Forum Clubic

Pubs qui s ouvre (page 3)

bonsoir sinon Laisse Spybot desinstalle le completement .As-tu fais hijackthis et Ccleaner .Apres ca post un log Hijackthis et fais le scan avec ton Avira en mode sans Echec.
Le rapport de Malwarebytes est clean.

:hello:

:hello: www.clubic.com…

je ne comprend plus ou est le probleme dans tous ce que l’on a dit tu ne doit pas avoir fait tout et dans l’ordretrois page pour en arriver la c’est la premiere fois:sommeil:

cliques sur demarrer, tous les programmes, accessoires, outils systeme, defragmentateur de disques, puis choisis ton disque dur et defragmentes le.
A voir Mais d abord Log hijacthis et scan avec Avira +rapport


Normalement Spybot sans Protection en temps réel et sans teatimer n aurai pas du te causer de Probs??? Mais on verra d abord 1)Log de Hijackthis 2)Scan avec ton Avira en Mode sans Echec 3)Defragmentation

Courage!!
:hello:

voici le log hijackthis Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:09:22, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HERSE\Bureau\HiJackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [SystrayORAHSS] “C:\Program Files\Orange\Systray\SystrayApp.exe”
O4 - HKLM…\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [Base road long save] C:\Documents and Settings\All Users\Application Data\File dvd base road\Math Beep.exe
O4 - HKLM…\Run: [COMODO Firewall Pro] “C:\Program Files\COMODO\Firewall\cfp.exe” -s
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: &Windows Live Search - C:\Program… Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.orange.fr…
O16 - DPF: CabBuilder - kiw.imgag.com…
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - housecall65.trendmicro.com…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net…
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - www.trendsecure.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe


End of file - 7338 bytes


AntiVir PersonalEdition Classic Report file date: jeudi 14 août 2008 02:13

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HERSE
Computer name: PC-CA41E5AAFC41

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname…: Complete system scan
Configuration file…: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging…: low
Primary action…: interactive
Secondary action…: ignore
Scan master boot sector…: on
Scan boot sector…: on
Boot sectors…: C:,
Scan memory…: on
Process scan…: on
Scan registry…: on
Search for rootkits…: on
Scan all files…: All files
Scan archives…: on
Recursion depth…: off
Smart extensions…: on
Deviating archive types…: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic…: on
File heuristic…: high
Deviating risk categories…: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: jeudi 14 août 2008 02:13

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
13 processes with 13 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015

Start scanning boot sectors:
Boot sector ‘C:’
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( ‘32’ files ).

Starting the file scan:

Begin scan in ‘C:’
C:\pagefile.sys
[WARNING] The file could not be opened!

End of the scan: jeudi 14 août 2008 02:25
Used time: 12:21 min

The scan has been done completely.

3780 Scanning directories
200598 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
200598 Files not concerned
1764 Archives were scanned
1 Warnings
0 Notes

désolé je fait tout ce qu on me dit ce n et pas de ma faute si mon pc a encore des probs je ne comprend pas moi meme mais merci bocou de votre aide


je voulais vous demander de ce ke vous pensiez de glary utillities a la place de ccleaner et savoir si spyware doctor etait un bon antispyware
j ai fait 3 defragmentation d affiler

Re Bonjour
fais un scan seul avec Hijackthis
cocher+fixer ces lignes

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
   	O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft 
  O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  Inconnu
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
   O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
   O4 - HKLM\..\Run: [Base road long save] C:\Documents and Settings\All Users\Application Data\File dvd base road\Math Beep.exe
   O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

fais ca
Spyware Doctor est une usine a Gaz

Essaye ceci
AVG AntiSpyware Avec son Bouclier 30 jours d essai est fais mise a jour + une Analyse complete

Glary Utilities est bon je l avais deja ,mais garde Ccleaner


On verra apres le resultat de AVIRA Error Code OxOOO15
Lien pour AVG AntiSpyware [www.clubic.com...](http://www.clubic.com/telecharger-fiche27645-avg-anti-spyware.html) :hello::jap:

AVG Anti-Spyware - Rapport d’analyse

  • Créé à: 15:59:33 14/08/2008

  • Résultat de l’analyse:

C:\Program Files\Circle Developement\Uninstall.exe -> Dropper.Agent.lxl : Aucune action entreprise.
C:\Documents and Settings\HERSE\Cookies\herse@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Aucune action entreprise.
C:\Documents and Settings\HERSE\Cookies\herse@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\QooBox\Quarantine\C\WINDOWS\system32\ejmzjc.dll.vir -> Trojan.Monder.axn : Aucune action entreprise.
C:\QooBox\Quarantine\C\WINDOWS\system32\erfpgwed.dll.vir -> Trojan.Monder.axn : Aucune action entreprise.
C:\System Volume Information_restore{B24918B7-F2E2-4DEF-917F-365FF9589008}\RP22\A0005138.dll -> Trojan.Monder.axn : Aucune action entreprise.
C:\System Volume Information_restore{B24918B7-F2E2-4DEF-917F-365FF9589008}\RP22\A0005139.dll -> Trojan.Monder.axn : Aucune action entreprise.

Fin du rapport


:hello: j ai fait tout ce ke tu ma dit merci bocou de ton aide :jap:

j’ai eu le meme prob chez un client cette apreme

resolu en virant le kit orange

Pas de soucis
Telecharge Trojan Remover
www.ordi-netfr.com…
Tutoriel
www.malekal.com…
Fais et repasse avec Ccleaner
a+
:hello:[quote=“alain77310_1_1”]
j’ai eu le meme prob chez un client cette apreme

resolu en virant le kit orange
[/quote]
alain 77310 +1 :super: C est vrai avec Kit Orange
:hello:

Fais un log Hijackthis et post le rapport
a+

C:\System Volume Information_restore{ point de restauration Infecté on verra plus tard

Encore une Chose
il faut toujours renommer Hijacthis par Hijackthis.exe ou Monjack.exe
Pourquoi ?
Certaines variantes du Virus Vundo détecte Hijackthis, , ben on joue à cache-virus…:MDR
:hello:

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.1.2538. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 00:09:03 15 août 2008
Using Database v7101
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\HERSE\Application Data\Simply Super Software\Trojan Remover
Database directory: C:\Program Files\Trojan Remover
Logfile directory: C:\Documents and Settings\HERSE\Mes documents\Simply Super Software\Trojan Remover Logfiles
Program directory: C:\Program Files\Trojan Remover
Running with Administrator privileges


The following Anti-Malware program(s) are loaded:
AVG Anti-Spyware
Avira AntiVir



00:09:03: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS


00:09:03: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS


00:09:03: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.


00:09:04: Scanning -----WINDOWS REGISTRY-----

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon

Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key’s “Shell” value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 05/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation

This key’s “Userinit” value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation

This key’s “System” value appears to be blank

This key’s “UIHost” value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation


Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SkyTel
Value Data: SkyTel.EXE
C:\WINDOWS\SkyTel.EXE
-R- 2879488 bytes
Created: 15/05/2008
Modified: 16/05/2006
Company: Realtek Semiconductor Corp.

Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
-R- 16264192 bytes
Created: 15/05/2008
Modified: 12/09/2006
Company: Realtek Semiconductor Corp.

Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
-R- 98304 bytes
Created: 07/02/2006
Modified: 06/10/2006
Company: Intel Corporation

Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
-R- 114688 bytes
Created: 07/02/2006
Modified: 06/10/2006
Company: Intel Corporation

Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
-R- 94208 bytes
Created: 07/02/2006
Modified: 06/10/2006
Company: Intel Corporation

Value Name: ORAHSSSessionManager
Value Data: C:\Program Files\Orange\SessionManager\SessionManager.exe
C:\Program Files\Orange\SessionManager\SessionManager.exe
102400 bytes
Created: 06/06/2008
Modified: 25/09/2007
Company: France Telecom SA

Value Name: avgnt
Value Data: “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
249896 bytes
Created: 27/07/2008
Modified: 31/08/2007
Company: Avira GmbH

Value Name: COMODO Firewall Pro
Value Data: “C:\Program Files\COMODO\Firewall\cfp.exe” -s
C:\Program Files\COMODO\Firewall\cfp.exe
1481984 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company: COMODO

Value Name: !AVG Anti-Spyware
Value Data: “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 11/06/2007
Modified: 11/06/2007
Company: GRISOFT s.r.o.

Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
909904 bytes
Created: 15/08/2008
Modified: 30/07/2008
Company: Simply Super Software


Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation

Value Name: msnmsgr
Value Data: “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
C:\Program Files\MSN Messenger\msnmsgr.exe
5674352 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company: Microsoft Corporation


Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty

Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty


00:09:07: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place

ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.


00:09:07: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed

No Hidden File-loading Registry Entries found


00:09:07: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.


00:09:07: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----


00:09:07: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 15/05/2008
Modified: 05/08/2004
Company: Microsoft Corporation


00:09:08: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AntiVirScheduler
ImagePath: “C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe”
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
63016 bytes
Created: 27/07/2008
Modified: 28/08/2007
Company: Avira GmbH

Key: AntiVirService
ImagePath: “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe”
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
214056 bytes
Created: 27/07/2008
Modified: 11/09/2007
Company: Avira GmbH

Key: AVG Anti-Spyware Driver
ImagePath: ??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
11000 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company:

Key: AVG Anti-Spyware Guard
ImagePath: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
312880 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.

Key: AvgAsCln
ImagePath: System32\DRIVERS\AvgAsCln.sys
C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
10872 bytes
Created: 14/08/2008
Modified: 30/05/2007
Company: GRISOFT, s.r.o.

Key: avgio
ImagePath: ??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11840 bytes
Created: 27/07/2008
Modified: 27/02/2007
Company: Avira GmbH

Key: avgntflt
ImagePath: ??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
48448 bytes
Created: 27/07/2008
Modified: 17/09/2007
Company: Avira GmbH

Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
62016 bytes
Created: 27/07/2008
Modified: 07/09/2007
Company: AVIRA GmbH

Key: cmdAgent
ImagePath: “C:\Program Files\COMODO\Firewall\cmdagent.exe”
C:\Program Files\COMODO\Firewall\cmdagent.exe
544512 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company: COMODO

Key: cmdGuard
ImagePath: System32\DRIVERS\cmdguard.sys
C:\WINDOWS\System32\DRIVERS\cmdguard.sys
79096 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company: COMODO

Key: cmdHlp
ImagePath: System32\DRIVERS\cmdhlp.sys
C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
23672 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company: COMODO

Key: FTRTSVC
ImagePath: “C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe”
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
65536 bytes
Created: 06/06/2008
Modified: 25/09/2007
Company: France Telecom SA

Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
138752 bytes
Created: 07/01/2005
Modified: 07/01/2005
Company: Windows ® Server 2003 DDK provider

Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
-R- 1181824 bytes
Created: 15/05/2008
Modified: 06/10/2006
Company: Intel Corporation

Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation

Key: Inspect
ImagePath: System32\DRIVERS\inspect.sys
C:\WINDOWS\System32\DRIVERS\inspect.sys
74616 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company: COMODO

Key: IntcAzAudAddService
ImagePath: system32\drivers\RtkHDAud.sys
C:\WINDOWS\system32\drivers\RtkHDAud.sys
-R- 4381184 bytes
Created: 15/05/2008
Modified: 12/09/2006
Company: Realtek Semiconductor Corp.

Key: irsir
ImagePath: system32\DRIVERS\irsir.sys
C:\WINDOWS\system32\DRIVERS\irsir.sys
18688 bytes
Created: 14/05/2008
Modified: 17/08/2001
Company: Microsoft Corporation

Key: LVcKap
ImagePath: system32\DRIVERS\LVcKap.sys
C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2109976 bytes
Created: 19/10/2007
Modified: 19/10/2007
Company: Logitech Inc.

Key: LVCOMSer
ImagePath: “C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe”
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
186904 bytes
Created: 19/10/2007
Modified: 19/10/2007
Company: Logitech Inc.

Key: LVMVDrv
ImagePath: system32\DRIVERS\LVMVDrv.sys
C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2142488 bytes
Created: 11/10/2007
Modified: 11/10/2007
Company: Logitech Inc.

Key: LVPr2Mon
ImagePath: system32\DRIVERS\LVPr2Mon.sys
C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
25624 bytes
Created: 11/10/2007
Modified: 11/10/2007
Company:

Key: LVPrcSrv
ImagePath: “C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe”
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
141848 bytes
Created: 19/10/2007
Modified: 19/10/2007
Company: Logitech Inc.

Key: LVSrvLauncher
ImagePath: C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
141848 bytes
Created: 19/10/2007
Modified: 19/10/2007
Company: Logitech Inc.

Key: LVUSBSta
ImagePath: system32\drivers\LVUSBSta.sys
C:\WINDOWS\system32\drivers\LVUSBSta.sys
41752 bytes
Created: 12/10/2007
Modified: 12/10/2007
Company: Logitech Inc.

Key: PCAMPR5
ImagePath: ??\C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCAMPR5.SYS
34688 bytes
Created: 06/06/2008
Modified: 23/09/2003
Company: Printing Communications Assoc., Inc. (PCAUSA)

Key: PCANDIS5
ImagePath: ??\C:\WINDOWS\system32\PCANDIS5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
32128 bytes
Created: 06/06/2008
Modified: 01/03/2006
Company: Printing Communications Assoc., Inc. (PCAUSA)

Key: PID_PEPI
ImagePath: system32\DRIVERS\LV302V32.SYS
C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
1279000 bytes
Created: 12/10/2007
Modified: 12/10/2007
Company: Logitech Inc.

Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtenicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
78976 bytes
Created: 15/05/2008
Modified: 16/11/2005
Company: Realtek Semiconductor Corporation

Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 27/07/2008
Modified: 01/03/2007
Company: Avira GmbH

Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{7B77DDA1-3391-479C-A23A-DD2178AC4608}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation

Key: usnjsvc
ImagePath: “C:\Program Files\MSN Messenger\usnsvc.exe”
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company: Microsoft Corporation


00:09:13: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:


00:09:13: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: igfxcui
DLL: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
-R- 155648 bytes
Created: 07/02/2006
Modified: 06/10/2006
Company: Intel Corporation


00:09:13: Scanning ----- CONTEXTMENUHANDLERS -----
Key: ShellExtension
CLSID: [empty]

Key: TzShell
CLSID: {B38FE8E9-5DFC-4D58-8459-1E3AC5165E34}
File: [CLSID does not appear to reference a file]


00:09:13: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: “C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll”
C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
339968 bytes
Created: 21/01/2008
Modified: 21/01/2008
Company: Sun Microsystems, Inc.

Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007
Modified: 10/05/2007
Company: Adobe Systems, Inc.


00:09:13: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 16/06/2008
Modified: 26/10/2006
Company: Yahoo! Inc.

Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006
Modified: 22/10/2006
Company: Adobe Systems Incorporated

Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 09/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.


00:09:13: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation

Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation


00:09:14: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----


00:09:14: Scanning ----- IMAGEFILE DEBUGGERS -----
No “Debugger” entries found.


00:09:14: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [C:\WINDOWS\system32\guard32.dll]
File: C:\WINDOWS\system32\guard32.dll
C:\WINDOWS\system32\guard32.dll
139008 bytes
Created: 11/08/2008
Modified: 13/08/2008
Company:


00:09:14: Scanning ----- SECURITY PROVIDER DLLS -----


00:09:14: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 15/05/2008
Modified: 15/05/2008
Company:


No User Startup Groups were located to check


00:09:14: Scanning ----- SCHEDULED TASKS -----
Taskname: AA1E8393938138F3.job
File: c:\docume~1\herse\applic~1\new4ma~1\Sect Four Mode.exe
c:\docume~1\herse\applic~1\new4ma~1\Sect Four Mode.exe
337408 bytes
Created: 06/06/2008
Modified: 13/08/2008
Company:
Parameters: [blank]
Next Run Time: 15/08/2008 01:00:00
Status: La tâche est prête à s’exécuter à l’heure prévue
Creator: HERSE
Comments: [blank]

Taskname: Maintenance en 1 clic.job
File: C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
Parameters: /schedulestart
Next Run Time: 15/08/2008 17:15:00
Status: La tâche n’a pas encore été exécutée
Creator: HERSE
Comments: Lance la maintenance en 1 clic à des heures précises
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [file not found to scan]

Taskname: Vérifier les mises à jour de Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
90624 bytes
Created: 27/09/2006
Modified: 27/09/2006
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 15/08/2008 01:02:00
Status: La tâche est prête à s’exécuter à l’heure prévue
Creator: HERSE
Comments: [blank]


00:09:14: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----


00:09:14: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed

Winlogon registry rootkit checks completed

Heuristic checks for hidden files/drivers completed

Layered Service Provider entries checks completed

Windows Explorer Policies checks completed

Desktop Wallpaper: C:\Documents and Settings\HERSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\HERSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
5760054 bytes
Created: 06/06/2008
Modified: 08/08/2008
Company:

Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\HERSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
5760054 bytes
Created: 06/06/2008
Modified: 08/08/2008
Company:

Additional checks completed


00:09:15: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\COMODO\Firewall\cmdagent.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Orange\Launcher\Launcher.exe

C:\Program Files\COMODO\Firewall\cfp.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Orange\systray\systrayapp.exe

C:\Program Files\Orange\connectivity\connectivitymanager.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe

C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\HERSE\Application Data\Simply Super Software\Trojan Remover\kls5.exe
FileSize: 2540096
[This is a Trojan Remover component]



00:09:16: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file


00:09:16: Checking HOSTS file
No malicious entries were found in the HOSTS file


------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main"Start Page":
www.msn.com…
HKLM\Software\Microsoft\Internet Explorer\Main"Local Page":
C:\windows\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Search"CustomizeSearch":
ie.search.msn.com…
HKLM\Software\Microsoft\Internet Explorer\Search"SearchAssistant":
ie.search.msn.com…
HKCU\Software\Microsoft\Internet Explorer\Main"Start Page":
www.msn.com…
HKCU\Software\Microsoft\Internet Explorer\Main"Local Page":
C:\windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main"Search Page":
www.microsoft.com…
HKCU\Software\Microsoft\Internet Explorer\Main"Default_Search_URL":
www.microsoft.com…


=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 00:09:16 15 août 2008


Logfile of HijackThis v1.99.1
Scan saved at 00:20:14, on 15/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HERSE\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [COMODO Firewall Pro] “C:\Program Files\COMODO\Firewall\cfp.exe” -s
O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O8 - Extra context menu item: &Windows Live Search - C:\Program… Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com…
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: www.orange.fr…
O16 - DPF: CabBuilder - kiw.imgag.com…
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - housecall65.trendmicro.com…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net…
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - www.trendsecure.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

Re
Fais un scan seulement Hijackthis
cocher et fixer ces lignes
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

Dis moi si il y a du mieux dans le fonctionnement de ton PC! a+ :hello:

honnetement ca va mieux plus de pubs il rame bocou moin
et je vous remercie bocou pour votre :jap::jap::jap::jap::jap::clap:merci encre

Bonjour
Supprime les infections en quarantaine dans AVG
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
www.clubic.com…

  • Double-clique sur VundoFix.exe afin de le lancer.
  • Clique sur le bouton Scan for Vundo.
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo.
  • Une invite te demandera si tu veux supprimer les fichiers, clique “YES”.
  • Après avoir cliqué “Yes”, le Bureau disparaîtra un moment lors de la suppression des fichiers.
  • Tu verras une invite qui t’annonce que ton PC va s’éteindre (“shutdown”) ; clique “OK”.
  • Redémarre ton PC.
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt

Note : il est possible que VundoFix soit confronté à un fichier qu’il ne
peut supprimer.
Si tel est le cas, l’outil se lancera au prochain redémarrage ; il faut
simplement suivre les instructions ci-haut, à partir de “clique sur le
bouton Scan for Vundo”.
Tutoriel
leblogdeclaude.blogspot.com…

:hello:

:hello: vundofix na trouver aucun fichiers les fichiers dans avg je les et supprimer ke dois je faire d autre et encore merci de ton aide:jap::jap::hello:

Il faudra passer au SP3de windows XP (uniquement après avoir installé IE7)
www.microsoft.com…
ensuite , XP SP3
www.microsoft.com…
Apres on verra

Pas de Probs en bonne voie !!:super:

:hello:

pour telecharger sp3 je n ai besoin de rien

Clique sur le lien c est tout bon
www.microsoft.com…
SP2 est passéet SP3 passera aussi

je lai fait donc toi aussi !!

:hello: