which was recognized as modified, must not be updated
06.04.2008 17:21:07 - File basic-nt/xp/avgntmgr.sys which was recognized as modified, must not be updated
06.04.2008 17:21:07 - The Module DRV which was recognized as modified, must not be updated
06.04.2008 17:21:07 - Initialize avnotify.exe
06.04.2008 17:21:07 - Starting avnotify.exe successful
06.04.2008 17:21:07 - Preparing to download files
06.04.2008 17:21:07 - 1 files need to be downloaded / copied from http://dl1.avgate.net/upd/
06.04.2008 17:21:07 - #1: Downloading and extracting http://dl1.avgate.net/upd/vdf/antivir3.vdf.gz to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f8ea50\vdf\antivir3.vdf
06.04.2008 17:21:17 - Status of service AntiVirService is running
06.04.2008 17:21:17 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir0.vdf.
06.04.2008 17:21:17 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir1.vdf.
06.04.2008 17:21:17 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir2.vdf.
06.04.2008 17:21:17 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir3.vdf.
06.04.2008 17:21:18 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\avewin32.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll.
06.04.2008 17:21:18 - Starting to install
06.04.2008 17:21:18 - Processing module VDF Source: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f8ea50\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
06.04.2008 17:21:18 - A total of 1 files were updated
06.04.2008 17:21:18 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress
06.04.2008 17:21:18 - Status of service AntiVirService is running
06.04.2008 17:21:22 - Reinitialization of AntiVirService carried out successfully.
06.04.2008 17:21:22 - Dialup: 0
06.04.2008 17:21:22 - Downloaded bytes: 227957
06.04.2008 17:21:22 - Downloaded file(s): 1
06.04.2008 17:21:22 - Downloaded file(s): antivir3.vdf
06.04.2008 17:21:22 - Engine version local : 7.6.0.81
06.04.2008 17:21:22 - Engine version internet: 7.6.0.81
06.04.2008 17:21:22 - 0. VDF version local : 6.40.0.0
06.04.2008 17:21:22 - 0. VDF version internet: 6.40.0.0
06.04.2008 17:21:22 - 1. VDF version local : 7.0.3.2
06.04.2008 17:21:22 - 1. VDF version internet: 7.0.3.2
06.04.2008 17:21:22 - 2. VDF version local : 7.0.3.85
06.04.2008 17:21:22 - 2. VDF version internet: 7.0.3.85
06.04.2008 17:21:22 - 3. VDF version local : 7.0.3.121
06.04.2008 17:21:22 - 3. VDF version internet: 7.0.3.122
06.04.2008 17:21:22 - Required time: 00:33
06.04.2008 17:21:22 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate
06.04.2008 17:21:22 - Update finished successfully
MAIS J'AJOUTE LE DERNIER EN DATE CAR IL N4EST PAS "SUCCESS" !!!
05.05.2008 20:16:58 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
05.05.2008 20:16:58 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
05.05.2008 20:16:58 - Temp Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\
05.05.2008 20:16:58 - Using System's global Proxy settings
05.05.2008 20:16:58 - Start the Update GUI... Displaymode: 0
05.05.2008 20:16:58 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
05.05.2008 20:16:58 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll
05.05.2008 20:16:58 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
05.05.2008 20:16:58 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
05.05.2008 20:16:58 - Temp Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\
05.05.2008 20:16:58 - Using System's global Proxy settings
05.05.2008 20:16:58 - Start the Update GUI... Displaymode: 0
05.05.2008 20:16:58 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
05.05.2008 20:16:58 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll
05.05.2008 20:16:58 - Avira AntiVir Personal – Free Antivirus
05.05.2008 20:17:01 - Copy file C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\idx/master.idx to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\IDX\master.idx
05.05.2008 20:17:01 - Master IDX file has changed
05.05.2008 20:17:06 - Keyfile: OK [FULL Mode]
05.05.2008 20:17:06 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/vdf.info.gz
05.05.2008 20:17:40 - There was a problem updating from the specified server: Invalid system proxy
05.05.2008 20:17:40 - Switching to next update server
05.05.2008 20:18:02 - Invalid system proxy
05.05.2008 20:18:02 - Switching to next update server
05.05.2008 20:18:42 - Invalid system proxy
05.05.2008 20:18:42 - Switching to next update server
05.05.2008 20:19:03 - Invalid system proxy
05.05.2008 20:19:03 - Switching to next update server
05.05.2008 20:19:25 - Invalid system proxy
05.05.2008 20:19:25 - Switching to next update server
05.05.2008 20:19:46 - Invalid system proxy
05.05.2008 20:19:46 - Switching to next update server
05.05.2008 20:20:08 - Invalid system proxy
05.05.2008 20:20:08 - Switching to next update server
05.05.2008 20:20:29 - There was a problem updating from the specified server: Invalid system proxy
05.05.2008 20:20:29 - Switching to next update server
05.05.2008 20:20:49 - Copy file C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\idx/master.idx to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\IDX\master.idx
05.05.2008 20:20:49 - Master IDX file has changed
05.05.2008 20:20:54 - Downloading the product.info file from http://dl5.avgate.net/upd/idx/vdf.info.gz
05.05.2008 20:21:16 - There was a problem updating from the specified server: Invalid system proxy
05.05.2008 20:21:16 - Switching to next update server
05.05.2008 20:21:37 - There was a problem updating from the specified server: Invalid system proxy
05.05.2008 20:21:37 - Switching to next update server
05.05.2008 20:22:15 - There was a problem updating from the specified server: Invalid system proxy
05.05.2008 20:22:15 - Switching to next update server
05.05.2008 20:22:30 - Copy file C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\idx/master.idx to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\IDX\master.idx
05.05.2008 20:22:30 - Master IDX file has changed
05.05.2008 20:22:34 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/vdf.info.gz
05.05.2008 20:22:35 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/specvir-nt.info.gz
05.05.2008 20:22:36 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/ave2.info.gz
05.05.2008 20:22:36 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/info-wks- ... en.info.gz
05.05.2008 20:22:37 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
05.05.2008 20:22:37 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 80
05.05.2008 20:22:38 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
05.05.2008 20:22:38 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
05.05.2008 20:22:38 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf 7.0.3.197 < 7.0.4.0
05.05.2008 20:22:38 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.3.236 < 7.0.4.1
05.05.2008 20:22:38 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
05.05.2008 20:22:38 - Module: AVE2 Source: ave2\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 13
05.05.2008 20:22:38 - Module: DRV Source: winwks\en\ Destination: C:\Windows\SYSTEM32\drivers\ Files: 4
05.05.2008 20:22:38 - Module: PRODINFO Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
05.05.2008 20:22:38 - Minifilter is installed
05.05.2008 20:22:38 - Minifilter is possible
05.05.2008 20:22:38 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType
05.05.2008 20:22:38 - File basic-nt/xp/avgntdd.sys which was recognized as modified, must not be updated
05.05.2008 20:22:38 - File basic-nt/xp/avgntmgr.sys which was recognized as modified, must not be updated
05.05.2008 20:22:38 - The Module DRV which was recognized as modified, must not be updated
05.05.2008 20:22:38 - Initialize avnotify.exe
05.05.2008 20:22:38 - Starting avnotify.exe successful
05.05.2008 20:22:38 - Preparing to download files
05.05.2008 20:22:38 - 2 files need to be downloaded / copied from http://dl7.avgate.net/upd/
05.05.2008 20:22:38 - #1: Downloading and extracting http://dl7.avgate.net/upd/vdf/antivir2.vdf.gz to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\vdf\antivir2.vdf
05.05.2008 20:23:16 - #2: Downloading and extracting http://dl7.avgate.net/upd/vdf/antivir3.vdf.gz to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\vdf\antivir3.vdf
05.05.2008 20:23:24 - Status of service AntiVirService is running
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir0.vdf.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir1.vdf.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir2.vdf.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir3.vdf.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeemu.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aehelp.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeoffice.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aepack.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aepack.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aerdl.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aerdl.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescn.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescn.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescript.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeset.dat to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeset.dat.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aevdf.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aevdf.dll.
05.05.2008 20:23:25 - Starting to install
05.05.2008 20:23:26 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir2.vdf
05.05.2008 20:23:26 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir3.vdf
05.05.2008 20:23:26 - Processing module VDF Source: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
05.05.2008 20:23:26 - Copy file C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\vdf\antivir2.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf
05.05.2008 20:23:26 - Copy file C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\vdf\antivir3.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf
05.05.2008 20:23:26 - A total of 2 files were updated
05.05.2008 20:23:26 - Initialize AVWSC.EXE
05.05.2008 20:23:26 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress
05.05.2008 20:23:26 - Status of service AntiVirService is running
05.05.2008 20:23:28 - Reinitialization of AntiVirService carried out successfully.
05.05.2008 20:23:28 - Dialup: 0
05.05.2008 20:23:28 - Downloaded bytes: 1591162
05.05.2008 20:23:28 - Downloaded file(s): 2
05.05.2008 20:23:28 - Downloaded file(s): antivir2.vdf; antivir3.vdf
05.05.2008 20:23:28 - Required time: 06:30
05.05.2008 20:23:28 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate
05.05.2008 20:23:28 - Update finished successfully
(C'EST GRAVE ???)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:39, on 24/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\mrofinu880.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\MalwareAlarm\MalwareAlarm.exe
C:\Program Files\MalwareAlarm\pv.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfcdbx.dll,#1
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu880.exe 61A847B5BBF7281A3A9B284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Nous\AppData\Local\Temp\pmnnl.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Nous\AppData\Local\Temp\mljgd.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BM236e7e8c] Rundll32.exe "C:\Users\Nous\AppData\Local\Temp\mliphxkc.dll",s
O4 - HKCU\..\Run: [205d4d10] rundll32.exe "C:\Users\Nous\AppData\Local\Temp\rjbygpxy.dll",b
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 13376 bytes
Et de trois.
J'espère que tout y est.
Merci encore pour votre aide précieuse...et le pas à pas très bien fait.
Amicalement
Alors je poste les rapports:
Malwarebytes' Anti-Malware 1.09
Version de la base de données: 551
Type de recherche: Examen complet (C:\|D:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 158719
Temps écoulé: 18 minute(s), 28 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 11
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Windows\System32\x64 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Nous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Users\pti sam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OL59Q4K\93e4c2046fcb4ac4bdc3dbbcc28127fb[1].zip (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\pti sam\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GY9MN4F0\c70bfcdfc030e694a9d4fcbd6c8484af[1].zip (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\titi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8TQD3E1S\17PHolmes[1].cmt (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Users\titi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JR68IZP3\17PHolmes[1].cmt (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Windows\mrofinu2000382.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\03272008_212555\Windows\mrofinu880.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Users\Nous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MalwareAlarm\MalwareAlarm.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Users\Nous\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MalwareAlarm\Uninstall.lnk (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Windows\System32\rqrqnlj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\rqrrpqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully.
Et d'un
[Custom Input]
< C:\Program Files\Best_Security_Tips >
C:\Program Files\Best_Security_Tips moved successfully.
< C:\Windows\system32\khfcdbx.dll >
DllUnregisterServer procedure not found in C:\Windows\system32\khfcdbx.dll
C:\Windows\system32\khfcdbx.dll NOT unregistered.
C:\Windows\system32\khfcdbx.dll moved successfully.
< C:\Windows\mrofinu880.exe >
C:\Windows\mrofinu880.exe moved successfully.
< C:\Users\Nous\AppData\Local\Temp\pmnnl.dll >
File/Folder C:\Users\Nous\AppData\Local\Temp\pmnnl.dll not found.
< C:\Users\Nous\AppData\Local\Temp\mljgd.dll >
File/Folder C:\Users\Nous\AppData\Local\Temp\mljgd.dll not found.
< C:\Users\Nous\AppData\Local\Temp\mliphxkc.dll >
File/Folder C:\Users\Nous\AppData\Local\Temp\mliphxkc.dll not found.
< C:\Users\Nous\AppData\Local\Temp\rjbygpxy.dll >
File/Folder C:\Users\Nous\AppData\Local\Temp\rjbygpxy.dll not found.
< C:\Windows\xpupdate.exe >
C:\Windows\xpupdate.exe moved successfully.
< C:\Program Files\MalwareAlarm >
C:\Program Files\MalwareAlarm moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03272008_212555
Et de deux
06.04.2008 17:20:48 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
06.04.2008 17:20:48 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
06.04.2008 17:20:48 - Temp Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f8ea50\
06.04.2008 17:20:48 - Start the Update GUI... Displaymode: 1
06.04.2008 17:20:48 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
06.04.2008 17:20:48 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
06.04.2008 17:20:48 - Temp Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f8ea50\
06.04.2008 17:20:48 - Start the Update GUI... Displaymode: 1
06.04.2008 17:20:51 - Keyfile: OK [FULL Mode]
06.04.2008 17:20:51 - Avira AntiVir PersonalEdition Classic
06.04.2008 17:20:52 - Master IDX file has changed
06.04.2008 17:20:58 - Keyfile: OK [FULL Mode]
06.04.2008 17:20:58 - File basic-nt/2k/avgntflt.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/avgio64.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/imp64b.exe's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/psapi.dll's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/shlext64.dll's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/xp64/avgntflt.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/2k/avgntdd.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/2k/avgntmgr.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/nt/avgntdd.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/nt/avgntmgr.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - File basic-nt/vista64/avgntflt.sys's operating system doesn't match the current one. File ignored.
06.04.2008 17:20:58 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/vdf.info.gz
06.04.2008 17:21:01 - Keyfile: OK [FULL Mode]
06.04.2008 17:21:01 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/specvir-nt.info.gz
06.04.2008 17:21:02 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine.info.gz
06.04.2008 17:21:02 - Downloading the product.info file from http://dl1.avgate.net/upd/idx/engine-nt-en.info.gz
06.04.2008 17:21:04 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
06.04.2008 17:21:04 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 77
06.04.2008 17:21:06 - Module: COMMAPPDATA Source: winwks\en\ Destination: C:\ProgramData\ Files: 1
06.04.2008 17:21:06 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
06.04.2008 17:21:07 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
06.04.2008 17:21:07 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.3.121 < 7.0.3.122
06.04.2008 17:21:07 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
06.04.2008 17:21:07 - Module: ENGINE Source: engine\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 2
06.04.2008 17:21:07 - Module: ENGINE_NT_EN Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
06.04.2008 17:21:07 - Module: DRV Source: winwks\en\ Destination: C:\Windows\SYSTEM32\drivers\ Files: 4
06.04.2008 17:21:07 - Minifilter is installed
06.04.2008 17:21:07 - Minifilter is possible
06.04.2008 17:21:07 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType
06.04.2008 17:21:07 - File basic-nt/xp/avgntdd.sys which was recognized as modified, must not be updated
06.04.2008 17:21:07 - File basic-nt/xp/avgntmgr.sys which was recognized as modified, must not be updated
06.04.2008 17:21:07 - The Module DRV which was recognized as modified, must not be updated
06.04.2008 17:21:07 - Initialize avnotify.exe
06.04.2008 17:21:07 - Starting avnotify.exe successful
06.04.2008 17:21:07 - Preparing to download files
06.04.2008 17:21:07 - 1 files need to be downloaded / copied from http://dl1.avgate.net/upd/
06.04.2008 17:21:07 - #1: Downloading and extracting http://dl1.avgate.net/upd/vdf/antivir3.vdf.gz to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f8ea50\vdf\antivir3.vdf
06.04.2008 17:21:17 - Status of service AntiVirService is running
06.04.2008 17:21:17 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir0.vdf.
06.04.2008 17:21:17 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir1.vdf.
06.04.2008 17:21:17 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir2.vdf.
06.04.2008 17:21:17 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir3.vdf.
06.04.2008 17:21:18 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\avewin32.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll.
06.04.2008 17:21:18 - Starting to install
06.04.2008 17:21:18 - Processing module VDF Source: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_47f8ea50\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
06.04.2008 17:21:18 - A total of 1 files were updated
06.04.2008 17:21:18 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress
06.04.2008 17:21:18 - Status of service AntiVirService is running
06.04.2008 17:21:22 - Reinitialization of AntiVirService carried out successfully.
06.04.2008 17:21:22 - Dialup: 0
06.04.2008 17:21:22 - Downloaded bytes: 227957
06.04.2008 17:21:22 - Downloaded file(s): 1
06.04.2008 17:21:22 - Downloaded file(s): antivir3.vdf
06.04.2008 17:21:22 - Engine version local : 7.6.0.81
06.04.2008 17:21:22 - Engine version internet: 7.6.0.81
06.04.2008 17:21:22 - 0. VDF version local : 6.40.0.0
06.04.2008 17:21:22 - 0. VDF version internet: 6.40.0.0
06.04.2008 17:21:22 - 1. VDF version local : 7.0.3.2
06.04.2008 17:21:22 - 1. VDF version internet: 7.0.3.2
06.04.2008 17:21:22 - 2. VDF version local : 7.0.3.85
06.04.2008 17:21:22 - 2. VDF version internet: 7.0.3.85
06.04.2008 17:21:22 - 3. VDF version local : 7.0.3.121
06.04.2008 17:21:22 - 3. VDF version internet: 7.0.3.122
06.04.2008 17:21:22 - Required time: 00:33
06.04.2008 17:21:22 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate
06.04.2008 17:21:22 - Update finished successfully
MAIS J'AJOUTE LE DERNIER EN DATE CAR IL N4EST PAS "SUCCESS" !!!
05.05.2008 20:16:58 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
05.05.2008 20:16:58 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
05.05.2008 20:16:58 - Temp Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\
05.05.2008 20:16:58 - Using System's global Proxy settings
05.05.2008 20:16:58 - Start the Update GUI... Displaymode: 0
05.05.2008 20:16:58 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
05.05.2008 20:16:58 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll
05.05.2008 20:16:58 - Installation Directory: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
05.05.2008 20:16:58 - Backup Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\
05.05.2008 20:16:58 - Temp Directory: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\
05.05.2008 20:16:58 - Using System's global Proxy settings
05.05.2008 20:16:58 - Start the Update GUI... Displaymode: 0
05.05.2008 20:16:58 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlib.dll
05.05.2008 20:16:58 - selftest successful: C:\Program Files\Avira\AntiVir PersonalEdition Classic\updlibrc.dll
05.05.2008 20:16:58 - Avira AntiVir Personal – Free Antivirus
05.05.2008 20:17:01 - Copy file C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\idx/master.idx to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\IDX\master.idx
05.05.2008 20:17:01 - Master IDX file has changed
05.05.2008 20:17:06 - Keyfile: OK [FULL Mode]
05.05.2008 20:17:06 - Downloading the product.info file from http://dl4.avgate.net/upd/idx/vdf.info.gz
05.05.2008 20:17:40 - There was a problem updating from the specified server: Invalid system proxy
05.05.2008 20:17:40 - Switching to next update server
05.05.2008 20:18:02 - Invalid system proxy
05.05.2008 20:18:02 - Switching to next update server
05.05.2008 20:18:42 - Invalid system proxy
05.05.2008 20:18:42 - Switching to next update server
05.05.2008 20:19:03 - Invalid system proxy
05.05.2008 20:19:03 - Switching to next update server
05.05.2008 20:19:25 - Invalid system proxy
05.05.2008 20:19:25 - Switching to next update server
05.05.2008 20:19:46 - Invalid system proxy
05.05.2008 20:19:46 - Switching to next update server
05.05.2008 20:20:08 - Invalid system proxy
05.05.2008 20:20:08 - Switching to next update server
05.05.2008 20:20:29 - There was a problem updating from the specified server: Invalid system proxy
05.05.2008 20:20:29 - Switching to next update server
05.05.2008 20:20:49 - Copy file C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\idx/master.idx to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\IDX\master.idx
05.05.2008 20:20:49 - Master IDX file has changed
05.05.2008 20:20:54 - Downloading the product.info file from http://dl5.avgate.net/upd/idx/vdf.info.gz
05.05.2008 20:21:16 - There was a problem updating from the specified server: Invalid system proxy
05.05.2008 20:21:16 - Switching to next update server
05.05.2008 20:21:37 - There was a problem updating from the specified server: Invalid system proxy
05.05.2008 20:21:37 - Switching to next update server
05.05.2008 20:22:15 - There was a problem updating from the specified server: Invalid system proxy
05.05.2008 20:22:15 - Switching to next update server
05.05.2008 20:22:30 - Copy file C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\idx/master.idx to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\IDX\master.idx
05.05.2008 20:22:30 - Master IDX file has changed
05.05.2008 20:22:34 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/vdf.info.gz
05.05.2008 20:22:35 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/specvir-nt.info.gz
05.05.2008 20:22:36 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/ave2.info.gz
05.05.2008 20:22:36 - Downloading the product.info file from http://dl7.avgate.net/upd/idx/info-wks- ... en.info.gz
05.05.2008 20:22:37 - Module: SELFUPDATE Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 15
05.05.2008 20:22:37 - Module: MAIN Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 80
05.05.2008 20:22:38 - Module: TEXT Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 3
05.05.2008 20:22:38 - Module: VDF Source: vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 4
05.05.2008 20:22:38 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf 7.0.3.197 < 7.0.4.0
05.05.2008 20:22:38 - C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf 7.0.3.236 < 7.0.4.1
05.05.2008 20:22:38 - Module: AVREP_NT Source: engine\nt\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
05.05.2008 20:22:38 - Module: AVE2 Source: ave2\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 13
05.05.2008 20:22:38 - Module: DRV Source: winwks\en\ Destination: C:\Windows\SYSTEM32\drivers\ Files: 4
05.05.2008 20:22:38 - Module: PRODINFO Source: winwks\en\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\ Files: 1
05.05.2008 20:22:38 - Minifilter is installed
05.05.2008 20:22:38 - Minifilter is possible
05.05.2008 20:22:38 - Reading registry value successful: Software\Avira\AntiVir PersonalEdition Classic | FilterType
05.05.2008 20:22:38 - File basic-nt/xp/avgntdd.sys which was recognized as modified, must not be updated
05.05.2008 20:22:38 - File basic-nt/xp/avgntmgr.sys which was recognized as modified, must not be updated
05.05.2008 20:22:38 - The Module DRV which was recognized as modified, must not be updated
05.05.2008 20:22:38 - Initialize avnotify.exe
05.05.2008 20:22:38 - Starting avnotify.exe successful
05.05.2008 20:22:38 - Preparing to download files
05.05.2008 20:22:38 - 2 files need to be downloaded / copied from http://dl7.avgate.net/upd/
05.05.2008 20:22:38 - #1: Downloading and extracting http://dl7.avgate.net/upd/vdf/antivir2.vdf.gz to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\vdf\antivir2.vdf
05.05.2008 20:23:16 - #2: Downloading and extracting http://dl7.avgate.net/upd/vdf/antivir3.vdf.gz to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\vdf\antivir3.vdf
05.05.2008 20:23:24 - Status of service AntiVirService is running
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir0.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir0.vdf.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir1.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir1.vdf.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir2.vdf.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\antivir3.vdf.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aecore.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aecore.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeemu.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeemu.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aegen.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aegen.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aehelp.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aehelp.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeheur.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeheur.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeoffice.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeoffice.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aepack.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aepack.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aerdl.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aerdl.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescn.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescn.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aescript.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aescript.dll.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aeset.dat to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aeset.dat.
05.05.2008 20:23:25 - Save file C:\Program Files\Avira\AntiVir PersonalEdition Classic\aevdf.dll to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\aevdf.dll.
05.05.2008 20:23:25 - Starting to install
05.05.2008 20:23:26 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir2.vdf
05.05.2008 20:23:26 - Copy file C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf to C:\ProgramData\Avira\AntiVir PersonalEdition Classic\BACKUP\antivir3.vdf
05.05.2008 20:23:26 - Processing module VDF Source: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\vdf\ Destination: C:\Program Files\Avira\AntiVir PersonalEdition Classic\
05.05.2008 20:23:26 - Copy file C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\vdf\antivir2.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir2.vdf
05.05.2008 20:23:26 - Copy file C:\ProgramData\Avira\AntiVir PersonalEdition Classic\Update\AVUPDATE_481f4f1a\vdf\antivir3.vdf to C:\Program Files\Avira\AntiVir PersonalEdition Classic\antivir3.vdf
05.05.2008 20:23:26 - A total of 2 files were updated
05.05.2008 20:23:26 - Initialize AVWSC.EXE
05.05.2008 20:23:26 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |UpdateInProgress
05.05.2008 20:23:26 - Status of service AntiVirService is running
05.05.2008 20:23:28 - Reinitialization of AntiVirService carried out successfully.
05.05.2008 20:23:28 - Dialup: 0
05.05.2008 20:23:28 - Downloaded bytes: 1591162
05.05.2008 20:23:28 - Downloaded file(s): 2
05.05.2008 20:23:28 - Downloaded file(s): antivir2.vdf; antivir3.vdf
05.05.2008 20:23:28 - Required time: 06:30
05.05.2008 20:23:28 - Registry entry created successfully: Software\Avira\AntiVir PersonalEdition Classic |LastUpdate
05.05.2008 20:23:28 - Update finished successfully
(C'EST GRAVE ???)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:39, on 24/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\mrofinu880.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\MalwareAlarm\MalwareAlarm.exe
C:\Program Files\MalwareAlarm\pv.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.fr.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBest.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [Apanel] C:\ACERSW\config\NewSetApanel.cmd
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfcdbx.dll,#1
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu880.exe 61A847B5BBF7281A3A9B284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Nous\AppData\Local\Temp\pmnnl.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Nous\AppData\Local\Temp\mljgd.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BM236e7e8c] Rundll32.exe "C:\Users\Nous\AppData\Local\Temp\mliphxkc.dll",s
O4 - HKCU\..\Run: [205d4d10] rundll32.exe "C:\Users\Nous\AppData\Local\Temp\rjbygpxy.dll",b
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IntelDHSvcConf - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 13376 bytes
Et de trois.
J'espère que tout y est.
Merci encore pour votre aide précieuse...et le pas à pas très bien fait.
Amicalement
-
nardino
- Modérateurs
- Messages : 11993
- Enregistré le : 05 févr. 2007, 17:38
- Localisation : Reims
- Contact :
Re: 2ème tentative
Bonsoir.
Trois choses :
Tu ne m'as pas posté le bon rapport Antivir
Et il faut me poster aussi un nouveau rapport Hijackthis toujours entant qu'administrateur.
Tu n'as pas appliquer la manip avecCombofix , fais-le et joins le rapport au deux autres.
@+
Trois choses :
Tu ne m'as pas posté le bon rapport Antivir
Et il faut me poster aussi un nouveau rapport Hijackthis toujours entant qu'administrateur.
Tu n'as pas appliquer la manip avecCombofix , fais-le et joins le rapport au deux autres.
@+
Clic sur l'image pour ouvrir le site.