bonsoir sinon Laisse Spybot desinstalle le completement .As-tu fais hijackthis et Ccleaner .Apres ca post un log Hijackthis et fais le scan avec ton Avira en mode sans Echec.
Le rapport de Malwarebytes est clean.
:hello:
:hello: www.clubic.com…
je ne comprend plus ou est le probleme dans tous ce que l’on a dit tu ne doit pas avoir fait tout et dans l’ordretrois page pour en arriver la c’est la premiere fois:sommeil:
cliques sur demarrer, tous les programmes, accessoires, outils systeme, defragmentateur de disques, puis choisis ton disque dur et defragmentes le.
A voir Mais d abord Log hijacthis et scan avec Avira +rapport
Normalement Spybot sans Protection en temps réel et sans teatimer n aurai pas du te causer de Probs??? Mais on verra d abord 1)Log de Hijackthis 2)Scan avec ton Avira en Mode sans Echec 3)Defragmentation
Courage!!
:hello:
voici le log hijackthis Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:09:22, on 14/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HERSE\Bureau\HiJackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [SystrayORAHSS] “C:\Program Files\Orange\Systray\SystrayApp.exe”
O4 - HKLM…\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [Base road long save] C:\Documents and Settings\All Users\Application Data\File dvd base road\Math Beep.exe
O4 - HKLM…\Run: [COMODO Firewall Pro] “C:\Program Files\COMODO\Firewall\cfp.exe” -s
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: &Windows Live Search - C:\Program… Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com…
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: www.orange.fr…
O16 - DPF: CabBuilder - kiw.imgag.com…
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - housecall65.trendmicro.com…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net…
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - www.trendsecure.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
–
End of file - 7338 bytes
AntiVir PersonalEdition Classic Report file date: jeudi 14 août 2008 02:13
Scanning for 835736 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HERSE
Computer name: PC-CA41E5AAFC41
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21
Configuration settings for the scan:
Jobname…: Complete system scan
Configuration file…: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging…: low
Primary action…: interactive
Secondary action…: ignore
Scan master boot sector…: on
Scan boot sector…: on
Boot sectors…: C:,
Scan memory…: on
Process scan…: on
Scan registry…: on
Search for rootkits…: on
Scan all files…: All files
Scan archives…: on
Recursion depth…: off
Smart extensions…: on
Deviating archive types…: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic…: on
File heuristic…: high
Deviating risk categories…: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: jeudi 14 août 2008 02:13
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process ‘avscan.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘avcenter.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘explorer.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘svchost.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘lsass.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘services.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘winlogon.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘csrss.exe’ - ‘1’ Module(s) have been scanned
Scan process ‘smss.exe’ - ‘1’ Module(s) have been scanned
13 processes with 13 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Start scanning boot sectors:
Boot sector ‘C:’
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( ‘32’ files ).
Starting the file scan:
Begin scan in ‘C:’
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: jeudi 14 août 2008 02:25
Used time: 12:21 min
The scan has been done completely.
3780 Scanning directories
200598 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
200598 Files not concerned
1764 Archives were scanned
1 Warnings
0 Notes
désolé je fait tout ce qu on me dit ce n et pas de ma faute si mon pc a encore des probs je ne comprend pas moi meme mais merci bocou de votre aide
je voulais vous demander de ce ke vous pensiez de glary utillities a la place de ccleaner et savoir si spyware doctor etait un bon antispyware
j ai fait 3 defragmentation d affiler
Re Bonjour
fais un scan seul avec Hijackthis
cocher+fixer ces lignes
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
Inconnu
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Base road long save] C:\Documents and Settings\All Users\Application Data\File dvd base road\Math Beep.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
fais ca
Spyware Doctor est une usine a Gaz
Essaye ceci
AVG AntiSpyware Avec son Bouclier 30 jours d essai est fais mise a jour + une Analyse complete
Glary Utilities est bon je l avais deja ,mais garde Ccleaner
On verra apres le resultat de AVIRA Error Code OxOOO15
Lien pour AVG AntiSpyware [www.clubic.com...](http://www.clubic.com/telecharger-fiche27645-avg-anti-spyware.html) :hello::jap:
AVG Anti-Spyware - Rapport d’analyse
-
Créé à: 15:59:33 14/08/2008
-
Résultat de l’analyse:
C:\Program Files\Circle Developement\Uninstall.exe -> Dropper.Agent.lxl : Aucune action entreprise.
C:\Documents and Settings\HERSE\Cookies\herse@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Aucune action entreprise.
C:\Documents and Settings\HERSE\Cookies\herse@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
C:\QooBox\Quarantine\C\WINDOWS\system32\ejmzjc.dll.vir -> Trojan.Monder.axn : Aucune action entreprise.
C:\QooBox\Quarantine\C\WINDOWS\system32\erfpgwed.dll.vir -> Trojan.Monder.axn : Aucune action entreprise.
C:\System Volume Information_restore{B24918B7-F2E2-4DEF-917F-365FF9589008}\RP22\A0005138.dll -> Trojan.Monder.axn : Aucune action entreprise.
C:\System Volume Information_restore{B24918B7-F2E2-4DEF-917F-365FF9589008}\RP22\A0005139.dll -> Trojan.Monder.axn : Aucune action entreprise.
Fin du rapport
:hello: j ai fait tout ce ke tu ma dit merci bocou de ton aide :jap:
j’ai eu le meme prob chez un client cette apreme
resolu en virant le kit orange
Pas de soucis
Telecharge Trojan Remover
www.ordi-netfr.com…
Tutoriel
www.malekal.com…
Fais et repasse avec Ccleaner
a+
:hello:[quote=“alain77310_1_1”]
j’ai eu le meme prob chez un client cette apreme
resolu en virant le kit orange
[/quote]
alain 77310 +1 :super: C est vrai avec Kit Orange
:hello:
Fais un log Hijackthis et post le rapport
a+
C:\System Volume Information_restore{ point de restauration Infecté on verra plus tard
Encore une Chose
il faut toujours renommer Hijacthis par Hijackthis.exe ou Monjack.exe
Pourquoi ?
Certaines variantes du Virus Vundo détecte Hijackthis, , ben on joue à cache-virus…:MDR
:hello:
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.1.2538. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 00:09:03 15 août 2008
Using Database v7101
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\HERSE\Application Data\Simply Super Software\Trojan Remover
Database directory: C:\Program Files\Trojan Remover
Logfile directory: C:\Documents and Settings\HERSE\Mes documents\Simply Super Software\Trojan Remover Logfiles
Program directory: C:\Program Files\Trojan Remover
Running with Administrator privileges
The following Anti-Malware program(s) are loaded:
AVG Anti-Spyware
Avira AntiVir
00:09:03: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
00:09:03: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
00:09:03: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
00:09:04: Scanning -----WINDOWS REGISTRY-----
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key’s “Shell” value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 05/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
This key’s “Userinit” value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
This key’s “System” value appears to be blank
This key’s “UIHost” value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SkyTel
Value Data: SkyTel.EXE
C:\WINDOWS\SkyTel.EXE
-R- 2879488 bytes
Created: 15/05/2008
Modified: 16/05/2006
Company: Realtek Semiconductor Corp.
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
-R- 16264192 bytes
Created: 15/05/2008
Modified: 12/09/2006
Company: Realtek Semiconductor Corp.
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
-R- 98304 bytes
Created: 07/02/2006
Modified: 06/10/2006
Company: Intel Corporation
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
-R- 114688 bytes
Created: 07/02/2006
Modified: 06/10/2006
Company: Intel Corporation
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
-R- 94208 bytes
Created: 07/02/2006
Modified: 06/10/2006
Company: Intel Corporation
Value Name: ORAHSSSessionManager
Value Data: C:\Program Files\Orange\SessionManager\SessionManager.exe
C:\Program Files\Orange\SessionManager\SessionManager.exe
102400 bytes
Created: 06/06/2008
Modified: 25/09/2007
Company: France Telecom SA
Value Name: avgnt
Value Data: “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
249896 bytes
Created: 27/07/2008
Modified: 31/08/2007
Company: Avira GmbH
Value Name: COMODO Firewall Pro
Value Data: “C:\Program Files\COMODO\Firewall\cfp.exe” -s
C:\Program Files\COMODO\Firewall\cfp.exe
1481984 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company: COMODO
Value Name: !AVG Anti-Spyware
Value Data: “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 11/06/2007
Modified: 11/06/2007
Company: GRISOFT s.r.o.
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
909904 bytes
Created: 15/08/2008
Modified: 30/07/2008
Company: Simply Super Software
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
Value Name: msnmsgr
Value Data: “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
C:\Program Files\MSN Messenger\msnmsgr.exe
5674352 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company: Microsoft Corporation
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
00:09:07: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
00:09:07: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
No Hidden File-loading Registry Entries found
00:09:07: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
00:09:07: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
00:09:07: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 15/05/2008
Modified: 05/08/2004
Company: Microsoft Corporation
00:09:08: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AntiVirScheduler
ImagePath: “C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe”
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
63016 bytes
Created: 27/07/2008
Modified: 28/08/2007
Company: Avira GmbH
Key: AntiVirService
ImagePath: “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe”
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
214056 bytes
Created: 27/07/2008
Modified: 11/09/2007
Company: Avira GmbH
Key: AVG Anti-Spyware Driver
ImagePath: ??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
11000 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company:
Key: AVG Anti-Spyware Guard
ImagePath: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
312880 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
Key: AvgAsCln
ImagePath: System32\DRIVERS\AvgAsCln.sys
C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
10872 bytes
Created: 14/08/2008
Modified: 30/05/2007
Company: GRISOFT, s.r.o.
Key: avgio
ImagePath: ??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11840 bytes
Created: 27/07/2008
Modified: 27/02/2007
Company: Avira GmbH
Key: avgntflt
ImagePath: ??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
48448 bytes
Created: 27/07/2008
Modified: 17/09/2007
Company: Avira GmbH
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
62016 bytes
Created: 27/07/2008
Modified: 07/09/2007
Company: AVIRA GmbH
Key: cmdAgent
ImagePath: “C:\Program Files\COMODO\Firewall\cmdagent.exe”
C:\Program Files\COMODO\Firewall\cmdagent.exe
544512 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company: COMODO
Key: cmdGuard
ImagePath: System32\DRIVERS\cmdguard.sys
C:\WINDOWS\System32\DRIVERS\cmdguard.sys
79096 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company: COMODO
Key: cmdHlp
ImagePath: System32\DRIVERS\cmdhlp.sys
C:\WINDOWS\System32\DRIVERS\cmdhlp.sys
23672 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company: COMODO
Key: FTRTSVC
ImagePath: “C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe”
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
65536 bytes
Created: 06/06/2008
Modified: 25/09/2007
Company: France Telecom SA
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
138752 bytes
Created: 07/01/2005
Modified: 07/01/2005
Company: Windows ® Server 2003 DDK provider
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
-R- 1181824 bytes
Created: 15/05/2008
Modified: 06/10/2006
Company: Intel Corporation
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
Key: Inspect
ImagePath: System32\DRIVERS\inspect.sys
C:\WINDOWS\System32\DRIVERS\inspect.sys
74616 bytes
Created: 13/08/2008
Modified: 13/08/2008
Company: COMODO
Key: IntcAzAudAddService
ImagePath: system32\drivers\RtkHDAud.sys
C:\WINDOWS\system32\drivers\RtkHDAud.sys
-R- 4381184 bytes
Created: 15/05/2008
Modified: 12/09/2006
Company: Realtek Semiconductor Corp.
Key: irsir
ImagePath: system32\DRIVERS\irsir.sys
C:\WINDOWS\system32\DRIVERS\irsir.sys
18688 bytes
Created: 14/05/2008
Modified: 17/08/2001
Company: Microsoft Corporation
Key: LVcKap
ImagePath: system32\DRIVERS\LVcKap.sys
C:\WINDOWS\system32\DRIVERS\LVcKap.sys
2109976 bytes
Created: 19/10/2007
Modified: 19/10/2007
Company: Logitech Inc.
Key: LVCOMSer
ImagePath: “C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe”
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
186904 bytes
Created: 19/10/2007
Modified: 19/10/2007
Company: Logitech Inc.
Key: LVMVDrv
ImagePath: system32\DRIVERS\LVMVDrv.sys
C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
2142488 bytes
Created: 11/10/2007
Modified: 11/10/2007
Company: Logitech Inc.
Key: LVPr2Mon
ImagePath: system32\DRIVERS\LVPr2Mon.sys
C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
25624 bytes
Created: 11/10/2007
Modified: 11/10/2007
Company:
Key: LVPrcSrv
ImagePath: “C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe”
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
141848 bytes
Created: 19/10/2007
Modified: 19/10/2007
Company: Logitech Inc.
Key: LVSrvLauncher
ImagePath: C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
141848 bytes
Created: 19/10/2007
Modified: 19/10/2007
Company: Logitech Inc.
Key: LVUSBSta
ImagePath: system32\drivers\LVUSBSta.sys
C:\WINDOWS\system32\drivers\LVUSBSta.sys
41752 bytes
Created: 12/10/2007
Modified: 12/10/2007
Company: Logitech Inc.
Key: PCAMPR5
ImagePath: ??\C:\WINDOWS\system32\PCAMPR5.SYS
C:\WINDOWS\system32\PCAMPR5.SYS
34688 bytes
Created: 06/06/2008
Modified: 23/09/2003
Company: Printing Communications Assoc., Inc. (PCAUSA)
Key: PCANDIS5
ImagePath: ??\C:\WINDOWS\system32\PCANDIS5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
32128 bytes
Created: 06/06/2008
Modified: 01/03/2006
Company: Printing Communications Assoc., Inc. (PCAUSA)
Key: PID_PEPI
ImagePath: system32\DRIVERS\LV302V32.SYS
C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
1279000 bytes
Created: 12/10/2007
Modified: 12/10/2007
Company: Logitech Inc.
Key: RTL8023xp
ImagePath: system32\DRIVERS\Rtenicxp.sys
C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
78976 bytes
Created: 15/05/2008
Modified: 16/11/2005
Company: Realtek Semiconductor Corporation
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 27/07/2008
Modified: 01/03/2007
Company: Avira GmbH
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{7B77DDA1-3391-479C-A23A-DD2178AC4608}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
Key: usnjsvc
ImagePath: “C:\Program Files\MSN Messenger\usnsvc.exe”
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company: Microsoft Corporation
00:09:13: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
00:09:13: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: igfxcui
DLL: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
-R- 155648 bytes
Created: 07/02/2006
Modified: 06/10/2006
Company: Intel Corporation
00:09:13: Scanning ----- CONTEXTMENUHANDLERS -----
Key: ShellExtension
CLSID: [empty]
Key: TzShell
CLSID: {B38FE8E9-5DFC-4D58-8459-1E3AC5165E34}
File: [CLSID does not appear to reference a file]
00:09:13: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: “C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll”
C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
339968 bytes
Created: 21/01/2008
Modified: 21/01/2008
Company: Sun Microsystems, Inc.
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007
Modified: 10/05/2007
Company: Adobe Systems, Inc.
00:09:13: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 16/06/2008
Modified: 26/10/2006
Company: Yahoo! Inc.
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 22/10/2006
Modified: 22/10/2006
Company: Adobe Systems Incorporated
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 09/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
00:09:13: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
00:09:14: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
00:09:14: Scanning ----- IMAGEFILE DEBUGGERS -----
No “Debugger” entries found.
00:09:14: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [C:\WINDOWS\system32\guard32.dll]
File: C:\WINDOWS\system32\guard32.dll
C:\WINDOWS\system32\guard32.dll
139008 bytes
Created: 11/08/2008
Modified: 13/08/2008
Company:
00:09:14: Scanning ----- SECURITY PROVIDER DLLS -----
00:09:14: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 15/05/2008
Modified: 15/05/2008
Company:
No User Startup Groups were located to check
00:09:14: Scanning ----- SCHEDULED TASKS -----
Taskname: AA1E8393938138F3.job
File: c:\docume~1\herse\applic~1\new4ma~1\Sect Four Mode.exe
c:\docume~1\herse\applic~1\new4ma~1\Sect Four Mode.exe
337408 bytes
Created: 06/06/2008
Modified: 13/08/2008
Company:
Parameters: [blank]
Next Run Time: 15/08/2008 01:00:00
Status: La tâche est prête à s’exécuter à l’heure prévue
Creator: HERSE
Comments: [blank]
Taskname: Maintenance en 1 clic.job
File: C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
Parameters: /schedulestart
Next Run Time: 15/08/2008 17:15:00
Status: La tâche n’a pas encore été exécutée
Creator: HERSE
Comments: Lance la maintenance en 1 clic à des heures précises
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [file not found to scan]
Taskname: Vérifier les mises à jour de Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
90624 bytes
Created: 27/09/2006
Modified: 27/09/2006
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 15/08/2008 01:02:00
Status: La tâche est prête à s’exécuter à l’heure prévue
Creator: HERSE
Comments: [blank]
00:09:14: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
00:09:14: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
Winlogon registry rootkit checks completed
Heuristic checks for hidden files/drivers completed
Layered Service Provider entries checks completed
Windows Explorer Policies checks completed
Desktop Wallpaper: C:\Documents and Settings\HERSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\HERSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
5760054 bytes
Created: 06/06/2008
Modified: 08/08/2008
Company:
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\HERSE\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
5760054 bytes
Created: 06/06/2008
Modified: 08/08/2008
Company:
Additional checks completed
00:09:15: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HERSE\Application Data\Simply Super Software\Trojan Remover\kls5.exe
FileSize: 2540096
[This is a Trojan Remover component]
00:09:16: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
00:09:16: Checking HOSTS file
No malicious entries were found in the HOSTS file
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main"Start Page":
www.msn.com…
HKLM\Software\Microsoft\Internet Explorer\Main"Local Page":
C:\windows\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Search"CustomizeSearch":
ie.search.msn.com…
HKLM\Software\Microsoft\Internet Explorer\Search"SearchAssistant":
ie.search.msn.com…
HKCU\Software\Microsoft\Internet Explorer\Main"Start Page":
www.msn.com…
HKCU\Software\Microsoft\Internet Explorer\Main"Local Page":
C:\windows\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main"Search Page":
www.microsoft.com…
HKCU\Software\Microsoft\Internet Explorer\Main"Default_Search_URL":
www.microsoft.com…
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 00:09:16 15 août 2008
Logfile of HijackThis v1.99.1
Scan saved at 00:20:14, on 15/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HERSE\Bureau\hijackthis_hijackthis_1.99.1_anglais_17891.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM…\Run: [SkyTel] SkyTel.EXE
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM…\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM…\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM…\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM…\Run: [avgnt] “C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe” /min
O4 - HKLM…\Run: [COMODO Firewall Pro] “C:\Program Files\COMODO\Firewall\cfp.exe” -s
O4 - HKLM…\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 - HKLM…\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background
O8 - Extra context menu item: &Windows Live Search - C:\Program… Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com…
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: www.orange.fr…
O16 - DPF: CabBuilder - kiw.imgag.com…
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - housecall65.trendmicro.com…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - a840.g.akamai.net…
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - www.trendsecure.com…
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com…
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
Re
Fais un scan seulement Hijackthis
cocher et fixer ces lignes
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
Dis moi si il y a du mieux dans le fonctionnement de ton PC! a+ :hello:
honnetement ca va mieux plus de pubs il rame bocou moin
et je vous remercie bocou pour votre :jap::jap::jap::jap::jap:
merci encre
Bonjour
Supprime les infections en quarantaine dans AVG
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
www.clubic.com…
- Double-clique sur VundoFix.exe afin de le lancer.
- Clique sur le bouton Scan for Vundo.
- Lorsque le scan est complété, clique sur le bouton Remove Vundo.
- Une invite te demandera si tu veux supprimer les fichiers, clique “YES”.
- Après avoir cliqué “Yes”, le Bureau disparaîtra un moment lors de la suppression des fichiers.
- Tu verras une invite qui t’annonce que ton PC va s’éteindre (“shutdown”) ; clique “OK”.
- Redémarre ton PC.
- Copie/colle le contenu du rapport situé dans C:\vundofix.txt
Note : il est possible que VundoFix soit confronté à un fichier qu’il ne
peut supprimer.
Si tel est le cas, l’outil se lancera au prochain redémarrage ; il faut
simplement suivre les instructions ci-haut, à partir de “clique sur le
bouton Scan for Vundo”.
Tutoriel
leblogdeclaude.blogspot.com…
:hello:
:hello: vundofix na trouver aucun fichiers les fichiers dans avg je les et supprimer ke dois je faire d autre et encore merci de ton aide:jap::jap::hello:
Il faudra passer au SP3de windows XP (uniquement après avoir installé IE7)
www.microsoft.com…
ensuite , XP SP3
www.microsoft.com…
Apres on verra
Pas de Probs en bonne voie !!:super:
:hello:
pour telecharger sp3 je n ai besoin de rien
Clique sur le lien c est tout bon
www.microsoft.com…
SP2 est passéet SP3 passera aussi
je lai fait donc toi aussi !!
:hello: