|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour je rencontre aussi les pbs déjà annoncés ici
aussi j'ai lancer Hijackthis
voici le cpte rendu
j vous remercie dés à présent de votre aide
Logfile of HijackThis v1.99.1
Scan saved at 17:19:10, on 23/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\WINDOWS\system32\dqljoala.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JEANPI~1\LOCALS~1\Temp\Rar$EX11.360\scan.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {066A2CDC-319E-4460-BA45-C24562CD51AA} - C:\WINDOWS\system32\vtusqon.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64381BF0-D74A-DDBD-1A61-FF8DBC21859E} - C:\WINDOWS\system32\eka.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {938A8A03-A938-4019-B764-03FF8D167D79} - C:\WINDOWS\system32\ondlwlhn.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {F9F4BBCC-4898-42FE-BE21-390FC32B174E} - C:\WINDOWS\system32\ddayv.dll
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D2907D4E66914B5C1E9E689DB6FC45715ED96D1223AD51A6C3832212339F384827B144
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\qkpmxxxp.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cleanup] C:\Documents and Settings\jeanpierre\Application Data\CCleanup\compind.bat
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s(...)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddayv - C:\WINDOWS\system32\ddayv.dll
O20 - Winlogon Notify: vtusqon - vtusqon.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
|
|
team sécurité
|
|
|
bonjour
merci de plus decrire ton probleme!!!!!
et
Pas de rapport avant que l on t en demande un !!!
Voir regle du forum !!
Merci de lire ceci ...
http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/a_(...)
|
|
|
|
|
ok pardon suis nouveau ici et pas lu règles forum
mon problème est le suivant sous IE7
j'ai systématiquement des fenetres qui m'invitent aàinstaller winantivirus 2006 ou 2007
également un onglet security update
ou encore un windows cleaner
|
|
team sécurité
|
|
|
|
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.[list] Double-clique VundoFix.exe afin de le lancer Clique sur le bouton Scan for Vundo Lorsque le scan est complété, clique sur le bouton Remove Vundo Une invite te demandera si tu veux supprimer les fichiers, clique YES Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse [/list] Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-dessus, à partir de "clique sur le bouton Scan for Vundo".
|
|
|
|
|
Ok merci je fais manip
je post résultats
merci
|
|
|
|
|
voici rapport
VundoFix V6.5.6
Checking Java version...
Scan started at 18:19:39 23/07/2007
Listing files found while scanning....
C:\windows\system32\bvhcouad.dll
C:\windows\system32\cfeqjkmh.dll
C:\windows\system32\dcyepiqo.dll
C:\WINDOWS\system32\ddayv.dll
C:\windows\system32\dexqdwse.dll
C:\windows\system32\dqljoala.exe
C:\windows\system32\eulgdymu.dll
C:\windows\system32\gayqdpku.exe
C:\windows\system32\gfjtbbwl.exe
C:\windows\system32\grxpnxix.exe
C:\windows\system32\gxndcbfi.dll
C:\windows\system32\hfyvxecs.dll
C:\windows\system32\hqepobrq.exe
C:\windows\system32\iqdobrtl.ini
C:\windows\system32\jvqplfyr.dll
C:\windows\system32\ltrbodqi.dll
C:\windows\system32\mdyjnvjy.dll
C:\windows\system32\ofikgfda.dll
C:\WINDOWS\system32\ondlwlhn.dll
C:\windows\system32\rvqerioy.exe
C:\WINDOWS\system32\tnwygcdm.dll
C:\windows\system32\ufpjmevm.exe
C:\WINDOWS\system32\vtusqon.dll
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini2
C:\WINDOWS\system32\vyadd.tmp
C:\windows\system32\wrunqpkp.dll
C:\windows\system32\wunwwkfx.dll
C:\windows\system32\xfkwwnuw.ini
C:\windows\system32\yxriindg.exe
Beginning removal...
Attempting to delete C:\windows\system32\bvhcouad.dll
C:\windows\system32\bvhcouad.dll Has been deleted!
Attempting to delete C:\windows\system32\cfeqjkmh.dll
C:\windows\system32\cfeqjkmh.dll Has been deleted!
Attempting to delete C:\windows\system32\dcyepiqo.dll
C:\windows\system32\dcyepiqo.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\ddayv.dll Has been deleted!
Attempting to delete C:\windows\system32\dexqdwse.dll
C:\windows\system32\dexqdwse.dll Has been deleted!
Attempting to delete C:\windows\system32\dqljoala.exe
C:\windows\system32\dqljoala.exe Could not be deleted.
Attempting to delete C:\windows\system32\eulgdymu.dll
C:\windows\system32\eulgdymu.dll Has been deleted!
Attempting to delete C:\windows\system32\gayqdpku.exe
C:\windows\system32\gayqdpku.exe Has been deleted!
Attempting to delete C:\windows\system32\gfjtbbwl.exe
C:\windows\system32\gfjtbbwl.exe Has been deleted!
Attempting to delete C:\windows\system32\grxpnxix.exe
C:\windows\system32\grxpnxix.exe Has been deleted!
Attempting to delete C:\windows\system32\gxndcbfi.dll
C:\windows\system32\gxndcbfi.dll Has been deleted!
Attempting to delete C:\windows\system32\hfyvxecs.dll
C:\windows\system32\hfyvxecs.dll Has been deleted!
Attempting to delete C:\windows\system32\hqepobrq.exe
C:\windows\system32\hqepobrq.exe Has been deleted!
Attempting to delete C:\windows\system32\iqdobrtl.ini
C:\windows\system32\iqdobrtl.ini Has been deleted!
Attempting to delete C:\windows\system32\jvqplfyr.dll
C:\windows\system32\jvqplfyr.dll Has been deleted!
Attempting to delete C:\windows\system32\ltrbodqi.dll
C:\windows\system32\ltrbodqi.dll Has been deleted!
Attempting to delete C:\windows\system32\mdyjnvjy.dll
C:\windows\system32\mdyjnvjy.dll Has been deleted!
Attempting to delete C:\windows\system32\ofikgfda.dll
C:\windows\system32\ofikgfda.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ondlwlhn.dll
C:\WINDOWS\system32\ondlwlhn.dll Has been deleted!
Attempting to delete C:\windows\system32\rvqerioy.exe
C:\windows\system32\rvqerioy.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\tnwygcdm.dll
C:\WINDOWS\system32\tnwygcdm.dll Has been deleted!
Attempting to delete C:\windows\system32\ufpjmevm.exe
C:\windows\system32\ufpjmevm.exe Has been deleted!
Attempting to delete C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vyadd.bak2
C:\WINDOWS\system32\vyadd.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vyadd.ini
C:\WINDOWS\system32\vyadd.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\vyadd.ini2
C:\WINDOWS\system32\vyadd.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\vyadd.tmp
C:\WINDOWS\system32\vyadd.tmp Has been deleted!
Attempting to delete C:\windows\system32\wrunqpkp.dll
C:\windows\system32\wrunqpkp.dll Has been deleted!
Attempting to delete C:\windows\system32\wunwwkfx.dll
C:\windows\system32\wunwwkfx.dll Has been deleted!
Attempting to delete C:\windows\system32\xfkwwnuw.ini
C:\windows\system32\xfkwwnuw.ini Has been deleted!
Attempting to delete C:\windows\system32\yxriindg.exe
C:\windows\system32\yxriindg.exe Has been deleted!
Performing Repairs to the registry.
Done!
--------------------------------
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:29:35, on 23/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\jeanpierre\Bureau\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {64381BF0-D74A-DDBD-1A61-FF8DBC21859E} - C:\WINDOWS\system32\eka.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {F9F4BBCC-4898-42FE-BE21-390FC32B174E} - C:\WINDOWS\system32\ddayv.dll (file missing)
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D2907D4E66914B5C1E9E689DB6FC45715ED96D1223AD51A6C3832212339F384827B144
O4 - HKLM\..\Run: [MemoryManager] rundll32.exe "C:\WINDOWS\system32\tlhhtcyy.dll",forkonce
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Cleanup] C:\Documents and Settings\jeanpierre\Application Data\CCleanup\compind.bat
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s(...)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: vtusqon - vtusqon.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 7194 bytes
|
|
|
|
|
désolé je dois quitter
urgence familiale
merci de ne pas me laisser ....
|
|
team sécurité
|
|
|
Avast! est loin de ce que l'on a fait de mieux en matière de protection, voir ce lien pour plus d'informations : http://forum.malekal.com/ftopic3123.php
Clairement, Antivir est beaucoup plus performant, c'est pourquoi, je te conseille TRES VIVEMENT de désinstaller Avast! et installer Antivir à la place : http://www.malekal.com/tutorial_antivir.php
- Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
- Assure toi qu'Antivir est bien à jour, vérifie la date d'update.
-- Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.
Redémarre en mode normal.
Poste le rapport ici.
|
|
|
|
|
Bonjour bibou0007
ok j'ai fais dernieres recommandataions
je joins ci dessous rapport Antivir
petite info au redémarrage fenetre rundll
c:\windosw\system32\tlhtcyy.dll
module spécifié manquant
-----
AntiVir PersonalEdition Classic
Report file date: mardi 24 juillet 2007 08:36
Scanning for 976723 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: jeanpierre
Computer name: SERRIS
Version information:
BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 06:29:38
ANTIVIR2.VDF : 6.39.0.177 762368 Bytes 23/07/2007 06:29:38
ANTIVIR3.VDF : 6.39.0.180 25600 Bytes 23/07/2007 06:29:38
AVEWIN32.DLL : 7.4.0.44 2499072 Bytes 24/07/2007 06:29:38
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.13 360488 Bytes 24/07/2007 06:29:38
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 24 juillet 2007 08:36
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[NOTE] In the drive 'J:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '8' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\jeanpierre\Local Settings\Temporary Internet Files\Content.IE5\5SF7ROSS\kcehc_eicooc20070702[1]
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '470a9fa1.qua'!
C:\Documents and Settings\jeanpierre\Local Settings\Temporary Internet Files\Content.IE5\5SF7ROSS\masiyxanidi[1]
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '47189fa5.qua'!
C:\VundoFix Backups\bvhcouad.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '470da498.qua'!
C:\VundoFix Backups\cfeqjkmh.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '470aa48b.qua'!
C:\VundoFix Backups\dcyepiqo.dll.bad
[DETECTION] Is the Trojan horse TR/JuanSearch.C
[INFO] The file was moved to '471ea48a.qua'!
C:\VundoFix Backups\ddayv.dll.bad
[DETECTION] Is the Trojan horse TR/Mon.Virtumonde.II
[INFO] The file was moved to '4706a48e.qua'!
C:\VundoFix Backups\dexqdwse.dll.bad
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '471da491.qua'!
C:\VundoFix Backups\dqljoala.exe.bad
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '4711a49f.qua'!
C:\VundoFix Backups\eulgdymu.dll.bad
[DETECTION] Is the Trojan horse TR/BHO.BD.24
[INFO] The file was moved to '4711a4a5.qua'!
C:\VundoFix Backups\gayqdpku.exe.bad
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '471ea493.qua'!
C:\VundoFix Backups\gfjtbbwl.exe.bad
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '470fa49a.qua'!
C:\VundoFix Backups\grxpnxix.exe.bad
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '471da4a8.qua'!
C:\VundoFix Backups\gxndcbfi.dll.bad
[DETECTION] Is the Trojan horse TR/JuanSearch.C.1
[INFO] The file was moved to '4713a4b1.qua'!
C:\VundoFix Backups\hfyvxecs.dll.bad
[DETECTION] Is the Trojan horse TR/JuanSearch.C.1
[INFO] The file was moved to '471ea4a1.qua'!
C:\VundoFix Backups\hqepobrq.exe.bad
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '470aa4ae.qua'!
C:\VundoFix Backups\jvqplfyr.dll.bad
[DETECTION] Is the Trojan horse TR/JuanSearch.B
[INFO] The file was moved to '4716a4b5.qua'!
C:\VundoFix Backups\ltrbodqi.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '4717a4b5.qua'!
C:\VundoFix Backups\mdyjnvjy.dll.bad
[DETECTION] Is the Trojan horse TR/BHO.BD.24
[INFO] The file was moved to '471ea4a7.qua'!
C:\VundoFix Backups\ofikgfda.dll.bad
[DETECTION] Is the Trojan horse TR/BHO.BD.24
[INFO] The file was moved to '470ea4ab.qua'!
C:\VundoFix Backups\ondlwlhn.dll.bad
[DETECTION] Is the Trojan horse TR/JuanSearch.C
[INFO] The file was moved to '4709a4b5.qua'!
C:\VundoFix Backups\rvqerioy.exe.bad
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '4716a4be.qua'!
C:\VundoFix Backups\tnwygcdm.dll.bad
[DETECTION] Is the Trojan horse TR/Juan.H
[INFO] The file was moved to '471ca4b8.qua'!
C:\VundoFix Backups\ufpjmevm.exe.bad
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '4715a4b2.qua'!
C:\VundoFix Backups\wrunqpkp.dll.bad
[DETECTION] Is the Trojan horse TR/JuanSearch.C
[INFO] The file was moved to '471aa4c1.qua'!
C:\VundoFix Backups\wunwwkfx.dll.bad
[DETECTION] Is the Trojan horse TR/PSW.Gamania.B
[INFO] The file was moved to '4713a4c6.qua'!
C:\VundoFix Backups\yxriindg.exe.bad
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '4717a4cb.qua'!
C:\WINDOWS\b122.exe
[DETECTION] Contains signature of the dropper DR/Softomate.U.71
[INFO] The file was moved to '46d7a486.qua'!
C:\WINDOWS\b136.exe
[DETECTION] Contains signature of the dropper DR/Drop.Agent.bfr
[INFO] The file was moved to '46d8a489.qua'!
C:\WINDOWS\system32\bomdfswq.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '4712a702.qua'!
C:\WINDOWS\system32\cyndabgd.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '4713a717.qua'!
C:\WINDOWS\system32\dqljoala.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '4711a718.qua'!
C:\WINDOWS\system32\duholiti.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '470da721.qua'!
C:\WINDOWS\system32\dwoqpbsd.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '4714a726.qua'!
C:\WINDOWS\system32\ecminmcr.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4712a715.qua'!
C:\WINDOWS\system32\efpbfxlh.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '4715a71a.qua'!
C:\WINDOWS\system32\gpmuqxac.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '4712a72b.qua'!
C:\WINDOWS\system32\hydmionj.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '4709a73a.qua'!
C:\WINDOWS\system32\jejarawg.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '470fa731.qua'!
C:\WINDOWS\system32\jlhoimgn.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '470da73a.qua'!
C:\WINDOWS\system32\juoodqyt.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4714a746.qua'!
C:\WINDOWS\system32\krgmvepn.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '470ca747.qua'!
C:\WINDOWS\system32\miefheua.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '470aa74f.qua'!
C:\WINDOWS\system32\mokiwhhq.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '4710a75b.qua'!
C:\WINDOWS\system32\nbchxbap.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '4708a75d.qua'!
C:\WINDOWS\system32\nlighscf.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '470ea76b.qua'!
C:\WINDOWS\system32\nyjnxlpa.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '470fa793.qua'!
C:\WINDOWS\system32\oildlnmt.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '4711a786.qua'!
C:\WINDOWS\system32\opwhasee.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '471ca790.qua'!
C:\WINDOWS\system32\phnpxpgv.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '4713a78b.qua'!
C:\WINDOWS\system32\pkrwerhk.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '4717a791.qua'!
C:\WINDOWS\system32\pxahpllf.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '4706a7a1.qua'!
C:\WINDOWS\system32\qkpmxxxp.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '4715a797.qua'!
C:\WINDOWS\system32\rdwtrfbm.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '471ca794.qua'!
C:\WINDOWS\system32\ruomlymv.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '4714a7a9.qua'!
C:\WINDOWS\system32\tlhhtcyy.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen
[INFO] The file was moved to '470da7b1.qua'!
C:\WINDOWS\system32\ufxgmdap.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '471da7b0.qua'!
C:\WINDOWS\system32\wndgdoqk.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '4709a7c7.qua'!
C:\WINDOWS\system32\ylvxwsry.exe
[DETECTION] Is the Trojan horse TR/Agent.AAOA
[INFO] The file was moved to '471ba7cc.qua'!
Begin scan in 'D:\'
Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.
End of the scan: mardi 24 juillet 2007 09:22
Used time: 45:46 min
The scan has been done completely.
3930 Scanning directories
144890 Files were scanned
58 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
58 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
144832 Files not concerned
1300 Archives were scanned
1 Warnings
0 Notes
0 Hidden objects were found
|
|
team sécurité
|
|
|
|
as tu encore des soucis???
|
|
|
|
|
NON NON
grace à vous ça va beaucoup mieux
je garde antivir à la place d'avast
le dernier scan ne trouve aucun problème
je vais suivre "le malade" de prêt au cas où
Merci
|
|
|
|
|
Bibou007,
mon PC va mieux
j'ai quand même un trojan
trAgenA0
|
|
team sécurité
|
|
|
1
|
|
|
|
