Malekal's forum

[bernie]

Bonjour,

Je suis infecté par live sécurity platinium, mais contrairement au sujet déjà traité, je ne peux même pas démarrer Antivir, ni highjackthis !!!! ni le centre de sécurité non plus ...

Merci de me fournir un début de solution.

[bernie]

En fait, après un redémarrage et diverses suppressions de fichiers inutiles, la pop up intempestive de Live Security Platinium semble avoir disparu. De plus, j'ai pu lancer un check Antivir, un Highjackthis et un adwcleaner dont les rapports suivent.
Peut-être le problème est-il résolu ?

Avira AntiVir Personal
Report file date: mercredi 20 juin 2012 22:55

Scanning for 3850218 virus strains and unwanted programs.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILLE

Version information:
BUILD.DAT : 9.0.0.429 21701 Bytes 06/10/2010 10:04:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 20/11/2009 18:02:50
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:26
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:50
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:54
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:02:50
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 18:30:30
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 11:56:26
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 18:57:24
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 19:10:36
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10/05/2012 20:23:36
VBASE006.VDF : 7.11.29.137 2048 Bytes 10/05/2012 20:23:36
VBASE007.VDF : 7.11.29.138 2048 Bytes 10/05/2012 20:23:36
VBASE008.VDF : 7.11.29.139 2048 Bytes 10/05/2012 20:23:36
VBASE009.VDF : 7.11.29.140 2048 Bytes 10/05/2012 20:23:36
VBASE010.VDF : 7.11.29.141 2048 Bytes 10/05/2012 20:23:36
VBASE011.VDF : 7.11.29.142 2048 Bytes 10/05/2012 20:23:36
VBASE012.VDF : 7.11.29.143 2048 Bytes 10/05/2012 20:23:36
VBASE013.VDF : 7.11.29.144 2048 Bytes 10/05/2012 20:23:36
VBASE014.VDF : 7.11.30.3 198144 Bytes 14/05/2012 10:52:12
VBASE015.VDF : 7.11.30.69 186368 Bytes 17/05/2012 11:56:28
VBASE016.VDF : 7.11.30.143 223744 Bytes 21/05/2012 17:46:26
VBASE017.VDF : 7.11.30.207 287744 Bytes 23/05/2012 18:01:00
VBASE018.VDF : 7.11.31.57 188416 Bytes 28/05/2012 09:11:58
VBASE019.VDF : 7.11.31.111 214528 Bytes 30/05/2012 15:17:00
VBASE020.VDF : 7.11.31.151 116736 Bytes 31/05/2012 16:36:56
VBASE021.VDF : 7.11.31.205 134144 Bytes 03/06/2012 19:47:06
VBASE022.VDF : 7.11.32.9 169472 Bytes 05/06/2012 11:19:24
VBASE023.VDF : 7.11.32.85 155648 Bytes 08/06/2012 17:41:54
VBASE024.VDF : 7.11.32.133 127488 Bytes 11/06/2012 17:13:50
VBASE025.VDF : 7.11.32.171 182784 Bytes 12/06/2012 08:14:08
VBASE026.VDF : 7.11.32.251 119296 Bytes 14/06/2012 17:56:06
VBASE027.VDF : 7.11.33.83 159232 Bytes 18/06/2012 09:37:02
VBASE028.VDF : 7.11.33.84 2048 Bytes 18/06/2012 09:37:02
VBASE029.VDF : 7.11.33.85 2048 Bytes 18/06/2012 09:37:02
VBASE030.VDF : 7.11.33.86 2048 Bytes 18/06/2012 09:37:02
VBASE031.VDF : 7.11.33.94 29184 Bytes 19/06/2012 09:37:02
Engineversion : 8.2.10.92
AEVDF.DLL : 8.1.2.8 106867 Bytes 01/06/2012 16:36:58
AESCRIPT.DLL : 8.1.4.26 450939 Bytes 15/06/2012 17:56:24
AESCN.DLL : 8.1.8.2 131444 Bytes 27/01/2012 12:48:42
AESBX.DLL : 8.2.5.12 606578 Bytes 15/06/2012 17:56:26
AERDL.DLL : 8.1.9.15 639348 Bytes 14/09/2011 18:01:06
AEPACK.DLL : 8.2.16.18 807287 Bytes 15/06/2012 17:56:24
AEOFFICE.DLL : 8.1.2.36 201082 Bytes 15/06/2012 17:56:22
AEHEUR.DLL : 8.1.4.46 4923767 Bytes 15/06/2012 17:56:22
AEHELP.DLL : 8.1.21.0 254326 Bytes 10/05/2012 20:23:38
AEGEN.DLL : 8.1.5.30 422261 Bytes 15/06/2012 17:56:08
AEEXP.DLL : 8.1.0.52 82293 Bytes 15/06/2012 17:56:26
AEEMU.DLL : 8.1.3.0 393589 Bytes 24/11/2010 16:59:08
AECORE.DLL : 8.1.25.10 201080 Bytes 31/05/2012 15:17:28
AEBB.DLL : 8.1.1.0 53618 Bytes 23/04/2010 18:40:50
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:48:00
AVPREF.DLL : 9.0.3.0 44289 Bytes 20/11/2009 18:02:50
AVREP.DLL : 10.0.0.9 174120 Bytes 04/03/2011 15:51:20
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:42
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:10
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:50
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:34
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:12
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:40:00
RCTEXT.DLL : 9.0.73.0 86785 Bytes 20/11/2009 18:02:50

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: off
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: mercredi 20 juin 2012 22:55

Starting search for hidden objects.
'86750' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'jre-6u33-windows-i586-iftw.exe' - '1' Module(s) have been scanned
Scan process 'HijackThis.exe' - '1' Module(s) have been scanned
Scan process 'WUAUCLT.EXE' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'WUAUCLT.EXE' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ToolbarUpdater.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ooVoo.exe' - '1' Module(s) have been scanned
Scan process 'VPROT.EXE' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'admServ.exe' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '53' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.


End of the scan: mercredi 20 juin 2012 23:16
Used time: 21:55 Minute(s)

The scan has been canceled!

579 Scanned directories
71111 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
71109 Files not concerned
5927 Archives were scanned
2 Warnings
2 Notes
86750 Objects were scanned with rootkit scan
0 Hidden objects were found

-------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:56:08, on 20/06/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\ooVoo\oovoo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\BERNARD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\BERNARD\Application Data\Complitly\Complitly.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [Bubble Dock] "C:\Documents and Settings\BERNARD\Application Data\Nosibay\Bubble Dock\LBubble Dock.exe" /winstartup
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\BERNARD\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Add to AMV Video Converter... - D:\FAMILLE\emmanuelle\journée D'lir ak princess et besthàà\AMVConverter\grab.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (Ma-Config control) - http://fichiers.touslesdrivers.com/maco ... _0_0_6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Fichiers communs\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Fichiers communs\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe

--
End of file - 8251 bytes

-----------------------------------------------

# AdwCleaner v1.609 - Rapport créé le 20/06/2012 à 23:29:34
# Mis à jour le 10/06/2012 par Xplode
# Système d'exploitation : Microsoft Windows XP Service Pack 3 (32 bits)
# Nom d'utilisateur : BERNARD - FAMILLE
# Exécuté depuis : C:\Documents and Settings\BERNARD\Bureau\adwcleaner.exe
# Option [Recherche]


***** [Services] *****

Présent : vToolbarUpdater11.1.0

***** [Fichiers / Dossiers] *****

Dossier Présent : C:\Documents and Settings\BERNARD\Local Settings\Application Data\AVG Secure Search
Dossier Présent : C:\Documents and Settings\BERNARD\Local Settings\Application Data\Babylon
Dossier Présent : C:\Documents and Settings\BERNARD\Local Settings\Application Data\Conduit
Dossier Présent : C:\Documents and Settings\BERNARD\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
Dossier Présent : C:\DOCUME~1\BERNARD\LOCALS~1\Temp\avg@toolbar
Dossier Présent : C:\DOCUME~1\BERNARD\LOCALS~1\Temp\Iminent
Dossier Présent : C:\Documents and Settings\BERNARD\Application Data\AVG Secure Search
Dossier Présent : C:\Documents and Settings\BERNARD\Application Data\Babylon
Dossier Présent : C:\Documents and Settings\BERNARD\Application Data\Complitly
Dossier Présent : C:\Documents and Settings\BERNARD\Application Data\Iminent
Dossier Présent : C:\Documents and Settings\BERNARD\Application Data\Nosibay
Dossier Présent : C:\Documents and Settings\BERNARD\Application Data\OfferBox
Dossier Présent : C:\Documents and Settings\BERNARD\Application Data\Toolbar4
Dossier Présent : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Dossier Présent : C:\Documents and Settings\All Users\Application Data\Babylon
Dossier Présent : C:\Documents and Settings\All Users\Application Data\Viewpoint
Dossier Présent : C:\Documents and Settings\All Users\Application Data\Viewpoint
Dossier Présent : C:\Program Files\AVG Secure Search
Dossier Présent : C:\Program Files\Complitly
Dossier Présent : C:\Program Files\Fichiers communs\AVG Secure Search
Fichier Présent : C:\WINDOWS\Tasks\OfferBoxUpdate.job

***** [Registre] *****

[*] Clé Présente : HKLM\SOFTWARE\Classes\Toolbar.CT2124320
Clé Présente : HKCU\Software\AVG Secure Search
Clé Présente : HKCU\Software\Conduit
Clé Présente : HKCU\Software\Complitly
Clé Présente : HKCU\Software\Iminent
Clé Présente : HKCU\Software\Nosibay
Clé Présente : HKCU\Software\Offerbox
Clé Présente : HKCU\Software\Softonic
Clé Présente : HKLM\SOFTWARE\AVG Secure Search
Clé Présente : HKLM\SOFTWARE\Babylon
Clé Présente : HKLM\SOFTWARE\Iminent
Clé Présente : HKLM\SOFTWARE\Offerbox
Clé Présente : HKLM\SOFTWARE\Viewpoint
Clé Présente : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Clé Présente : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Clé Présente : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Clé Présente : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Clé Présente : HKLM\SOFTWARE\Classes\S
Clé Présente : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Clé Présente : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Clé Présente : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Clé Présente : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Clé Présente : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Clé Présente : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Clé Présente : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Clé Présente : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Clé Présente : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Clé Présente : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\E6A6A4A475FCE37F8B5AC2F1244DEB2BFCA5615A
Clé Présente : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Clé Présente : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Clé Présente : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Valeur Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Bubble Dock]
Valeur Présente : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Registre - GUID] *****

Clé Présente : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Clé Présente : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{58124A0B-DC32-4180-9BFF-E0E21AE34026}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}
Clé Présente : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Valeur Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Valeur Présente : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Navigateurs] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={0D614ED2-6539-474F-9B2D-1AF68760037D}&mid=&lang=en&ds=ft011&pr=sa&d=2012-06-02 10:25:24&v=11.1.0.7&sap=nt

-\\ Google Chrome v19.0.1084.56

Fichier : C:\Documents and Settings\BERNARD\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Présente : "path": "C:\\Program Files\\Fichiers communs\\AVG Secure Search\\SiteSafetyInstaller\\11.1.[...]

*************************

AdwCleaner[R1].txt - [14561 octets] - [20/06/2012 23:29:34]

########## EOF - C:\AdwCleaner[R1].txt - [14690 octets] ##########

[angelique]

ça parait OK

===> adwcleaner option desinstallation


Il faut lire ces instructions sinon ça reviendra !!!!


===> Prendre le temps de lire :: http://forum.malekal.com/les-exploits-s ... t3563.html


Lire sécuriser FireFox:: http://www.malekal.com/securiser_Firefox.php

Donc FireFox + Adblock + Noscript

• Firefox: http://www.mozilla.org/fr/firefox/new/

• Adblock: https://addons.mozilla.org/en-US/firefo ... lock-plus/

List FR + EasyList << à mettre à jour regulièrement

• Noscript: https://addons.mozilla.org/en-US/firefo ... /noscript/

Maitriser Noscript:





A LIRE

Un exploit sur site WEB permet l'infection de ton ordinateur de manière automatiquement à la visite d'un site WEB qui a été hacké, il tire partie du fait que tu as des logiciels (Java, Adobe Reader etc) qui sont pas à jour et possèdent des vulnérabilités qui permettent l'execution de code (malicieux dans notre cas) à ton insu.
Le fait de ne pas avoir des logiciels à jour et qui ont potentiellement des vulnérabilités permettent donc d'infecter ton système.
Exemple avec : Exploit Java

IMPORTANT : mettre à jour tes programmes notamment Java/Adobe Reader et Flash


Téléchargez TFC par OldTimer sur votre Bureau à utiliser régulierement :
http://oldtimer.geekstogo.com/TFC.exe

* Faites un double clic (clic droit executer en tant qu'administrateur avec vista\7) sur TFC.exe pour le lancer.
* L'outil va fermer tous les programmes lors de son exécution, donc vérifiez que vous avez sauvegardé tout votre travail en cours avant de commencer.
* Cliquez sur le bouton Start pour lancer le processus. Selon la fréquence à laquelle vous supprimez vos fichiers temporaires, cela peut durer de quelques secondes à une minute ou deux. Laissez le programme s'exécuter sans l'interrompre.
* Lorsqu'il a terminé, l'outil devrait faire redémarrer votre système; sinon redemarre manuellement

[bernie]

En fait, le scan Antivir s'est arreté la première fois.
J'ai relancé un scan qui a détecté 2 trojan et les a mis en quarantaine.
A priori, c'est tout bon

Merci Angélique

Rapport Antivir :



Avira AntiVir Personal
Report file date: mercredi 20 juin 2012 23:25

Scanning for 3850218 virus strains and unwanted programs.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILLE

Version information:
BUILD.DAT : 9.0.0.429 21701 Bytes 06/10/2010 10:04:00
AVSCAN.EXE : 9.0.3.10 466689 Bytes 20/11/2009 18:02:50
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:26
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:50
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:54
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 18:02:50
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 18:30:30
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 11:56:26
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 18:57:24
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 19:10:36
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10/05/2012 20:23:36
VBASE006.VDF : 7.11.29.137 2048 Bytes 10/05/2012 20:23:36
VBASE007.VDF : 7.11.29.138 2048 Bytes 10/05/2012 20:23:36
VBASE008.VDF : 7.11.29.139 2048 Bytes 10/05/2012 20:23:36
VBASE009.VDF : 7.11.29.140 2048 Bytes 10/05/2012 20:23:36
VBASE010.VDF : 7.11.29.141 2048 Bytes 10/05/2012 20:23:36
VBASE011.VDF : 7.11.29.142 2048 Bytes 10/05/2012 20:23:36
VBASE012.VDF : 7.11.29.143 2048 Bytes 10/05/2012 20:23:36
VBASE013.VDF : 7.11.29.144 2048 Bytes 10/05/2012 20:23:36
VBASE014.VDF : 7.11.30.3 198144 Bytes 14/05/2012 10:52:12
VBASE015.VDF : 7.11.30.69 186368 Bytes 17/05/2012 11:56:28
VBASE016.VDF : 7.11.30.143 223744 Bytes 21/05/2012 17:46:26
VBASE017.VDF : 7.11.30.207 287744 Bytes 23/05/2012 18:01:00
VBASE018.VDF : 7.11.31.57 188416 Bytes 28/05/2012 09:11:58
VBASE019.VDF : 7.11.31.111 214528 Bytes 30/05/2012 15:17:00
VBASE020.VDF : 7.11.31.151 116736 Bytes 31/05/2012 16:36:56
VBASE021.VDF : 7.11.31.205 134144 Bytes 03/06/2012 19:47:06
VBASE022.VDF : 7.11.32.9 169472 Bytes 05/06/2012 11:19:24
VBASE023.VDF : 7.11.32.85 155648 Bytes 08/06/2012 17:41:54
VBASE024.VDF : 7.11.32.133 127488 Bytes 11/06/2012 17:13:50
VBASE025.VDF : 7.11.32.171 182784 Bytes 12/06/2012 08:14:08
VBASE026.VDF : 7.11.32.251 119296 Bytes 14/06/2012 17:56:06
VBASE027.VDF : 7.11.33.83 159232 Bytes 18/06/2012 09:37:02
VBASE028.VDF : 7.11.33.84 2048 Bytes 18/06/2012 09:37:02
VBASE029.VDF : 7.11.33.85 2048 Bytes 18/06/2012 09:37:02
VBASE030.VDF : 7.11.33.86 2048 Bytes 18/06/2012 09:37:02
VBASE031.VDF : 7.11.33.94 29184 Bytes 19/06/2012 09:37:02
Engineversion : 8.2.10.92
AEVDF.DLL : 8.1.2.8 106867 Bytes 01/06/2012 16:36:58
AESCRIPT.DLL : 8.1.4.26 450939 Bytes 15/06/2012 17:56:24
AESCN.DLL : 8.1.8.2 131444 Bytes 27/01/2012 12:48:42
AESBX.DLL : 8.2.5.12 606578 Bytes 15/06/2012 17:56:26
AERDL.DLL : 8.1.9.15 639348 Bytes 14/09/2011 18:01:06
AEPACK.DLL : 8.2.16.18 807287 Bytes 15/06/2012 17:56:24
AEOFFICE.DLL : 8.1.2.36 201082 Bytes 15/06/2012 17:56:22
AEHEUR.DLL : 8.1.4.46 4923767 Bytes 15/06/2012 17:56:22
AEHELP.DLL : 8.1.21.0 254326 Bytes 10/05/2012 20:23:38
AEGEN.DLL : 8.1.5.30 422261 Bytes 15/06/2012 17:56:08
AEEXP.DLL : 8.1.0.52 82293 Bytes 15/06/2012 17:56:26
AEEMU.DLL : 8.1.3.0 393589 Bytes 24/11/2010 16:59:08
AECORE.DLL : 8.1.25.10 201080 Bytes 31/05/2012 15:17:28
AEBB.DLL : 8.1.1.0 53618 Bytes 23/04/2010 18:40:50
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:48:00
AVPREF.DLL : 9.0.3.0 44289 Bytes 20/11/2009 18:02:50
AVREP.DLL : 10.0.0.9 174120 Bytes 04/03/2011 15:51:20
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:10
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:42
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:10
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:50
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:34
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:12
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:40:00
RCTEXT.DLL : 9.0.73.0 86785 Bytes 20/11/2009 18:02:50

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: off
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: mercredi 20 juin 2012 23:25

Starting search for hidden objects.
c:\documents and settings\bernard\cookies\bernard@optimized-by.rubiconproject[2].txt
[INFO] The file is not visible.
c:\documents and settings\bernard\cookies\bernard@anonymousdmp[1].txt
[INFO] The file is not visible.
'86954' objects were checked, '2' hidden objects were found.

The scan of running processes will be started
Scan process 'adwcleaner.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'WUAUCLT.EXE' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'ToolbarUpdater.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'VPROT.EXE' - '1' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '1' Module(s) have been scanned
Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'admServ.exe' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Application Data\529C50A8000A3C2000037ACAD151FC84\529C50A8000A3C2000037ACAD151FC84.VIR
[DETECTION] Is the TR/FakeAV.nebb.11 Trojan
C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP1117\A0182488.exe
[DETECTION] Is the TR/FakeAV.nebb.11 Trojan
Begin scan in 'D:\' <ACERDATA>

Beginning disinfection:
C:\Documents and Settings\All Users\Application Data\529C50A8000A3C2000037ACAD151FC84\529C50A8000A3C2000037ACAD151FC84.VIR
[DETECTION] Is the TR/FakeAV.nebb.11 Trojan
[NOTE] The file was moved to '501bc2d6.qua'!
C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP1117\A0182488.exe
[DETECTION] Is the TR/FakeAV.nebb.11 Trojan
[NOTE] The file was moved to '5013c2d4.qua'!


End of the scan: jeudi 21 juin 2012 08:43
Used time: 7:52:21 Hour(s)

The scan has been done completely.

10625 Scanned directories
318545 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
2 Files cannot be scanned
318541 Files not concerned
9563 Archives were scanned
2 Warnings
4 Notes
86954 Objects were scanned with rootkit scan
2 Hidden objects were found

[angelique]

==> vide la quarantaine d'antivir , par contre passe adwcleaner option suppression

=> Une fois le scan fini, un rapport s'ouvrira.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt


==> refait un nouveau rapport Hijackthis