Votre question

infections multiples: pub pou spyware secure et virus nokia sur msn!!!

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Octobre 2007 14:35:34

Bonjour à tous, j'ai lu quelques sujets sur le forum en pensant pouvoir résoudre le problème seul... mais il semble me dépasser alors je demande votre aide.

Je subi de multiples infections le virus nokia sur msn et des pubs pour des anti virus ou anti spywares payants. J'ai avast et spybot sur mon pc mais ces deux logiciels semblent ne pas voir le pb.

Pourriez-vous m'aider s'il vous plaît?
J'ai téléchargé Hijackthis et voilà le résultat:


Logfile of HijackThis v1.99.1
Scan saved at 16:26:35, on 27/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\LBTWiz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\atievxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\nfeafo.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\7-Zip\7zFM.exe
C:\DOCUME~1\joff\LOCALS~1\Temp\7zO159.tmp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LBTWiz.exe] C:\WINDOWS\LBTWiz.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?dabf3bc992374df5ac794cf4c4a4bbb9
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?dabf3bc992374df5ac794cf4c4a4bbb9
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


Merci d'avance!!! :hello: 

Autres pages sur : infections multiples pub pou spyware secure virus nokia msn

a b 8 Sécurité
27 Octobre 2007 14:52:53

Bonjour,

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
27 Octobre 2007 17:56:06

voilà la réponse avec navilog:

Search Navipromo version 3.3.2 commencé le 27/11/2007 à 19:50:20,21

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 22.10.2007 à 19h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\joff\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\WINDOWS\system32\nfeafo.dat
C:\WINDOWS\system32\nfeafo.exe
C:\WINDOWS\system32\nfeafo_nav.dat
C:\WINDOWS\system32\nfeafo_navps.dat

Processus caché(s) :

C:\WINDOWS\system32\nfeafo.exe


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

Fichiers trouvés :

cenxlytfdh.exe trouvé !
pggddwb.exe trouvé !
slwjobdnu.exe trouvé !
uezlrca.exe trouvé !
ufvkejp.exe trouvé !
vvyscl.exe trouvé !
wgozcutnp.exe trouvé !
zbisjb.exe trouvé !
zpckers.exe trouvé !
zvawvz.exe trouvé !

* Recherche dans C:\DOCUME~1\JOFF\LOCALS~1\APPLIC~1 *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :

C:\WINDOWS\system32\nfeafo.dat trouvé !


3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse terminée le 27/11/2007 à 19:51:37,43 ***



Merci de m'aider
Contenus similaires
Pas de réponse à votre question ? Demandez !
a b 8 Sécurité
27 Octobre 2007 22:44:31

Re,

Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
[#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.
28 Octobre 2007 08:53:45

Bonjour,

Voilà, j'ai suivi les étapes comme tu me les avais expliquées.
Je poste d'abord le résultat aec navilog


Clean Navipromo version 3.3.2 commencé le 28/11/2007 à 11:41:17,13

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 22.10.2007 à 19h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180

Mode suppression automatique


*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\WINDOWS\system32\nfeafo.dat réalisé avec succès !
Copie C:\WINDOWS\system32\nfeafo.exe réalisé avec succès !
Copie C:\WINDOWS\system32\nfeafo_nav.dat réalisé avec succès !
Copie C:\WINDOWS\system32\nfeafo_navps.dat réalisé avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\WINDOWS\system32\nfeafo.dat supprimé !
C:\WINDOWS\system32\nfeafo.exe supprimé !
C:\WINDOWS\system32\nfeafo_nav.dat supprimé !
C:\WINDOWS\system32\nfeafo_navps.dat supprimé !

** 2ème passage avec résultats Catchme **

C:\WINDOWS\prefetch\nfeafo*.pf trouvé !
Copie C:\WINDOWS\prefetch\nfeafo*.pf réalisé avec succès !
C:\WINDOWS\prefetch\nfeafo*.pf supprimé !

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

cenxlytfdh.exe trouvé !
Copie cenxlytfdh.exe réalisé avec succès !
cenxlytfdh.exe supprimé !

pggddwb.exe trouvé !
Copie pggddwb.exe réalisé avec succès !
pggddwb.exe supprimé !

slwjobdnu.exe trouvé !
Copie slwjobdnu.exe réalisé avec succès !
slwjobdnu.exe supprimé !

uezlrca.exe trouvé !
Copie uezlrca.exe réalisé avec succès !
uezlrca.exe supprimé !

ufvkejp.exe trouvé !
Copie ufvkejp.exe réalisé avec succès !
ufvkejp.exe supprimé !

vvyscl.exe trouvé !
Copie vvyscl.exe réalisé avec succès !
vvyscl.exe supprimé !

wgozcutnp.exe trouvé !
Copie wgozcutnp.exe réalisé avec succès !
wgozcutnp.exe supprimé !

zbisjb.exe trouvé !
Copie zbisjb.exe réalisé avec succès !
zbisjb.exe supprimé !

zpckers.exe trouvé !
Copie zpckers.exe réalisé avec succès !
zpckers.exe supprimé !

zvawvz.exe trouvé !
Copie zvawvz.exe réalisé avec succès !
zvawvz.exe supprimé !


* Suppression dans C:\DOCUME~1\JOFF\LOCALS~1\APPLIC~1 *



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\joff\Application Data ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\joff\Local Settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche, création sauvegardes et suppression Heuristique :


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisé avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 28/11/2007 à 11:46:04,45 ***



Voici le résultat avec HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 11:54:33, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\atievxx.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\LBTWiz.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\tsitra1148.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\b122.exe
C:\Program Files\7-Zip\7zFM.exe
C:\DOCUME~1\joff\LOCALS~1\Temp\7zO8.tmp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LBTWiz.exe] C:\WINDOWS\LBTWiz.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\tsitra1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinAble] C:\Program Files\WinAble\winable.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?dabf3bc992374df5ac794cf4c4a4bbb9
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?dabf3bc992374df5ac794cf4c4a4bbb9
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


Merci pour ton aide!!!


28 Octobre 2007 18:13:05

voilà j'ai désinstallé avast et j'ai installé antivir!!!

voilà le rapport!!!

Avira AntiVir PersonalEdition Classic
*************************************

Copyright © 2007 Avira GmbH.
All rights reserved.


Inhalt
******

0 Important information
1 System requirements
2 Important requirements for an installation
3 Incompatibilities with other programs
4 Support service
5 Contact address


0 Important information
***********************

Users who have up to now installed an ANSI version of the Avira
AntiVir PersonalEdition Classic software pack on a Microsoft Windows
NT, Microsoft Windows 2000 or Microsoft Windows XP operating system,
receive update information when attempting to update.

When updating, please proceed as follows:

1. Deinstall the installed version of the Avira AntiVir
PersonalEdition Classic.
2. Download a current software pack from the downoad section of the
Avira AntiVir PersonalEdition Classic website
http://www.free-av.com.
3. Install this software pack on your computer.

1 System requirements
*********************

In order for Avira AntiVir PersonalEdition Classic to run properly,
the computer system must fulfill the following requirements:

- Computer: Pentium or higher, at least 133 MHz

- Operating system
- Microsoft Windows Vista or
- Microsoft Windows XP Home or Professional, or
- Microsoft Windows 2000, SP 4 recommended

Avira AntiVir PersonalEdition Classic also supports Microsoft Windows
XP x64 Edition.

The display of the program interfaces can differ, depending on the
operating system used.

- 30 MB free memory on the hard disk (more if quarantine is used)

- Min. 100 MB temporary memory on the hard disk

- Min. 25 MB of free main memory

- For all installations: Internet Explorer 5.0 or higher

- For the installation of Avira AntiVir PersonalEdition Classic:
administrator rights

Note
----

- If there is no Internet Explorer 5.0 or higher available on your
system, you can download it under the following address:

http://www.microsoft.com/windows/ie/downloads/default.m...


2 Important requirements for an installation
********************************************

Ensure that the following requirements are fulfilled so that Avira
AntiVir PersonalEdition Classic works properly on your computer:

- System requirements fulfilled
- No other on-access scanner (also called Guard) installed
- Installer has administrator rights
- Internet/Intranet connection available
- All running programs on the computer exited


3 Incompatibilities with other programs
***************************************

Cygwin

If the Avira AntiVir PersonalEdition Classic runs on a system where
the product Cygwin is installed, you might encounter problems with
updating the Avira AntiVir PersonalEdition Classic. In a worst case
scenario you might not be able to update the Avira AntiVir
PersonalEdition Classic at all. Background to this behavior is the
fact that the cygwin process "cygrun.srv.exe" together with the
Microsoft Client/Server runtime server subsystem ("csrss.exe) causes
a complete load of the system once the update process of the Avira
AntiVir PersonalEdition Classic is started. It is therefore strongly
recommended to deinstall Cygwin before the Avira AntiVir
PersonalEdition Classic is installed.


4 Support service
*****************

If you have problems please try first to solve them using the
integrated help system and the user manual (Download at:
http://www.free-av.com). For harder problem, please feel free to
post a message to our bulletin board at http://forum.avira.de or
to call our Support-Hotline.

Please also feel free to post bug reports, hints, feature requests
and anything else related to the Avira AntiVir PersonalEdition
Classic to this Bulletin Board.

Please note that technical inquiries can only be anserwered via our
Support-Forum or our Support-Hotline.


Support-Forum
-------------

...our forum is available for you at any time!

The forum, which is subdivided into clear categories offers you the
possibility to exchange yourself online with other users and our
employees of the customer support. An up-to-date, electronic
bulletin board that is coordinated by our moderators is available.
Our experience multiplies with the experience from the users of
AntiVir all over the world. Have a look on it without any
obligation...

http://forum.avira.de


Support-Hotline
---------------

Germany: 0900 10 11 333 (1,99 Euro/Min*)
Austria: 0900 51 03 61 121 (2,16 Euro/Min*)
Switzerland: 0900 51 03 61 (4,23 CHF/Min*)

* Prices are subject to change.

Mo - Fr between 10 a.m. and 7 p.m.


5 Contact
*********

Avira GmbH
Lindauer Str. 21
D-88069 Tettnang
Germany

Internet: http://www.free-av.com
28 Octobre 2007 19:53:26


Excuse moi, je n'ai pas posté, le bon "report"
Voilà:


AntiVir PersonalEdition Classic
Report file date: mercredi 28 novembre 2007 21:41

Scanning for 904194 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: JOFF-BCDADAE1C3

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 20:12:31
ANTIVIR3.VDF : 7.0.0.142 3072 Bytes 26/10/2007 20:12:31
AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 28/11/2007 20:12:32
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: H:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 28 novembre 2007 21:41

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'hpqste08.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PAStiSvc.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'atievxx.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'RaUI.exe' - '1' Module(s) have been scanned
Scan process 'Residence.exe' - '1' Module(s) have been scanned
Scan process 'SonyTray.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'tsitra1148.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\tsitra1148.exe'
Scan process 'LBTWiz.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\LBTWiz.exe'
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'tsitra1148.exe' has been terminated
Process 'LBTWiz.exe' has been terminated
C:\WINDOWS\tsitra1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47b6d320.qua'!
C:\WINDOWS\LBTWiz.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47a1d2f2.qua'!

44 processes with 42 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '24' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\k3d3t4t8n7l.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47b1d2eb.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\xr-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477ad32e.qua'!
C:\zr-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477ad342.qua'!
C:\Documents and Settings\joff\Local Settings\Temporary Internet Files\Content.IE5\JHY7MAI0\dual[1].jpg
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47aed45d.qua'!
C:\Program Files\Fichiers communs\Carlson\carlton
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '47bfd50c.qua'!
C:\Program Files\Navilog1\Backupnavi\cenxlytfdh.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47bbd659.qua'!
C:\Program Files\Navilog1\Backupnavi\pggddwb.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47b4d662.qua'!
C:\Program Files\Navilog1\Backupnavi\slwjobdnu.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47c4d66a.qua'!
C:\Program Files\Navilog1\Backupnavi\uezlrca.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47c7d668.qua'!
C:\Program Files\Navilog1\Backupnavi\ufvkejp.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47c3d66b.qua'!
C:\Program Files\Navilog1\Backupnavi\vvyscl.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47c6d67c.qua'!
C:\Program Files\Navilog1\Backupnavi\wgozcutnp.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47bcd66f.qua'!
C:\Program Files\Navilog1\Backupnavi\zbisjb.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47b6d66d.qua'!
C:\Program Files\Navilog1\Backupnavi\zpckers.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47b0d67d.qua'!
C:\Program Files\Navilog1\Backupnavi\zvawvz.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '47aed684.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP69\A0037847.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477dd9d1.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP71\A0040007.exe
[DETECTION] Is the Trojan horse TR/FakeAV.15.A
[INFO] The file was moved to '477dd9e5.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP72\A0043218.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477dd9ff.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP73\A0043304.exe
[DETECTION] Is the Trojan horse TR/FakeAV.15.A
[INFO] The file was moved to '477dda09.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP73\A0043334.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477dda0f.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP73\A0045398.exe
[DETECTION] Is the Trojan horse TR/FakeAV.15.A
[INFO] The file was moved to '477dda23.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP75\A0045596.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477dda3c.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP75\A0045597.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477dda3f.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP76\A0045683.exe
[DETECTION] Is the Trojan horse TR/FakeAV.15.A
[INFO] The file was moved to '477dda4b.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP77\A0046005.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '477dda75.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP79\A0047237.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '477dda8d.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP79\A0047264.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '477dda91.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0047330.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '477ddaa6.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0048329.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '477ddabe.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0048342.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddac1.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0048343.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddac3.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0048344.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddac6.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0048345.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddac8.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0048346.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddaca.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0048347.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddacd.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0048348.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddacf.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0048349.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddad1.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0048350.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddad4.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0048351.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddad5.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0048364.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477ddad8.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP81\A0048406.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477ddadd.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP81\A0048526.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '477ddae6.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048528.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477ddb0d.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048529.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '477ddb10.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048530.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '477ddb12.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048531.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477ddb14.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048532.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477ddb17.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048535.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddb19.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048536.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddb1b.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048537.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddb1e.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048538.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddb20.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048539.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddb22.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048540.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddb25.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048541.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddb27.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048542.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddb29.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048543.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddb2c.qua'!
C:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP82\A0048544.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '477ddb2e.qua'!
C:\WINDOWS\Nokia_19_jpg.zip
[0] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47b8dcb4.qua'!
Begin scan in 'D:\'
D:\System Volume Information\_restore{1012AE66-A546-4C63-A230-B7BF2A9EBFBE}\RP80\A0047306.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '477de1e7.qua'!
Begin scan in 'H:\'
Search path H:\ could not be opened!
Le chemin d'accès spécifié est introuvable.



End of the scan: mercredi 28 novembre 2007 22:46
Used time: 1:04:42 min

The scan has been done completely.

3790 Scanning directories
121157 Files were scanned
63 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
61 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
121094 Files not concerned
1280 Archives were scanned
2 Warnings
0 Notes

a b 8 Sécurité
28 Octobre 2007 20:48:29

Reposte un rapport Hijackthis.
17 Avril 2008 10:02:22

Bonjour, j'ai aussi un probleme de spyware ou virus je n'en sais rien si vous pouviez m'aider... voici mon rapport Hijackthis :



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:54:01, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\inova\Bureau\KillBox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.nec-computers.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Trellian BHO Impl - {24180B00-2EB6-11d7-BD6F-004854603DCE} - C:\Program Files\TRELLIAN\Toolbar\toolbar.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {86D81E24-4349-4335-BBBB-DCAD72459E1A} - C:\WINDOWS\system32\urqRHBTk.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {BE784968-A325-4F65-96DB-696F45C1DB9F} - (no file)
O2 - BHO: (no name) - {C0492CB5-1A2C-4602-BD7F-5226598626AC} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BM23556bbb] Rundll32.exe "C:\WINDOWS\system32\bnmlxkme.dll",s
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [BM23556bbb] Rundll32.exe "C:\WINDOWS\system32\bnmlxkme.dll",s
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: khfGwTkJ - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 8544 bytes




J'ai deja repérer que cette dll est un fake :
C:\WINDOWS\system32\urqRHBTk.dll

seul probleme j'ai essayé avec killbox, je n'arrive pas a la supprimer, et pour cela il vérifie le registre avant de reboot il me dit : "PendingFileRenameOperations Registry Data has been Removed by External Process !"

Je ne vois pas quoi faire merci à vous d'avance
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS