Votre question

Problème "Attention [name]! Some dangerous viruses detected..."

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
8 Juillet 2008 18:42:51

Bon alors salut, j'ai un problème (et après recherche j'ai vu que j'étais pas la seule o.O). Aussitôt que j'ouvre ou je ferme un dossier dans mon PC ou si j'utilise Internet Explorer un pop-up apparait aussitôt avec ce message :

"Attention [name]! Some dangerous viruses detected in your system. Microsoft Windows XP files corrupted. This may lead to the destruction of important files in C:\WINDOWS. Download protection software now!
Click OK to download the antispyware. (Recommended)"


Ensuite peu importe si on clique Oui ou Non un site de faux-antivirus s'ouvre toujours, a chaque fois...

J'ai Windows Xp puis j'ai juste Avast! comme anti-virus et un autre forum disait de télécharger Spybot et BitDefender alors j'étais pas trop sûre de ce que je devait faire. Résultat les pop-up et les pages continuent encore et encore d'ouvrir...

J'aimerais bien comprendre et surtout je suis tannée ^^''
Merci beaucoup à l'avance!

Autres pages sur : probleme attention name some dangerous viruses detected

8 Juillet 2008 21:25:28

Voilà~

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:21:55, on 2008-07-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dlcgcoms.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vVX1000.exe
C:\WINDOWS\system32\atwtusb.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\uiscan.exe
C:\Program Files\BitDefender\BitDefender 2008\seccenter.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\imapi.exe
C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {87FD33C2-7891-45D5-ACD1-7935F9AEA26B} - C:\WINDOWS\system32\epsbho.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 5 Standard\MediaDetector.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Propri%E9taire/Mes%20documents/Mes%20images/Misc%20shit/corn_kitty.gif
O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/Propri%E9taire/Mes%20documents/Mes%20images/Misc%20shit/Moar1.jpg
O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/Propri%E9taire/Mes%20documents/Mes%20images/Misc%20shit/62dzz7s.jpg
O24 - Desktop Component 3: (no name) - http://i32.photobucket.com/albums/d24/egosumnegaman/blo...

--
End of file - 9818 bytes
Contenus similaires
a b 8 Sécurité
8 Juillet 2008 21:29:24

Re,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    9 Juillet 2008 00:11:16

    Voilà le rapport :

    Malwarebytes' Anti-Malware 1.20
    Database version: 930
    Windows 5.1.2600 Service Pack 2

    18:01:55 2008-07-08
    mbam-log-7-8-2008 (18-01-55).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 125567
    Time elapsed: 39 minute(s), 46 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 6
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 2

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{87fd33c2-7891-45d5-acd1-7935f9aea26b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87fd33c2-7891-45d5-acd1-7935f9aea26b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\WINDOWS\system32\epsbho.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\epsdrv.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Merci :) 
    9 Juillet 2008 04:46:14

    Eh bien on dirait que le problème est partit... merci beaucoup de ton aide, ça me rendait folle tout ces pop-ups :D 

    -caro
    a b 8 Sécurité
    9 Juillet 2008 13:00:48

    Reposte un rapport Hijackthis :) 
    9 Juillet 2008 18:02:08

    ok

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:58:58, on 2008-07-09
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\dlcgcoms.exe
    c:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Nexon\Mabinogi\npkcmsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\ALCXMNTR.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\vVX1000.exe
    C:\WINDOWS\system32\atwtusb.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Messenger\MSMSGS.EXE
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\Propriétaire\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
    O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [DLCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
    O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
    O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 5 Standard\MediaDetector.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: dlcg_device - - C:\WINDOWS\system32\dlcgcoms.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Propri%E9taire/Mes%20documents/Mes%20images/Misc%20shit/corn_kitty.gif
    O24 - Desktop Component 1: (no name) - file:///C:/Documents%20and%20Settings/Propri%E9taire/Mes%20documents/Mes%20images/Misc%20shit/Moar1.jpg
    O24 - Desktop Component 2: (no name) - file:///C:/Documents%20and%20Settings/Propri%E9taire/Mes%20documents/Mes%20images/Misc%20shit/62dzz7s.jpg
    O24 - Desktop Component 3: (no name) - http://i32.photobucket.com/albums/d24/egosumnegaman/blo...

    --
    End of file - 8491 bytes
    10 Juillet 2008 00:47:22

    Sur mon PC fixe, j'ai Avast: aucun problème, jamais. Quelques détection de temps en temps, c'est tout.
    Sur mon portable j'ai Antivir: 3 trojans qui passent (1 virus et deux trojans en fait), et je viens d'avoir exactement le problème décrit dans ce thread, Antivir allumé.

    Alors les comparatifs théoriques...
    10 Juillet 2008 02:14:27

    Bonsoir,

    C'est justement beaucoup moins théorique qu'un comparatif banal sur une base de milliers de virus.
    De plus, les 3/4 des personnes que nous désinfectons ont Avast!. Il est trop en retard sur les mises à jour, c'est ce que montre ce comparatif, avec des infections récentes.
    10 Juillet 2008 03:00:44

    --->


    Avira AntiVir Personal
    Report file date: 9 juillet 2008 17:41

    Scanning for 1399817 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: CARO

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 16:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 15:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 15:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 15:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 17:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 2008-06-24 22:19:47
    ANTIVIR2.VDF : 7.0.5.86 547840 Bytes 2008-07-09 22:19:50
    ANTIVIR3.VDF : 7.0.5.87 2048 Bytes 2008-07-09 22:19:50
    Engineversion : 8.1.0.64
    AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 16:58:21
    AESCRIPT.DLL : 8.1.0.46 283002 Bytes 2008-07-09 22:20:05
    AESCN.DLL : 8.1.0.22 119157 Bytes 2008-07-09 22:20:03
    AERDL.DLL : 8.1.0.20 418165 Bytes 2008-07-09 22:20:02
    AEPACK.DLL : 8.1.1.6 364918 Bytes 2008-07-09 22:20:01
    AEOFFICE.DLL : 8.1.0.20 192891 Bytes 2008-07-09 22:19:59
    AEHEUR.DLL : 8.1.0.35 1298806 Bytes 2008-07-09 22:19:58
    AEHELP.DLL : 8.1.0.15 115063 Bytes 2008-07-09 22:19:55
    AEGEN.DLL : 8.1.0.29 307573 Bytes 2008-07-09 22:19:54
    AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-07-09 22:19:53
    AECORE.DLL : 8.1.0.32 168311 Bytes 2008-07-09 22:19:52
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-24 00:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 17:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 20:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-24 00:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 15:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 15:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-23 00:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-24 00:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 19:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 21:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 19:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 9 juillet 2008 17:41

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'BackWeb-137903.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'btdna.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'ATWTUSB.EXE' - '1' Module(s) have been scanned
    Scan process 'vVX1000.exe' - '1' Module(s) have been scanned
    Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
    Scan process 'kbd.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'npkcmsvc.exe' - '1' Module(s) have been scanned
    Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
    Scan process 'dlcgcoms.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'ashServ.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    37 processes with 37 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    C:\hp\bin\AUTOTKIT.EXE
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48c93f62.qua'!

    The registry was scanned ( '31' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\AutoTBar.exe
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48e93f94.qua'!
    C:\Documents and Settings\Default User\Menu Démarrer\Programmes\Démarrage\AutoTBar.exe
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48e93fa4.qua'!
    C:\Documents and Settings\Propriétaire\Incomplete\T-3545425-serious scars on broadway.mp3
    [DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
    [NOTE] The file was moved to '48a8403d.qua'!
    C:\hp\EXPLOREBAR\AUTOTKIT.EXE
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48c949ef.qua'!
    C:\RECYCLER\S-1-5-21-241703689-729755718-2453773840-1003\Dc132.exe
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Is the Trojan horse TR/Dldr.FraudLoad.vagw
    [NOTE] The file was moved to '48a64e37.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP416\A0038582.exe
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48a54edc.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP417\A0038620.exe
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48a54edf.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP418\A0038645.exe
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48a54ee1.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP426\A0038776.exe
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48a54eef.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP432\A0039061.exe
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48a54eff.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP436\A0039478.dll
    [DETECTION] Is the Trojan horse TR/Dldr.FraudLoad.vagw
    [NOTE] The file was moved to '48a54f15.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP436\A0039479.dll
    [DETECTION] Is the Trojan horse TR/Dldr.FraudLoad.vagw
    [NOTE] The file was moved to '49076a2e.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP436\A0039488.exe
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48a54f17.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP437\A0039539.exe
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48a54f19.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP438\A0040011.exe
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48a54f2c.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP439\A0040194.EXE
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48a54f33.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP439\A0040195.exe
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '49076a0c.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP439\A0040196.exe
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '48a54f35.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP439\A0040198.EXE
    [DETECTION] Is the Trojan horse TR/Agent.duu
    [NOTE] The file was moved to '49076a0e.qua'!
    C:\System Volume Information\_restore{6EED33C6-DAED-4B6A-95A6-042515937E48}\RP439\A0040199.exe
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Is the Trojan horse TR/Dldr.FraudLoad.vagw
    [NOTE] The file was moved to '48a54f34.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <HP_RECOVERY>


    End of the scan: 9 juillet 2008 20:43
    Used time: 3:02:30 min

    The scan has been done completely.

    6456 Scanning directories
    439979 Files were scanned
    21 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    21 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    439958 Files not concerned
    19068 Archives were scanned
    3 Warnings
    21 Notes

    10 Juillet 2008 12:10:40

    Bien, évite le P2P hein :) 

    Poste un nouveau rapport HijackThis.

    ps: Angeldark est parti en vacances.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS