|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour,
J'ai un problème de virus que je n'arrive pas à résoudre. Après avoir lu plusieurs sujets sur le forum j'ai trouvé plusieurs personnes qui étaient touchées par le meme problème que moi mais je n'arrive pas à résoudre le mien en suivant les conseils qui leur ont été données.
J'ai fait une analyse anti virus avec Avast : il ne me trouve aucun virus !
J'ai téléchargé spyware doctor : 4 menaces, 73 infections !
- Spyware.Know_Bad_Sites
- Trojan.Virtumonde
- Trojan.Agent
- Adware.Agent.BN
L'analyse avec Vundofix n'a rien donné !!
Merci de m'aider.
|
|
|
|
|
Bonjour,
Télécharge HijackThis (Trend Micro)
Ferme toutes les applications, lance-le et poste le rapport.
Aide : Comment utiliser HijackThis.
@+
|
|
|
|
|
Merci pour la rapidité de ta réponse !
Voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:41, on 13/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spnpinst.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [6044f011] rundll32.exe "C:\WINDOWS\system32\plxvrltj.dll",b
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 8643 bytes
|
|
|
|
|
Re,
Télécharge Combofix (by sUbs)
NOTE : Sauvegarde-le sur le bureau - pas ailleurs / Désactive tes protections résidentes durant son utilisation.
Redémarre en MSE <=> Aide : Comment redémarrer en Mode sans Echec
~~ Privilège la méthode avec F8 ~~
Double Clic sur Combofix. Quand une question te sera posée, réponds par la touche 1 et valide par Entrée.
...Laisse toi guider...
Lorsque l'analyse est terminée, un rapport sera créé. Redémarre en mode normal et poste-le (C:\Combofix.txt).
@+
-->Message édité par Elfen Lied le 13/05/2008 18:19:08<--
|
|
|
|
|
re,
voici le rapport :
ComboFix 08-05-12.1 - Propriétaire 2008-05-13 18:54:03.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.91 [GMT 2:00]
Endroit: C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\cgoktwbu.ini
C:\WINDOWS\system32\cicxvrxt.ini
C:\WINDOWS\system32\CJlnoUtv.ini
C:\WINDOWS\system32\CJlnoUtv.ini2
C:\WINDOWS\system32\jtlrvxlp.ini
C:\WINDOWS\system32\plxvrltj.dll
C:\WINDOWS\system32\sicqlutc.ini
C:\WINDOWS\system32\vtUonlJC.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))))))))
.
2008-05-13 18:11 . 2008-05-13 18:11 <REP> d-------- C:\Program Files\Trend Micro
2008-05-13 17:45 . 2008-05-13 18:05 <REP> d-------- C:\Lop SD
2008-05-13 14:12 . 2008-05-13 14:12 <REP> d-------- C:\VundoFix Backups
2008-05-13 12:58 . 2008-05-13 19:04 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-13 12:57 . 2008-05-13 18:57 <REP> d-------- C:\Program Files\Spyware Doctor
2008-05-13 12:57 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-13 12:57 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-13 12:57 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-13 12:57 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-10 19:15 . 2007-03-29 14:58 409,600 -----c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-05-10 19:15 . 2007-03-29 14:58 18,944 -----c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-05-10 19:15 . 2007-03-29 14:58 8,192 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-05-10 19:15 . 2007-03-29 14:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-05-10 19:15 . 2007-03-29 14:58 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-05-10 19:15 . 2007-03-29 14:58 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-05-10 11:32 . 2008-05-10 16:46 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-05-06 14:56 . 2008-05-06 14:56 1 --a------ C:\WINDOWS\system32\kr_done1de
2008-05-05 18:59 . 2007-10-01 17:20 20,458 --------- C:\WINDOWS\hpoins01.dat.temp
2008-05-05 18:59 . 2003-04-06 06:33 16,622 --------- C:\WINDOWS\hpomdl01.dat.temp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 16:17 --------- d---a-w C:\Program Files\Easy Internet signup
2008-03-27 19:14 --------- d-----w C:\Program Files\MSN Messenger
2008-03-27 16:32 --------- d-----w C:\Program Files\Windows Live
2008-03-27 16:31 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-27 16:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-09-16 18:34 461 ----a-w C:\Program Files\INSTALL.LOG
2007-09-11 19:02 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-05-03 07:19 835654 C:\WINDOWS\system32\nview.dll]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 00:04 52736]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 15:07 114688]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-10-07 15:23 90112]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 11:03 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 10:56 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-12 04:02 61440]
"StorageGuard"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-02-13 16:01 155648]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-14 05:42 212992]
"VTTimer"="VTTimer.exe" [2003-05-08 08:32 36864 C:\WINDOWS\system32\VTTimer.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-05-03 07:19 4640768]
"nwiz"="nwiz.exe" [2003-05-03 07:19 323584 C:\WINDOWS\system32\nwiz.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 08:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-19 21:10 335872]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 11:27 139264]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 04:35 50176 C:\WINDOWS\ALCXMNTR.EXE]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-18 02:13 118784]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-17 00:57 81920]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-12 18:39 79224]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 22:30 188416]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmnmkjkk]
pmnmkjkk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-12 18:36]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-12 18:38]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2006-03-01 19:37]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-04 18:33:50 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1191270376.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
"2008-05-11 20:27:02 C:\WINDOWS\Tasks\FRU Task $ContextID$.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe
"2008-05-13 16:17:11 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
|
|
|
|
|
|
Poste un nouveau rapport HijackThis.
|
|
|
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39, on 2008-05-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\spnpinst.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\Sysocmgr.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-fr9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O20 - Winlogon Notify: pmnmkjkk - pmnmkjkk.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 8490 bytes
|
|
|
|
|
Relance HijackThis et coche la ligne :
O20 - Winlogon Notify: pmnmkjkk - pmnmkjkk.dll (file missing)
Clique sur Fix Checked.
Avast est bien trop lent à intégrer les nouvelles infections, pour plus d'informations :
Avast! VS Antivir : Le test de Malekal_Morte
En conséquence, je te conseille très vivement de le désinstaller pour Antivir, qui lui est très performant. Désinstalle-le avec ceci
* Puis télécharge et installe Antivir (Son tuto)
* Ensuite mets-le à jour et vérifie la date d'update. S'il ne se met pas à jour, aide ICI
* Conseils pour rendre son utilisation plus agréable ICI
Redémarre en MSE <=> Aide : Comment redémarrer en Mode sans Echec
~~ Privilège la méthode avec F8 ~~
Lance Antivir et réalise une analyse. Une fois terminée, mets en quarantaine les objets détectés et enregistre le rapport sur le bureau.
=> Redémarre en mode normal et Poste le !
@+
|
|
|
|
|
re,
j'ai désinstallé avast et téléchargé et installé antivir. J'ai fait la mise a jour par contre dès que je veux lancer l'analyse antivirus (que ce soit en mode normal ou en mode sans echec) un message d'erreur apparait : "self test failed" et plus rien ne se passe !
|
|
|
|
|
|
Si tu le réinstalle ça fonctionne ?
|
|
|
|
|
|
Bonjour merci pour toute les infos je pense avoir fait tout ce qu'il fallait mais l'antivir ne détecte rien.
|
|
|
|
|
Report file date: 2008-05-14 10:48
Jobname: 'Local Hard Disks'
Scanning for 284303 virus strains and unwanted programs.
Licensed to: AntiVir PersonalEdition Classic
Serialnumber: 0000149996-WURGE-0001
Platform: Windows XP
Windowsversion: (Service Pack 2) [5.1.2600]
Username: Propriétaire
Computername: GWLADYS
Versioninformations:
AVSCAN.EXE : 7.0.0.19 385064 2006-01-23 14:35:36
AVSCAN.DLL : 7.0.0.19 42536 2006-01-23 14:35:34
LUKE.DLL : 7.0.0.19 110632 2006-01-23 14:35:36
LUKERES.DLL : 7.0.0.19 27688 2006-01-23 14:35:36
ANTIVIR0.VDF : 6.32.0.60 4323840 2005-12-06 09:47:34
ANTIVIR1.VDF : 6.33.0.97 675328 2006-01-18 13:31:52
ANTIVIR2.VDF : 6.33.0.131 122880 2006-01-18 13:31:52
ANTIVIR3.VDF : 6.33.0.139 28160 2006-01-18 13:31:52
AVEWIN32.DLL : 6.33.0.30 1016320 2006-01-20 10:42:50
AVPREF.DLL : 6.34.0.0 33320 2006-01-18 11:05:46
AVREP.DLL : 6.33.0.100 1617960 2006-01-06 16:08:28
AVPACK32.DLL : 6.33.0.6 331816 2006-01-09 08:03:38
AVREG.DLL : 6.31.0.90 25128 2005-07-28 09:06:12
NETNT.DLL : 6.32.0.0 6696 2005-09-27 06:56:46
NETNW.DLL : 6.32.0.0 9768 2005-09-27 06:56:46
Start of the scan: 2008-05-14 10:48
Start scanning boot sectors:
Boot sector 'C:'
[NOTE] No virus was found!
Boot sector 'D:'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( 49 files ).
Starting the file scan:
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Documents\Ma musique\Thumbs.dble
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Documents\Mes images\Échantillons d'images\Thumbs.dble:$DATA�
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\Sharing Folders\christy.16@hotmail.fr\Thumbs.dble:$DATA�
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\Sharing Folders\peggy.godebout@orange.fr\Thumbs.dble
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\christy.16@hotmail.fr\DFSR\Staging\CS{6DAB4F36-3FB7-EB36-4075-9AA1C23FA9A6}\01\10-{6D~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\christy.16@hotmail.fr\DFSR\Staging\CS{6DAB4F36-3FB7-EB36-4075-9AA1C23FA9A6}\34\155-{5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\christy.16@hotmail.fr\DFSR\Staging\CS{6DAB4F36-3FB7-EB36-4075-9AA1C23FA9A6}\34\155-{5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\christy.16@hotmail.fr\DFSR\Staging\CS{6DAB4F36-3FB7-EB36-4075-9AA1C23FA9A6}\36\154-{5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\christy.16@hotmail.fr\DFSR\Staging\CS{6DAB4F36-3FB7-EB36-4075-9AA1C23FA9A6}\36\154-{5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\christy.16@hotmail.fr\DFSR\Staging\CS{6DAB4F36-3FB7-EB36-4075-9AA1C23FA9A6}\38\153-{5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\christy.16@hotmail.fr\DFSR\Staging\CS{6DAB4F36-3FB7-EB36-4075-9AA1C23FA9A6}\38\153-{5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\christy.16@hotmail.fr\DFSR\Staging\CS{6DAB4F36-3FB7-EB36-4075-9AA1C23FA9A6}\40\150-{5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\christy.16@hotmail.fr\DFSR\Staging\CS{6DAB4F36-3FB7-EB36-4075-9AA1C23FA9A6}\40\150-{5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\christy.16@hotmail.fr\DFSR\Staging\CS{6DAB4F36-3FB7-EB36-4075-9AA1C23FA9A6}\42\151-{5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\christy.16@hotmail.fr\DFSR\Staging\CS{6DAB4F36-3FB7-EB36-4075-9AA1C23FA9A6}\42\151-{5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\christy.16@hotmail.fr\DFSR\Staging\CS{6DAB4F36-3FB7-EB36-4075-9AA1C23FA9A6}\44\152-{5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\christy.16@hotmail.fr\DFSR\Staging\CS{6DAB4F36-3FB7-EB36-4075-9AA1C23FA9A6}\44\152-{5~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\damien59122@hotmail.fr\DFSR\Staging\CS{05DEE3F5-C757-2E75-4D1F-7B8287811D48}\01\19-{05~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\famillycadeau@hotmail.fr\DFSR\Staging\CS{A1535869-161A-4869-3BB8-909A1623913C}\01\18-{A1~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\peggy.godebout@orange.fr\DFSR\Staging\CS{863D1543-A681-AA00-F207-C0467333F808}\01\20-{86~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\peggy.godebout@orange.fr\DFSR\Staging\CS{863D1543-A681-AA00-F207-C0467333F808}\28\27-{FD~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\peggy.godebout@orange.fr\DFSR\Staging\CS{863D1543-A681-AA00-F207-C0467333F808}\28\27-{FD~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\peggy.godebout@orange.fr\DFSR\Staging\CS{863D1543-A681-AA00-F207-C0467333F808}\28\27-{FD~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\peggy.godebout@orange.fr\DFSR\Staging\CS{863D1543-A681-AA00-F207-C0467333F808}\29\35-{FD~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\peggy.godebout@orange.fr\DFSR\Staging\CS{863D1543-A681-AA00-F207-C0467333F808}\29\35-{FD~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\peggy.godebout@orange.fr\DFSR\Staging\CS{863D1543-A681-AA00-F207-C0467333F808}\29\35-{FD~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\peggy.godebout@orange.fr\DFSR\Staging\CS{863D1543-A681-AA00-F207-C0467333F808}\30\44-{FD~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\gwl8alex@msn.com\SharingMetadata\peggy.godebout@orange.fr\DFSR\Staging\CS{863D1543-A681-AA00-F207-C0467333F808}\30\44-{FD~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\Sharing Folders\sandra.coss@hotmail.fr\Thumbs.dble
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\01\10-{4B~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\61\28-{90~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\61\28-{90~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\62\37-{90~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\62\37-{90~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\64\20-{90~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\64\20-{90~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\65\27-{90~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\65\27-{90~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\66\36-{90~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\66\36-{90~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\91\35-{30~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\91\35-{30~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\tedd16@msn.com\SharingMetadata\sandra.coss@hotmail.fr\DFSR\Staging\CS{4BA2232C-39CB-C6F2-540C-8CD8387640F8}\92\28-{30~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Mes documents\Thumbs.dble
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Mes documents\Bébé\Thumbs.dble
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Mes documents\Ma musique\Thumbs.dble
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Mes documents\Mes fichiers reçus\Thumbs.dble
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Mes documents\Mes images\Thumbs.dble
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Mes documents\Mes images\2007-11 (nov.)\Thumbs.dble
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Mes documents\Mes images\2007-11 (nov.)\2007-10 (oct.)\Thumbs.dble
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Mes documents\Mes images\2008-05 (mai)\Thumbs.dble
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Mes documents\Mes images\Photo\Thumbs.dble
[WARNING] The file could not be opened!
C:\Documents and Settings\Propriétaire\Mes documents\Samsung PC Studio\Photo\Thumbs.dble
[WARNING] The file could not be opened!
C:\Program Files\DivX\Thumbs.dble
[WARNING] The file could not be opened!
C:\Program Files\Easy Internet signup\Thumbs.dble
[WARNING] The file could not be opened!
C:\Program Files\Java Web Start\Thumbs.dble
[WARNING] The file could not be opened!
C:\Program Files\Messenger\Thumbs.dble
[WARNING] The file could not be opened!
C:\Program Files\Microsoft Picture It! 7\Thumbs.dble
[WARNING] The file could not be opened!
C:\Program Files\Microsoft Works\Thumbs.dble
[WARNING] The file could not be opened!
C:\Program Files\Movie Maker\Thumbs.dble
[WARNING] The file could not be opened!
C:\Program Files\Movie Maker\Shared\Thumbs.dble
[WARNING] The file could not be opened!
C:\Program Files\Windows Live Toolbar\Thumbs.dble
[WARNING] The file could not be opened!
C:\Program Files\Windows Media Connect 2\Thumbs.dble
[WARNING] The file could not be opened!
C:\Program Files\Windows Media Player\Thumbs.dble
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system.LOG
[WARNING] The file could not be opened!
End of the scan: 2008-05-14 12:02
Used time: 1:13:28 min
The scan has been done completely.
4417 Scanning directories
295792 Files were scanned
0 viruses and/or unwanted programs was found
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
18202 Archives were scanned
166 Warnings
0 Notes
|
|
|
|
|
Bonjour,
Plus de souci ? Si tu estime ton sujet comme étant résolu,
Télécharge Tools Cleaner
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Télécharge Ccleaner Slim
* Installe le. Ensuite, clique sur « Options », « Avancé » et décoche la case « Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures ». Clique sur l'onglet « Nettoyeur » puis sur « Lancer le Nettoyage ».
* Ensuite clique sur l'onglet Registre, clique sur « Chercher des erreurs » puis sur « Réparer les erreurs sélectionnées ». Il est inutile de sauvegarder les clés.
Edite le titre de ton sujet  et inscris y : [résolu]
Rapporte ton infection pour faire condamner les auteurs de malware sur Malware-Complaints. Pour faire entendre nos voix, nous devons être le plus nombreux possibles, alors rapporte ton infection :
* Voir les règles de Malware-Complaints
* Enregistre sur le forum à partir du bouton register en haut :
Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age
Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10&sid=0ea0981a2025873f(...)
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet « Autres infections » conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10
Sujet important à lire et à faire passer !
F.A.Q Prévention & Aide à la sécurisation
@+
|
|
|
|
|
-->- Recherche:
C:\Combofix: trouvé !
C:\Lop SD: trouvé !
C:\Vundofix backups: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
Fichiers temporaires nettoyés !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu
Voici le rapport cleaner merci pour toute c'est info qui m'ont beaucoup apprie.
Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix: supprimé !
C:\Lop SD: supprimé !
C:\Vundofix backups: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
|
|
|
1
|
|
|
|
