|
|
Auteur
|
Message
|
1
2
3
4
|
|
|
|
bonsoir
voila le rapport clean
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 18/03/2008 a 22:46:53,03
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\InetGet2\"
*** Suppression des clefs du registre effectuee..
|
|
|
|
|
et voila le rapport antivir d'hier soir en mode sans echec
AntiVir PersonalEdition Classic
Report file date: mercredi 19 mars 2008 21:24
Scanning for 1159073 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: alexandra
Computer name: ALEXANDR-5D89BB
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:25:51
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 19:25:51
ANTIVIR3.VDF : 7.0.3.55 314368 Bytes 19/03/2008 19:25:51
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 19/03/2008 19:25:51
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/03/2008 19:25:52
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 19 mars 2008 21:24
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '0' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'control.exe' - '1' Module(s) have been scanned
Scan process 'control.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'dwwin.exe' - '1' Module(s) have been scanned
Scan process 'dwwin.exe' - '1' Module(s) have been scanned
Scan process 'Ad-aware.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SR_GUI.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '0' Module(s) have been scanned
Scan process 'guardgui.exe' - '0' Module(s) have been scanned
Scan process 'guardgui.exe' - '0' Module(s) have been scanned
Scan process 'guardgui.exe' - '0' Module(s) have been scanned
Scan process 'guardgui.exe' - '0' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SR_Watchdog.exe' - '1' Module(s) have been scanned
Scan process 'SR_Service.exe' - '1' Module(s) have been scanned
Scan process 'locator.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'lwsys32.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\lwsys32.exe'
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'lwsys32.exe' has been terminated
C:\WINDOWS\lwsys32.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was deleted!
47 processes with 46 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '21' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_ALEXANDR-5D89BB.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[1] Archive type: TAR (tape archiver)
--> _OTMoveIt/MovedFiles/03152008_155932/WINDOWS/lwsys32.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
--> WINDOWS/System32/whould.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> WINDOWS/System32/bohung.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> WINDOWS/mrofinu1423.exe.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> WINDOWS/winsyn32.dll
[DETECTION] Is the Trojan horse TR/Inject.afk
[INFO] The file was deleted!
C:\Documents and Settings\alexandra\Bureau\catchme.zip
[0] Archive type: ZIP
--> services.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48557c1c.qua'!
C:\Documents and Settings\alexandra\Bureau\Navilog1.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.59
[INFO] The file was moved to '48577c1e.qua'!
C:\Documents and Settings\alexandra\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/ALEXAN~1/Bureau/Upload_Me/mrofinu1423.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/ALEXAN~1/Bureau/Upload_Me/xldkvu.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '484d7c34.qua'!
C:\Documents and Settings\alexandra\Bureau\msnfix2\MSNFix\15032008_15111545.zip
[0] Archive type: ZIP
--> backup/mrofinu1423.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48117bfa.qua'!
C:\Documents and Settings\alexandra\Local Settings\Temp\xp_0233.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '48407d31.qua'!
C:\Documents and Settings\alexandra\Local Settings\Temporary Internet Files\Content.IE5\1123W9UJ\6736f989[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48147cf9.qua'!
C:\Documents and Settings\alexandra\Local Settings\Temporary Internet Files\Content.IE5\KPCX0RA3\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48317cfe.qua'!
C:\Documents and Settings\alexandra\Local Settings\Temporary Internet Files\Content.IE5\M11UZMHC\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48317cff.qua'!
C:\Documents and Settings\alexandra\Mes documents\Mes fichiers reçus\WinZip 8.1 Fr + WinAce 2.2 Fr + WinRar 3.11 Fr + QuickZip 2.22 Fr + Tous les cracks_by Horax1_Fr.exe
[0] Archive type: ZIP SFX (self extracting)
--> WinZip 8.1 Fr + WinAce 2.2 Fr + WinRar 3.11 Fr + QuickZip 2.22 Fr + Tous les cracks_by Horax1_Fr/WinAce 2.2/WinAce_Traduction_francaise.exe
[1] Archive type: ACE SFX (self extracting)
--> html\fran‡ais\av.htm
[WARNING] Error creating the file
--> html\fran‡ais\commands.htm
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\alexandra\Mes documents\Mes fichiers reçus\zip\WinZip 8.1 Fr + WinAce 2.2 Fr + WinRar 3.11 Fr + QuickZip 2.22 Fr + Tous les cracks_by Horax1_Fr\WinAce 2.2\WinAce_Traduction_francaise.exe
[0] Archive type: ACE SFX (self extracting)
--> html\fran‡ais\av.htm
[WARNING] Error creating the file
--> html\fran‡ais\commands.htm
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\alexandra\Mes documents\mes logiciels\aswclnr.exe
[DETECTION] Contains detection pattern of the worm WORM/Agent.CT
[INFO] The file was moved to '48587fa0.qua'!
C:\Documents and Settings\alexandra\Mes documents\mes logiciels\WinZip 8.1 Fr + WinAce 2.2 Fr + WinRar 3.11 Fr + QuickZip 2.22 Fr + Tous les cracks_by Horax1_Fr\WINZIP~1.EXE
[0] Archive type: ZIP SFX (self extracting)
--> WinZip 8.1 Fr + WinAce 2.2 Fr + WinRar 3.11 Fr + QuickZip 2.22 Fr + Tous les cracks_by Horax1_Fr/WinAce 2.2/WinAce_Traduction_francaise.exe
[1] Archive type: ACE SFX (self extracting)
--> html\fran‡ais\av.htm
[WARNING] Error creating the file
--> html\fran‡ais\commands.htm
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\alexandra\Mes documents\WinZip 8.1 Fr + WinAce 2.2 Fr + WinRar 3.11 Fr + QuickZip 2.22 Fr + Tous les cracks_by Horax1_Fr\WinAce 2.2\WinAce_Traduction_francaise.exe
[0] Archive type: ACE SFX (self extracting)
--> html\fran‡ais\av.htm
[WARNING] Error creating the file
--> html\fran‡ais\commands.htm
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll
[WARNING] The file could not be opened!
C:\WINDOWS\mrofinu1423.exe.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4850846c.qua'!
C:\WINDOWS\mrofinu1423.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4850846d.qua'!
C:\WINDOWS\nnnnn
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '484f8469.qua'!
C:\WINDOWS\whsyst32.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\winsyn32.dll
[DETECTION] Is the Trojan horse TR/Inject.afk
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\bohung.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '484985d6.qua'!
C:\WINDOWS\system32\whould.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48508605.qua'!
C:\_OTMoveIt\MovedFiles\03152008_155932\WINDOWS\lwsys32.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '4854866a.qua'!
C:\_OTMoveIt\MovedFiles\03172008_190816\WINDOWS\lwsys32.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '4854866b.qua'!
End of the scan: mercredi 19 mars 2008 22:30
Used time: 1:06:24 min
The scan has been done completely.
5636 Scanning directories
180222 Files were scanned
26 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
16 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
180196 Files not concerned
3333 Archives were scanned
17 Warnings
6 Notes
|
|
|
|
|
Refais un scan antivir 
|
|
|
|
|
toujours en mode sans echec ?
|
|
|
|
|
Why not 
|
|
|
|
|
bonsoir
voila mon rapport antivir , par contre je n'ai plus d'antivirus ...
AntiVir PersonalEdition Classic
Report file date: vendredi 21 mars 2008 17:49
Scanning for 1160082 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: alexandra
Computer name: ALEXANDR-5D89BB
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:25:51
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 19:25:51
ANTIVIR3.VDF : 7.0.3.61 328192 Bytes 20/03/2008 19:22:39
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 19/03/2008 19:25:51
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/03/2008 19:25:52
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 21 mars 2008 17:49
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '21' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\alexandra\Mes documents\Mes fichiers reçus\WinZip 8.1 Fr + WinAce 2.2 Fr + WinRar 3.11 Fr + QuickZip 2.22 Fr + Tous les cracks_by Horax1_Fr.exe
[0] Archive type: ZIP SFX (self extracting)
--> WinZip 8.1 Fr + WinAce 2.2 Fr + WinRar 3.11 Fr + QuickZip 2.22 Fr + Tous les cracks_by Horax1_Fr/WinAce 2.2/WinAce_Traduction_francaise.exe
[1] Archive type: ACE SFX (self extracting)
--> html\fran‡ais\av.htm
[WARNING] Error creating the file
--> html\fran‡ais\commands.htm
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\alexandra\Mes documents\Mes fichiers reçus\zip\WinZip 8.1 Fr + WinAce 2.2 Fr + WinRar 3.11 Fr + QuickZip 2.22 Fr + Tous les cracks_by Horax1_Fr\WinAce 2.2\WinAce_Traduction_francaise.exe
[0] Archive type: ACE SFX (self extracting)
--> html\fran‡ais\av.htm
[WARNING] Error creating the file
--> html\fran‡ais\commands.htm
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\alexandra\Mes documents\mes logiciels\WinZip 8.1 Fr + WinAce 2.2 Fr + WinRar 3.11 Fr + QuickZip 2.22 Fr + Tous les cracks_by Horax1_Fr\WINZIP~1.EXE
[0] Archive type: ZIP SFX (self extracting)
--> WinZip 8.1 Fr + WinAce 2.2 Fr + WinRar 3.11 Fr + QuickZip 2.22 Fr + Tous les cracks_by Horax1_Fr/WinAce 2.2/WinAce_Traduction_francaise.exe
[1] Archive type: ACE SFX (self extracting)
--> html\fran‡ais\av.htm
[WARNING] Error creating the file
--> html\fran‡ais\commands.htm
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\alexandra\Mes documents\WinZip 8.1 Fr + WinAce 2.2 Fr + WinRar 3.11 Fr + QuickZip 2.22 Fr + Tous les cracks_by Horax1_Fr\WinAce 2.2\WinAce_Traduction_francaise.exe
[0] Archive type: ACE SFX (self extracting)
--> html\fran‡ais\av.htm
[WARNING] Error creating the file
--> html\fran‡ais\commands.htm
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
End of the scan: vendredi 21 mars 2008 19:21
Used time: 1:31:52 min
The scan has been done completely.
5650 Scanning directories
181022 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
181022 Files not concerned
3329 Archives were scanned
13 Warnings
6 Notes
|
|
|
|
|
Re,
Supprime C:\Documents and Settings\alexandra\Mes documents\mes logiciels\WinZip 8.1 Fr + WinAce 2.2 Fr + WinRar 3.11 Fr + QuickZip 2.22 Fr + Tous les cracks_by Horax1_Fr
Puis reposte un Hijackthis
|
|
|
|
|
Bonjour,
j'ai effacé le dossier ci-dessus
voila mon nouvel hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:01:18, on 22/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Documents and Settings\alexandra\Mes documents\mes logiciels\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {63942423-2F01-44C0-B340-B58CC18E068F} - C:\WINDOWS\system32\dpsfrial.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [5E39J1V19L] C:\WINDOWS\whsyst32.exe
O4 - HKLM\..\Policies\Explorer\Run: [update32] C:\WINDOWS\lwsys32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6559 bytes
|
|
|
|
|
Re,
En relisant le sujet, je me suis aperçu que tu n'as pas correctement appliqué les actions avec AVG!
Il faut supprimer ou mettre en quarantaine, comme tu veux !
Donc refais-le 
Puis :
Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.
Déconnecte toi d'Internet puis ferme tous les programmes.
Double-clique sur Gmer.exe.
Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
Clique sur l'onglet rootkit.
A droite, coche seulement Files et Services.
Clique maintenant sur Scan.
Lorsque le scan est terminé, clique sur Copy.
Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et poste le contenu ici.
|
|
|
|
|
re bonjour
je te poste le rapport avg
et je reviens apres gmer...
merci
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 17:29:35 22/03/2008
+ Résultat de l'analyse:
HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP49\A0016494.exe -> Downloader.Agent.jya : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP50\A0016512.exe -> Downloader.Agent.jya : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP52\A0016564.exe -> Downloader.Agent.krh : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP57\A0024008.exe -> Downloader.Agent.krh : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP57\A0025023.exe -> Downloader.Agent.krh : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP57\A0025042.exe -> Downloader.Agent.krh : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP59\A0025097.exe -> Downloader.Agent.lak : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP60\A0025313.exe -> Downloader.Agent.lak : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP61\A0026425.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP62\A0026435.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP62\A0026456.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP62\A0026462.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP63\A0026474.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP63\A0026492.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP63\A0026500.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP63\A0026520.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP63\A0026521.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP63\A0026533.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP63\A0026534.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP63\A0026543.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP63\A0026547.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP63\A0026560.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP63\A0026569.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP63\A0026582.exe -> Downloader.Agent.lbx : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP53\A0021561.exe -> Downloader.Small.irm : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP66\A0030018.exe -> Downloader.Small.sth : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP66\A0030019.exe -> Downloader.Small.sth : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP53\A0021559.exe -> Not-A-Virus.Adware.Insider : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP57\A0025022.exe -> Not-A-Virus.Adware.Insider : Aucune action entreprise.
C:\System Volume Information\_restore{DABA6DB6-D005-45D0-8770-CD37364C91F7}\RP57\A0025033.exe -> Not-A-Virus.Adware.Insider : Aucune action entreprise.
:mozilla.175:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.323:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.370:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.374:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Documents and Settings\alexandra\Cookies\alexandra@2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.371:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.372:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.310:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Adition : Aucune action entreprise.
:mozilla.311:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Adition : Aucune action entreprise.
:mozilla.38:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\Documents and Settings\alexandra\Cookies\alexandra@adtech[1].txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.17:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.32:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Adviva : Aucune action entreprise.
:mozilla.104:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\alexandra\Cookies\alexandra@atdmt[1].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.192:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.335:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.232:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.233:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.234:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.71:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\alexandra\Cookies\alexandra@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.210:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.39:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.41:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.285:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise.
:mozilla.326:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.327:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Hitbox : Aucune action entreprise.
:mozilla.75:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.76:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.312:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\alexandra\Cookies\alexandra@search.msn[2].txt -> TrackingCookie.Msn : Aucune action entreprise.
:mozilla.319:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.245:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.246:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.247:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.248:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Revsci : Aucune action entreprise.
:mozilla.118:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.122:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.123:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.124:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.125:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.126:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.131:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\alexandra\Cookies\alexandra@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\alexandra\Cookies\alexandra@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.59:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.60:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.61:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.64:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\alexandra\Cookies\alexandra@smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.44:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.45:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.46:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.47:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.48:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\alexandra\Cookies\alexandra@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.121:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\alexandra\Cookies\alexandra@weborama[1].txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.103:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Webtrends : Aucune action entreprise.
:mozilla.299:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
C:\Documents and Settings\alexandra\Cookies\alexandra@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
:mozilla.145:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.146:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.147:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.148:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.149:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.150:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.151:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.152:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.157:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.158:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.159:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.160:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.161:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
:mozilla.162:C:\Documents and Settings\alexandra\Application Data\Mozilla\Firefox\Profiles\f6czc882.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
Fin du rapport
|
|
|
|
|
re
il n'y a rien sur gmer.
pas de rapport n'a rien trouvé au scan
|
|
|
|
|
Toujours pas appliqués les actions !!
|
|
|
|
|
si j'ai pas compris...
j'ai fais avg mise en quarantaine en mode sans echec
j'ai rate quoi ?
|
|
|
|
|
Normalement, il devrait y avoir marqué nettoyé et pas aucune action entreprise 
Sélectionne l’intégralité du cadre ci-dessous :
REGEDIT4
[-HKLM\SOFTWARE\Classes\WR]
Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de Correction.reg
Double-clique dessus, accepte l’inscription des données.
Puis tu reposteras un dernier HIjackthis
|
|
|
|
|
Bonsoir
dimanche un peu chargée...
j'ai mis la commande, j'ai accepté
voila le nouveau rapport hijack
merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:30, on 23/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\alexandra\Mes documents\mes logiciels\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {63942423-2F01-44C0-B340-B58CC18E068F} - C:\WINDOWS\system32\dpsfrial.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKLM\..\Policies\Explorer\Run: [5E39J1V19L] C:\WINDOWS\whsyst32.exe
O4 - HKLM\..\Policies\Explorer\Run: [update32] C:\WINDOWS\lwsys32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6613 bytes
|
|
|
|
|
Re,
Télécharge Combofix (de sUBs) sur ton Bureau.
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista)
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
Le rapport se trouve ici : C:\Combofix.txt
|
|
|
|
|
bonjour et joyeuses paques..
voila le rapport combofix
ComboFix 08-03-23.5 - alexandra 2008-03-24 11:44:21.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.87 [GMT 1:00]
Endroit: C:\Documents and Settings\alexandra\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\JavaCore
C:\Program Files\Temporary
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))))))))
.
2008-03-23 22:46 . 2008-03-23 22:46 268 --ah----- C:\sqmdata10.sqm
2008-03-23 22:46 . 2008-03-23 22:46 244 --ah----- C:\sqmnoopt10.sqm
2008-03-22 21:48 . 2008-03-22 21:48 268 --ah----- C:\sqmdata09.sqm
2008-03-22 21:48 . 2008-03-22 21:48 244 --ah----- C:\sqmnoopt09.sqm
2008-03-22 21:26 . 2008-03-22 21:26 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-03-22 21:14 . 2008-03-22 21:14 268 --ah----- C:\sqmdata08.sqm
2008-03-22 21:14 . 2008-03-22 21:14 244 --ah----- C:\sqmnoopt08.sqm
2008-03-22 17:38 . 2008-03-22 17:38 250 --a------ C:\WINDOWS\gmer.ini
2008-03-22 12:33 . 2008-03-22 12:33 268 --ah----- C:\sqmdata07.sqm
2008-03-22 12:33 . 2008-03-22 12:33 244 --ah----- C:\sqmnoopt07.sqm
2008-03-21 22:52 . 2008-03-21 22:52 268 --ah----- C:\sqmdata06.sqm
2008-03-21 22:52 . 2008-03-21 22:52 244 --ah----- C:\sqmnoopt06.sqm
2008-03-20 22:03 . 2008-03-20 22:03 268 --ah----- C:\sqmdata05.sqm
2008-03-20 22:03 . 2008-03-20 22:03 244 --ah----- C:\sqmnoopt05.sqm
2008-03-20 21:23 . 2008-03-20 21:23 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-03-20 21:22 . 2005-10-21 02:47 30,592 --a------ C:\WINDOWS\system32\drivers\rndismpx.sys
2008-03-20 21:22 . 2005-10-21 02:47 30,592 --a--c--- C:\WINDOWS\system32\dllcache\rndismpx.sys
2008-03-20 21:22 . 2005-10-21 02:47 12,800 --a------ C:\WINDOWS\system32\drivers\usb8023x.sys
2008-03-20 21:22 . 2005-10-21 02:47 12,800 --a--c--- C:\WINDOWS\system32\dllcache\usb8023x.sys
2008-03-20 21:21 . 2008-03-20 21:21 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-03-20 21:21 . 2008-03-22 20:46 <REP> d-------- C:\Program Files\Microsoft ActiveSync
2008-03-19 20:38 . 2008-03-19 20:38 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents
2008-03-19 20:21 . 2008-03-19 20:21 <REP> d-------- C:\Program Files\Avira
2008-03-19 20:21 . 2008-03-19 20:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-18 19:14 . 2008-03-18 19:14 <REP> d-------- C:\Documents and Settings\alexandra\Application Data\Grisoft
2008-03-18 19:03 . 2008-03-18 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-18 19:03 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-18 17:56 . 2008-03-18 17:56 14,848 --a------ C:\WINDOWS\system32\dpsfrial.dll
2008-03-16 19:44 . 2008-03-17 18:01 <REP> d-------- C:\Program Files\Navilog1
2008-03-15 15:59 . 2008-03-15 15:59 <REP> d-------- C:\_OTMoveIt
2008-03-15 15:01 . 2008-03-15 17:11 <REP> d-------- C:\Program Files\Notepad++
2008-03-15 15:01 . 2008-03-15 15:06 <REP> d-------- C:\Documents and Settings\alexandra\Application Data\Notepad++
2008-03-15 14:23 . 2008-03-15 14:23 244 --ah----- C:\sqmnoopt04.sqm
2008-03-15 14:23 . 2008-03-15 14:23 232 --ah----- C:\sqmdata04.sqm
2008-03-15 12:24 . 2008-03-15 12:24 14,848 --a------ C:\WINDOWS\system32\rdpdd32.dll
2008-03-15 12:21 . 2008-03-15 12:21 <REP> d-------- C:\Documents and Settings\alexandra\PATCH GENUINE
2008-03-14 21:32 . 2008-03-14 21:32 <REP> d-------- C:\Program Files\Trend Micro
2008-03-12 18:45 . 2008-03-12 18:45 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-03-12 18:45 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-03-12 18:44 . 2008-03-12 18:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-03-12 18:44 . 2008-03-12 18:44 <REP> d-------- C:\Documents and Settings\alexandra\Application Data\TuneUp Software
2008-03-12 18:43 . 2008-03-12 18:44 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-12 18:42 . 2008-03-12 18:42 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-09 17:58 . 2008-03-09 17:58 <REP> d-------- C:\Documents and Settings\alexandra\Application Data\Serif
2008-03-09 17:36 . 2008-03-09 17:36 <REP> d-------- C:\Program Files\Micro application
2008-03-09 17:27 . 2008-03-09 17:27 <REP> d-------- C:\Program Files\CCleaner
2008-03-06 20:31 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-03-06 20:27 . 2008-03-06 20:27 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-06 18:17 . 2008-03-08 15:24 <REP> d-------- C:\Program Files\nvcoi
2008-03-04 20:25 . 2008-03-04 20:25 244 --ah----- C:\sqmnoopt03.sqm
2008-03-04 20:25 . 2008-03-04 20:25 232 --ah----- C:\sqmdata03.sqm
2008-03-04 20:06 . 2008-03-04 20:06 244 --ah----- C:\sqmnoopt02.sqm
2008-03-04 20:06 . 2008-03-04 20:06 232 --ah----- C:\sqmdata02.sqm
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 20:04 --------- d-----w C:\Documents and Settings\alexandra\Application Data\uTorrent
2008-03-19 18:17 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-15 17:49 --------- d-----w C:\Documents and Settings\alexandra\Application Data\WholeSecurity
2008-03-12 19:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-09 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-08 17:36 --------- d-----w C:\Program Files\Windows Live
2008-02-21 17:42 --------- d-----w C:\Documents and Settings\alexandra\Application Data\Image Zone Express
2008-02-15 17:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-13 13:09 --------- d-----w C:\Documents and Settings\alexandra\Application Data\HP
2008-02-10 18:25 --------- d-----w C:\Documents and Settings\alexandra\Application Data\eBay
2008-02-10 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\eBay
2008-02-10 18:22 --------- d-----w C:\Program Files\eBay
2008-02-10 18:20 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-26 15:49 --------- d-----w C:\Program Files\adslTV
2008-01-26 15:19 --------- d-----w C:\Documents and Settings\alexandra\Application Data\vlc
2005-06-24 17:36 39,036 ----a-w C:\WINDOWS\inf\lgusbmodem.sys
2005-05-26 10:04 22,328 ----a-w C:\WINDOWS\inf\lgbus9x.sys
2005-05-26 10:01 38,144 ----a-w C:\WINDOWS\inf\lgusbdiag.sys
2005-05-26 10:01 21,344 ----a-w C:\WINDOWS\inf\lgusbbus.sys
2004-10-20 13:23 21,696 ----a-w C:\WINDOWS\inf\fbxusb.sys
2004-10-20 13:23 21,344 ----a-w C:\WINDOWS\inf\fbxusb32.sys
2004-07-13 20:12 14,924 ----a-w C:\WINDOWS\inf\OMVA.sys
2004-07-09 03:27 48,512 ----a-w C:\WINDOWS\inf\stream.sys
2004-07-09 03:26 83,968 ----a-w C:\WINDOWS\inf\nabtsfec.sys
2004-07-09 03:26 18,688 ----a-w C:\WINDOWS\inf\wstcodec.sys
2004-07-09 03:26 16,384 ----a-w C:\WINDOWS\inf\ccdecode.sys
2004-07-09 03:26 14,976 ----a-w C:\WINDOWS\inf\streamip.sys
2004-07-09 03:26 10,880 ----a-w C:\WINDOWS\inf\slip.sys
2004-07-09 03:26 10,112 ----a-w C:\WINDOWS\inf\ndisip.sys
2003-03-29 14:45 89,184 ----a-w C:\WINDOWS\inf\imagedrv.sys
2003-03-27 12:38 127,145 ----a-w C:\WINDOWS\inf\adiusbaw.sys
2003-03-25 16:02 46,455 ----a-w C:\WINDOWS\inf\adildr.sys
2002-10-01 12:43 119,798 ----a-w C:\WINDOWS\inf\spca561.sys
2002-09-25 12:20 200,704 ----a-w C:\WINDOWS\inf\AdADIx32.dll
2002-09-16 10:25 941,516 ----a-r C:\WINDOWS\inf\ALCXWDM.SYS
2002-09-11 02:57 46,592 ----a-r C:\WINDOWS\inf\SOUNDMAN.EXE
2002-07-24 02:30 32,128 ----a-w C:\WINDOWS\inf\VIAAGP1.SYS
2002-04-01 06:42 19,072 ----a-r C:\WINDOWS\inf\usbehci.sys
2001-12-26 01:13 487,424 ----a-r C:\WINDOWS\inf\D125UFW.dll
2001-12-01 00:57 921,650 ----a-r C:\WINDOWS\inf\SCANINTF.dll
2001-12-01 00:57 49,200 ----a-r C:\WINDOWS\inf\SYSERROR.exe
2001-12-01 00:57 28,720 ----a-r C:\WINDOWS\inf\SG63CPL.DLL
2001-12-01 00:57 253,992 ----a-r C:\WINDOWS\inf\TPM.dll
2001-12-01 00:57 2,514,988 ----a-r C:\WINDOWS\inf\IOP.dll
2001-12-01 00:57 184,364 ----a-r C:\WINDOWS\inf\DEVUI.dll
2001-12-01 00:57 180,272 ----a-r C:\WINDOWS\inf\IMGENH.dll
2001-12-01 00:57 1,044,520 ----a-r C:\WINDOWS\inf\CSUI.dll
2001-12-01 00:55 102,400 ----a-r C:\WINDOWS\inf\D125UUD.DLL
2001-09-28 00:31 729,088 ----a-r C:\WINDOWS\inf\D125UAG.DLL
2001-09-11 01:44 98,304 ----a-r C:\WINDOWS\inf\RMSLANTC.DLL
2001-09-11 01:44 479,232 ----a-r C:\WINDOWS\inf\NBSCOR4M.DLL
2001-09-11 01:44 36,864 ----a-r C:\WINDOWS\inf\NBS4MB.DLL
2001-09-11 01:44 24,576 ----a-r C:\WINDOWS\inf\JDA_MEM.DLL
2001-09-11 01:44 24,576 ----a-r C:\WINDOWS\inf\JDA_CIMG.DLL
2001-08-28 14:00 94,864 ----a-w C:\WINDOWS\inf\twain.dll
2001-08-28 14:00 49,680 ----a-w C:\WINDOWS\inf\twunk_16.exe
2001-08-28 14:00 49,152 ----a-w C:\WINDOWS\inf\cnbjmon.dll
2001-08-28 14:00 46,592 ----a-w C:\WINDOWS\inf\twain_32.dll
2001-08-28 14:00 322,560 ----a-w C:\WINDOWS\inf\msvcrt.dll
2001-08-28 14:00 25,600 ----a-w C:\WINDOWS\inf\twunk_32.exe
2001-08-23 04:00 4,608 ----a-w C:\WINDOWS\inf\mspqm.sys
2001-08-17 20:53 13,824 ----a-w C:\WINDOWS\inf\usbscan.sys
2001-05-24 13:24 22,395 ----a-w C:\WINDOWS\inf\fpga.bin
2001-04-11 11:10 327,740 ----a-r C:\WINDOWS\inf\UCS32P.DLL
2001-02-09 09:43 4,981 ----a-w C:\WINDOWS\inf\AdADIx2K.dll
2001-02-08 10:05 46,892 ----a-w C:\WINDOWS\inf\adadix16.dll
1998-06-17 10:14 45,056 ----a-r C:\WINDOWS\inf\CANOIT32.exe
1998-06-17 10:14 119,808 ----a-r C:\WINDOWS\inf\ITLIB32.dll
.
[code]<pre>
----a-w 1,961,984 2003-06-17 14:11:08 C:\Documents and Settings\alexandra\Mes documents\Mes fichiers reçus\WinZip 8.1 français .exe
</pre>[/code]
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{63942423-2F01-44C0-B340-B58CC18E068F}]
2008-03-18 17:56 14848 --a------ C:\WINDOWS\system32\dpsfrial.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 14:07 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-19 20:25 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"5E39J1V19L"= C:\WINDOWS\whsyst32.exe
"update32"= C:\WINDOWS\lwsys32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2004-07-13 22:14 24673 C:\WINDOWS\system32\ckpNotify.dll
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"eBayToolbar"=C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
"UpdateManager"="C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 00:07]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-06-11 11:40]
R2 Scap;SecureClient Application Policy Module;C:\WINDOWS\system32\DRIVERS\Scap.sys [2004-07-13 21:13]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:55]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2004-07-13 21:13]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2004-07-13 21:13]
S3 OMVA;VPN-1 SecureClient Adapter;C:\WINDOWS\system32\DRIVERS\OMVA.sys [2004-07-13 21:12]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-12 18:45]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-24 10:22:44 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-24 11:48:01
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-24 11:49:56
ComboFix-quarantined-files.txt 2008-03-24 10:49:51
.
2008-03-14 17:38:01 --- E O F ---
|
|
|
| |
