Virus MSN
Résolu/Fermé
soso
-
10 mars 2008 à 15:18
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 12 mars 2008 à 12:29
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 12 mars 2008 à 12:29
A voir également:
- Virus MSN
- Msn - Télécharger - Messagerie
- Msn actualités - Télécharger - Médias et Actualité
- Svchost.exe virus - Guide
- Altruistic virus ✓ - Forum Antivirus
- C'est quoi MSN ? ✓ - Forum Réseaux sociaux
9 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
10 mars 2008 à 15:49
10 mars 2008 à 15:49
Soso,
tu n´as pas de par feu instales en un :
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
Comodo 3 pro :
http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro
Online armor :
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606
ou zone alarm plus facil a configurer mais moins performant
https://www.malekal.com/tutoriel-zonealarm-firewall/
puis
ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme
et instale la derniere :
https://get2.adobe.com/reader/otherversions/
ou oublie acrobate reader et instales foxit plus léger :
https://www.clubic.com/telecharger-fiche13808-foxit-reader.html
puis
regardes ce tutorial pour mettre ta console java a jour :
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
et
regardes ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp
Post egalement un nouveau hijack this stp
@+
tu n´as pas de par feu instales en un :
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
Comodo 3 pro :
http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro
Online armor :
http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
tuto : https://forum.pcastuces.com/sujet.asp?f=25&s=35606
ou zone alarm plus facil a configurer mais moins performant
https://www.malekal.com/tutoriel-zonealarm-firewall/
puis
ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme
et instale la derniere :
https://get2.adobe.com/reader/otherversions/
ou oublie acrobate reader et instales foxit plus léger :
https://www.clubic.com/telecharger-fiche13808-foxit-reader.html
puis
regardes ce tutorial pour mettre ta console java a jour :
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
et
regardes ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp
Post egalement un nouveau hijack this stp
@+
bjour girly
jai ossi u un virus sur msn "c est toi ki a mi ma foto sur ce site"
g fé une analyse ac antivir mé je né pa fé les modification com tu le décri alé dan configuration etc ... je les lancer tel ke je lé téléchargé il ne ma rien trouver
par ailleur je nariv pa a fair une analyse par msn fix je ne c pa commen on fé pour compresser
ce virus il ménerve !!!!!!!! grrrr
tu soré combien ca coute de fair formater un ordi portabl ?
merci davance !
jai ossi u un virus sur msn "c est toi ki a mi ma foto sur ce site"
g fé une analyse ac antivir mé je né pa fé les modification com tu le décri alé dan configuration etc ... je les lancer tel ke je lé téléchargé il ne ma rien trouver
par ailleur je nariv pa a fair une analyse par msn fix je ne c pa commen on fé pour compresser
ce virus il ménerve !!!!!!!! grrrr
tu soré combien ca coute de fair formater un ordi portabl ?
merci davance !
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
10 mars 2008 à 16:14
10 mars 2008 à 16:14
cam30,
desolé mais là tu es sur le topik de soso et la discution vieni juste de commencer, fais ton message perso sur le forum,
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
pour msnfix
Tuto :
https://www.malekal.com/supprimer-virus-desinfecter-pc/
post le rapport d´msn fix dans ton nouveau sujet/topik ;-)
pas besoin de formater!!!
@ bientot
desolé mais là tu es sur le topik de soso et la discution vieni juste de commencer, fais ton message perso sur le forum,
Procèdes comme ceci :
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
pour msnfix
Tuto :
https://www.malekal.com/supprimer-virus-desinfecter-pc/
post le rapport d´msn fix dans ton nouveau sujet/topik ;-)
pas besoin de formater!!!
@ bientot
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
10 mars 2008 à 16:32
10 mars 2008 à 16:32
De rien ;-)
je voie que Maijin, t´as pris en charge ;-)
bye`
je voie que Maijin, t´as pris en charge ;-)
bye`
ça y est j'ai réussi à tout faire, enfin je crois!!
Par contre pas sure que je me sois débarrassée de ce virus..
alors:
antivirus:
AntiVir PersonalEdition Classic
Report file date: lundi 10 mars 2008 19:00
Scanning for 1141684 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: TITOUNET
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:45:00
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 17:45:00
ANTIVIR3.VDF : 7.0.3.12 65536 Bytes 10/03/2008 17:45:00
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 10/03/2008 17:45:02
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 10/03/2008 17:45:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: lundi 10 mars 2008 19:00
Starting search for hidden objects.
An ARK instance is already running.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned
Scan process 'antivir_workstation_win7u_en_h.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'SOFFICE.BIN' - '1' Module(s) have been scanned
Scan process 'SOFFICE.EXE' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'HOTSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'iwctrl.exe' - '1' Module(s) have been scanned
Scan process 'PCLETray.exe' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'Vaderetro_oe.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'WButton.exe' - '1' Module(s) have been scanned
Scan process 'OSDCtrl.exe' - '1' Module(s) have been scanned
Scan process 'CTRLVOL.EXE' - '1' Module(s) have been scanned
Scan process 'HotkeyApp.exe' - '1' Module(s) have been scanned
Scan process 'Powerkey.exe' - '1' Module(s) have been scanned
Scan process 'LaunchAp.exe' - '1' Module(s) have been scanned
Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.EXE' - '1' Module(s) have been scanned
Scan process 'anbmServ.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
74 processes with 74 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Emmanuel\Local Settings\Temporary Internet Files\Content.IE5\Y35KYR7F\addz[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48398185.qua'!
C:\Documents and Settings\Emmanuel\Bureau\catchme.zip
[0] Archive type: ZIP
--> services.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48498748.qua'!
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP276\A0075633.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16004
[WARNING] The source file could not be found.
Begin scan in 'D:\' <ACERDATA>
End of the scan: lundi 10 mars 2008 22:18
Used time: 3:18:36 min
The scan has been done completely.
6763 Scanning directories
337671 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
337668 Files not concerned
8517 Archives were scanned
2 Warnings
1 Notes
AntiVir PersonalEdition Classic
Report file date: lundi 10 mars 2008 19:00
Scanning for 1141684 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: TITOUNET
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:45:00
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 17:45:00
ANTIVIR3.VDF : 7.0.3.12 65536 Bytes 10/03/2008 17:45:00
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 10/03/2008 17:45:02
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 10/03/2008 17:45:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: lundi 10 mars 2008 19:00
Starting search for hidden objects.
'69802' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned
Scan process 'antivir_workstation_win7u_en_h.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'SOFFICE.BIN' - '1' Module(s) have been scanned
Scan process 'SOFFICE.EXE' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'HOTSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'iwctrl.exe' - '1' Module(s) have been scanned
Scan process 'PCLETray.exe' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'Vaderetro_oe.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'WButton.exe' - '1' Module(s) have been scanned
Scan process 'OSDCtrl.exe' - '1' Module(s) have been scanned
Scan process 'CTRLVOL.EXE' - '1' Module(s) have been scanned
Scan process 'HotkeyApp.exe' - '1' Module(s) have been scanned
Scan process 'Powerkey.exe' - '1' Module(s) have been scanned
Scan process 'LaunchAp.exe' - '1' Module(s) have been scanned
Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.EXE' - '1' Module(s) have been scanned
Scan process 'anbmServ.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
74 processes with 74 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP276\A0075633.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4805a5b1.qua'!
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP276\A0075634.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4805a5b7.qua'!
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP277\A0077670.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4805a5bd.qua'!
Begin scan in 'D:\' <ACERDATA>
End of the scan: lundi 10 mars 2008 22:18
Used time: 3:18:40 min
The scan has been done completely.
6763 Scanning directories
337777 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
337774 Files not concerned
8518 Archives were scanned
1 Warnings
1 Notes
69802 Objects were scanned with rootkit scan
0 Hidden objects were found
et hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30:13, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Outlook Express\HOTSYNC.EXE
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\services.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Corel Print House 2000] "C:\WINDOWS\COREL\StpLnch.exe" /box="Corel Print House 2000"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Outlook Express\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{87DF31FA-FBC9-41A2-B713-E7B312C10210}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Personal Firewall 4\kpf4ss.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
Par contre pas sure que je me sois débarrassée de ce virus..
alors:
antivirus:
AntiVir PersonalEdition Classic
Report file date: lundi 10 mars 2008 19:00
Scanning for 1141684 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: TITOUNET
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:45:00
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 17:45:00
ANTIVIR3.VDF : 7.0.3.12 65536 Bytes 10/03/2008 17:45:00
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 10/03/2008 17:45:02
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 10/03/2008 17:45:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: lundi 10 mars 2008 19:00
Starting search for hidden objects.
An ARK instance is already running.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned
Scan process 'antivir_workstation_win7u_en_h.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'SOFFICE.BIN' - '1' Module(s) have been scanned
Scan process 'SOFFICE.EXE' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'HOTSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'iwctrl.exe' - '1' Module(s) have been scanned
Scan process 'PCLETray.exe' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'Vaderetro_oe.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'WButton.exe' - '1' Module(s) have been scanned
Scan process 'OSDCtrl.exe' - '1' Module(s) have been scanned
Scan process 'CTRLVOL.EXE' - '1' Module(s) have been scanned
Scan process 'HotkeyApp.exe' - '1' Module(s) have been scanned
Scan process 'Powerkey.exe' - '1' Module(s) have been scanned
Scan process 'LaunchAp.exe' - '1' Module(s) have been scanned
Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.EXE' - '1' Module(s) have been scanned
Scan process 'anbmServ.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
74 processes with 74 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Emmanuel\Local Settings\Temporary Internet Files\Content.IE5\Y35KYR7F\addz[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48398185.qua'!
C:\Documents and Settings\Emmanuel\Bureau\catchme.zip
[0] Archive type: ZIP
--> services.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48498748.qua'!
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP276\A0075633.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16004
[WARNING] The source file could not be found.
Begin scan in 'D:\' <ACERDATA>
End of the scan: lundi 10 mars 2008 22:18
Used time: 3:18:36 min
The scan has been done completely.
6763 Scanning directories
337671 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
337668 Files not concerned
8517 Archives were scanned
2 Warnings
1 Notes
AntiVir PersonalEdition Classic
Report file date: lundi 10 mars 2008 19:00
Scanning for 1141684 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: TITOUNET
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:45:00
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 17:45:00
ANTIVIR3.VDF : 7.0.3.12 65536 Bytes 10/03/2008 17:45:00
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 10/03/2008 17:45:02
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 10/03/2008 17:45:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: lundi 10 mars 2008 19:00
Starting search for hidden objects.
'69802' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '1' Module(s) have been scanned
Scan process 'antivir_workstation_win7u_en_h.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'SOFFICE.BIN' - '1' Module(s) have been scanned
Scan process 'SOFFICE.EXE' - '1' Module(s) have been scanned
Scan process 'CapabilityManager.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'HOTSYNC.EXE' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'iwctrl.exe' - '1' Module(s) have been scanned
Scan process 'PCLETray.exe' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'Vaderetro_oe.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'WButton.exe' - '1' Module(s) have been scanned
Scan process 'OSDCtrl.exe' - '1' Module(s) have been scanned
Scan process 'CTRLVOL.EXE' - '1' Module(s) have been scanned
Scan process 'HotkeyApp.exe' - '1' Module(s) have been scanned
Scan process 'Powerkey.exe' - '1' Module(s) have been scanned
Scan process 'LaunchAp.exe' - '1' Module(s) have been scanned
Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.EXE' - '1' Module(s) have been scanned
Scan process 'anbmServ.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
74 processes with 74 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP276\A0075633.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4805a5b1.qua'!
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP276\A0075634.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4805a5b7.qua'!
C:\System Volume Information\_restore{004AA4CB-CEFA-470B-84B6-7AE41AC1EA5D}\RP277\A0077670.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4805a5bd.qua'!
Begin scan in 'D:\' <ACERDATA>
End of the scan: lundi 10 mars 2008 22:18
Used time: 3:18:40 min
The scan has been done completely.
6763 Scanning directories
337777 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
337774 Files not concerned
8518 Archives were scanned
1 Warnings
1 Notes
69802 Objects were scanned with rootkit scan
0 Hidden objects were found
et hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30:13, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Program Files\Arcade\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Outlook Express\HOTSYNC.EXE
C:\PROGRA~1\WANADOO\TaskBarIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\acer\eRecovery\Monitor.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Emmanuel\LOCALS~1\Temp\services.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [Vaderetro Outlook] "C:\PROGRA~1\GOTOSO~1\VADERE~1\VrMoRegister.exe -s"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Corel Print House 2000] "C:\WINDOWS\COREL\StpLnch.exe" /box="Corel Print House 2000"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [InstantTray] C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Outlook Express\HOTSYNC.EXE
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{87DF31FA-FBC9-41A2-B713-E7B312C10210}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Personal Firewall 4\kpf4ss.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 mars 2008 à 01:18
11 mars 2008 à 01:18
Re,
desinstales l´antivirus avast...
Tu as deja un post avec marie !
Tu n´as vraiment pas fait ce qu´elle t´a prescrit ? pourquoi tu peux m´expliquer ?
genre : mettre java a jour, par feu ect...
???
desinstales l´antivirus avast...
Tu as deja un post avec marie !
Tu n´as vraiment pas fait ce qu´elle t´a prescrit ? pourquoi tu peux m´expliquer ?
genre : mettre java a jour, par feu ect...
???
oK je vais le faire mais commen sa les deux tableau tu abandonne?
^^Marie^^
Messages postés
113929
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 274
11 mars 2008 à 17:23
11 mars 2008 à 17:23
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 mars 2008 à 23:09
11 mars 2008 à 23:09
???
^^Marie^^
Messages postés
113929
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 274
12 mars 2008 à 10:57
12 mars 2008 à 10:57
Tu ne lis pas la même chose que moi ??
VaToi ??
VaToi ??
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
12 mars 2008 à 12:29
12 mars 2008 à 12:29
si si marie,
oui ca peut aller, tu sais comment c´est > ca va, ca vient ;-)
Bonne journée`
@+
oui ca peut aller, tu sais comment c´est > ca va, ca vient ;-)
Bonne journée`
@+
10 mars 2008 à 16:13
10 mars 2008 à 16:16
oui c´est claire que l´on peut s´en poser ?!
attendons son retour...
Biz`
@+