|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour a tous !
Cela fait depuis environ 4 jours que mon ordi trouve en masse de virus.
J'utilise avast, et il ne se passe pas une journée sans qu'une alerte sorte de l'ordi.
En general les virus sont dans system32 et se sont des .dll, ou il sont dans applisationdata/tempory.../Content
Aujourd'hui environ 5 alertes me sont sorti (tous applicationdata), hier environ 10 (tous system32).
On dirait que c'est autaumatique, un message sort envrion toutes les 3 ou 4 heures °_°
Et depuis hier soir, internet ce met aussi dans la galere.
Au début tout va bien, puis au bout d'un moment, en 10 secondes il se met a il ramer completement, certaines pages ne s'ouvrent plus car elles sont tellements longues a ouvrir (tout a l'heure j'ai laissé pendant 15 minutes la page s'ouvrir, mais a la fin la barre de progression verte augmentait toujours pas et la page etait en mode recherche).
Des que ca fait ca, j'eteins l'ordi, debranche tous les fils du modems, les rebranches et rallume. Ca remarche a la normale, sauf que pareil, au bout d'un certains temps c'est le ramage complet 
Je me demandais si ca ne venait pas des virus qu'avast me detecte tout le temps :?
Pourtant, j'ai avast et antivir 24h/24 qui tourne sur l'ordi.
J'ai fait une nettoyage complet de l'ordi il y a environ une semaine, une analyse avast et une antivir.
Pouvez vous m'aider s'il vous plait ?
En vous remerciant.
Anna 
-->Message édité par annaprout42 le 30/05/2008 17:38:55<--
|
|
|
|
|
Bonsoir,
Glamour ton pseudo 
Télécharge HijackThis (Trend Micro) sur le bureau.
Double clique sur HJTInstall.exe pour lancer l'installation.
Clique sur Install.
Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer.
Accepte la licence en cliquant sur Yes.
Ferme toutes les applications en cours d'utilisation.
Clique sur "Do a system scan and save a logfile".
Le Bloc Notes s'ouvre, poste le rapport généré sur le forum.
Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
Aide : Comment utiliser HijackThis.
@+
|
|
|
|
|
Merci Hate-Love-Anger, Pastis c'est un de mes chats (non non je ne suis pas une alcolo) 
Voici donc le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:48, on 28/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2BAEAEA3-F102-4D05-AC6F-7C4C41179D9E} - C:\Windows\system32\qoMeETNf.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A5CCF045-851A-4ABA-B1E0-974B16AD939C} - (no file)
O2 - BHO: (no name) - {A86FD359-D66C-4434-91D6-4A415AADC6B6} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\nnNHwWOh.dll,#1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BMf540af60] Rundll32.exe "C:\Windows\system32\bbipxhqr.dll",s
O4 - HKLM\..\Run: [f6739cfc] rundll32.exe "C:\Windows\system32\jfdqinjv.dll",b
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.(...)
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 12135 bytes
|
|
|
|
|
Re,
Télécharge Combofix (by sUbs)
NOTE : Sauvegarde-le sur le bureau - pas ailleurs / Désactive tes protections résidentes durant son utilisation / Déconnecte toi de Internet.
- Redémarre en MSE <=> Aide : Comment redémarrer en Mode sans Echec
-> Ne jamais redémarrer via msconfig.
Double Clic sur Combofix.
Quand une question te sera posée, réponds par la touche 1 et valide par Entrée.
Laisse toi guider et ne touche à rien, sinon le PC risque de freezer.
Lorsque l'analyse est terminée, un rapport sera créé.
Redémarre en mode normal et poste-le (C:\Combofix.txt).
Aide : Un guide et un tutoriel sur l'utilisation de ComboFix
@+
|
|
|
|
|
ok merci, je vais faire ca de suite.
A toute
|
|
|
|
|
Voici donc le rapport combofix :
ComboFix 08-05-28.4 - SYSTEM 2008-05-29 9:36:39.13 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2709 [GMT 2:00]
Endroit: C:\Users\Propriétaire\Desktop\ComboFix.exe
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Marie\lsass.exe
C:\Windows\system32\bbipxhqr.dll
C:\Windows\system32\byXQKaAs.dll
C:\Windows\System32\dcdfOqss.ini
C:\Windows\System32\dcdfOqss.ini2
C:\Windows\System32\DLSsYcdd.ini
C:\Windows\System32\DLSsYcdd.ini2
C:\Windows\system32\dugpwwof.ini
C:\Windows\system32\efcCsqrs.dll
C:\Windows\system32\fccBuVlj.dll
C:\Windows\System32\fNTEeMoq.ini
C:\Windows\System32\fNTEeMoq.ini2
C:\Windows\system32\fwlylhal.dll
C:\Windows\system32\hwemdixk.dll
C:\Windows\system32\jfdqinjv.dll
C:\Windows\System32\jlVuBccf.ini
C:\Windows\System32\jlVuBccf.ini2
C:\Windows\system32\jwmyxcfb.dll
C:\Windows\system32\kxrfmcgg.dll
C:\Windows\system32\ljJAQKcD.dll
C:\Windows\System32\lUFMlmoq.ini
C:\Windows\System32\lUFMlmoq.ini2
C:\Windows\system32\mbvyrkce.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\ooospqdd.dll
C:\Windows\system32\qoMeETNf.dll
C:\Windows\System32\sAaKQXyb.ini
C:\Windows\System32\sAaKQXyb.ini2
C:\Windows\System32\srqsCcfe.ini
C:\Windows\System32\srqsCcfe.ini2
C:\Windows\system32\ssqOfdcd.dll
C:\Windows\system32\ssqRJaax.dll
C:\Windows\system32\vjniqdfj.ini
C:\Windows\System32\XGNTtuvw.ini
C:\Windows\System32\XGNTtuvw.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 20:06 --------- d-----w C:\Program Files\Trend Micro
2008-05-28 19:13 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-27 16:29 --------- d-----w C:\Users\Marie\AppData\Roaming\MyPhoneExplorer
2008-05-27 16:23 --------- d-----w C:\Users\Marie\AppData\Roaming\OpenOffice.org2
2008-05-24 12:53 --------- d-----w C:\Program Files\Panda Security
2008-05-24 12:10 --------- d-----w C:\Program Files\MSBuild
2008-05-24 11:52 --------- d-----w C:\Program Files\Alwil Software
2008-05-23 15:05 71,680 ----a-w C:\Users\Marie\msconfig.exe
2008-05-23 15:05 511 ----a-w C:\Users\Marie\169.bat
2008-05-20 12:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-17 21:52 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-05-17 21:36 --------- d-----w C:\Program Files\MyPhoneExplorer
2008-05-17 08:46 --------- d-----w C:\Users\Marie\AppData\Roaming\Leadertech
2008-05-16 19:53 --------- d-----w C:\Users\Marie\AppData\Roaming\Image Zone Express
2008-05-16 18:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 16:58 --------- d-----w C:\Users\Marie\AppData\Roaming\Teleca
2008-05-16 16:50 --------- d-----w C:\Users\Marie\AppData\Roaming\Sony Ericsson
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 20:28 --------- d-----w C:\Program Files\Windows Mail
2008-05-12 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 17:16 --------- d-----w C:\Program Files\SDLL
2008-05-07 15:58 --------- d-----w C:\Program Files\eMule
2008-05-07 15:57 --------- d-----w C:\Program Files\Java
2008-05-06 12:04 0 ----a-w C:\osy3.sys
2008-04-22 14:07 --------- d-----w C:\Users\Marie\AppData\Roaming\Zylom
2008-04-18 08:37 --------- d-----w C:\Program Files\iTunes
2008-04-18 08:36 --------- d-----w C:\Program Files\QuickTime
2008-04-18 08:36 --------- d-----w C:\Program Files\iPod
2008-04-18 08:36 --------- d-----w C:\PROGRA~2\Apple Computer
2008-04-18 08:34 --------- d-----w C:\Program Files\Apple Software Update
2008-04-16 15:48 --------- d-----w C:\Program Files\Fish Aquarium 3D Screensaver
2008-04-08 17:19 --------- d-----w C:\Program Files\fishaquarium
2008-04-07 08:14 --------- d-----w C:\PROGRA~2\HPSSUPPLY
2008-04-07 07:12 --------- d-----w C:\Program Files\HP
2008-04-07 01:49 8,140,915 ----a-w C:\Windows\breve.scr
2008-04-07 01:49 237,568 ----a-w C:\Windows\glut32.dll
2008-03-29 18:35 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-29 18:35 --------- d-----w C:\Program Files\Realtek
2008-03-29 08:49 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-16 09:25 643,920 ----a-w C:\PortableRoboForm.exe
2008-02-02 22:18 174 --sha-w C:\Program Files\desktop.ini
2007-12-29 15:25 612 ----a-w C:\Users\Marie\AppData\Roaming\wklnhst.dat
2007-12-25 14:50 47,360 ----a-w C:\Users\Marie\AppData\Roaming\pcouffin.sys
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 12:28 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-03-16 11:26 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 20:31 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-09-25 02:11 54672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 13:25 249896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"MSServer"="C:\Windows\system32\byXQIYro.dll" [2008-05-23 17:05 28160]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"= C:\Windows\system32\byXQIYro.dll [2008-05-23 17:05 28160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-918319700-1789878857-3928151191-1001]
"EnableNotificationsRef"=dword:00000025
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-918319700-1789878857-3928151191-1002]
"EnableNotificationsRef"=dword:0000001d
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-918319700-1789878857-3928151191-501]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C811BB3A-C6BF-48F1-A9B2-9E3A25CD7478}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{EF6CA61F-9863-45F4-8549-FD48443B7E7E}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AD63F5DE-D4D5-42A6-8136-9102C7EF05E3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{0AB6ED54-0E52-40D4-9621-20AB7D749574}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{66FF50A4-40D9-4C3E-A4CD-BC4C3A933208}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{DBCB39EF-C1D7-4419-9ECE-DE15D7C52483}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{2B83BC5B-2FC0-449C-91AE-F09F87BA0CCF}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{069B212C-2947-402F-BD6A-6350E37F07BA}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{9D29FF59-F50C-4BA1-94E7-82EE4774A370}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2F331BA3-FEE9-45EE-9FAD-333B66B1B548}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B7C2AFAF-395A-4625-94FA-518E61011C64}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 10:32]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 02:35]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 09:13]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\Windows\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\Windows\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\Windows\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1504b0e-fc93-11dc-82f6-001d60539785}]
\shell\Auto\command - J:\AdobeR.exe e
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL J:\AdobeR.exe e
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-28 19:05:05 C:\Windows\Tasks\User_Feed_Synchronization-{7C3D90E6-AD2A-4875-97E6-4A717C6CB81D}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-28 07:00:26 C:\Windows\Tasks\User_Feed_Synchronization-{A285B298-96D4-42DD-A080-185995B07532}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 09:41:50
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\byXQIYro.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\hp\KBD\kbd.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-29 9:44:40 - machine was rebooted [Propri‚taire]
ComboFix-quarantined-files.txt 2008-05-29 07:44:35
ComboFix2.txt 2008-05-24 11:51:29
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
248 --- E O F --- 2008-05-21 19:53:41
Merci
|
|
|
|
|
Bonjour anna
Copie le texte se situant dans le cadre ci-dessous (CTRL + C) :
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3095D50F-F1BA-4BBC-A54D-819EEB7E0898}"=-
File::
C:\Windows\system32\byXQIYro.dll
NOTE : Désactive tes protections résidentes durant la procédure.
Ouvre le Bloc Notes : Démarrer > Exécuter > Tape : notepad > Valide par OK.
- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
* Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt.
@+
-->Message édité par HaTe-LoVe-AnGer le 29/05/2008 12:04:50<--
|
|
|
|
|
Merci Hate-love_Anger.
Voici le raport :
ComboFix 08-05-28.4 - Propriétaire 2008-05-29 13:50:04.14 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1964 [GMT 2:00]
Endroit: C:\Users\Propriétaire\Desktop\ComboFix.exe
Command switches used :: C:\Users\Propriétaire\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\system32\byXQIYro.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\byXQIYro.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 20:06 --------- d-----w C:\Program Files\Trend Micro
2008-05-28 19:13 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-27 16:29 --------- d-----w C:\Users\Marie\AppData\Roaming\MyPhoneExplorer
2008-05-27 16:23 --------- d-----w C:\Users\Marie\AppData\Roaming\OpenOffice.org2
2008-05-24 12:53 --------- d-----w C:\Program Files\Panda Security
2008-05-24 12:10 --------- d-----w C:\Program Files\MSBuild
2008-05-24 11:52 --------- d-----w C:\Program Files\Alwil Software
2008-05-23 15:05 71,680 ----a-w C:\Users\Marie\msconfig.exe
2008-05-23 15:05 511 ----a-w C:\Users\Marie\169.bat
2008-05-20 12:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-17 21:52 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-05-17 21:36 --------- d-----w C:\Program Files\MyPhoneExplorer
2008-05-17 08:46 --------- d-----w C:\Users\Marie\AppData\Roaming\Leadertech
2008-05-16 19:53 --------- d-----w C:\Users\Marie\AppData\Roaming\Image Zone Express
2008-05-16 18:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-16 16:58 --------- d-----w C:\Users\Marie\AppData\Roaming\Teleca
2008-05-16 16:50 --------- d-----w C:\Users\Marie\AppData\Roaming\Sony Ericsson
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 20:28 --------- d-----w C:\Program Files\Windows Mail
2008-05-12 17:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-12 17:16 --------- d-----w C:\Program Files\SDLL
2008-05-07 15:58 --------- d-----w C:\Program Files\eMule
2008-05-07 15:57 --------- d-----w C:\Program Files\Java
2008-05-06 12:04 0 ----a-w C:\osy3.sys
2008-04-22 14:07 --------- d-----w C:\Users\Marie\AppData\Roaming\Zylom
2008-04-18 08:37 --------- d-----w C:\Program Files\iTunes
2008-04-18 08:36 --------- d-----w C:\Program Files\QuickTime
2008-04-18 08:36 --------- d-----w C:\Program Files\iPod
2008-04-18 08:36 --------- d-----w C:\PROGRA~2\Apple Computer
2008-04-18 08:34 --------- d-----w C:\Program Files\Apple Software Update
2008-04-16 15:48 --------- d-----w C:\Program Files\Fish Aquarium 3D Screensaver
2008-04-08 17:19 --------- d-----w C:\Program Files\fishaquarium
2008-04-07 08:14 --------- d-----w C:\PROGRA~2\HPSSUPPLY
2008-04-07 07:12 --------- d-----w C:\Program Files\HP
2008-04-07 01:49 8,140,915 ----a-w C:\Windows\breve.scr
2008-04-07 01:49 237,568 ----a-w C:\Windows\glut32.dll
2008-03-29 18:35 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-03-29 18:35 --------- d-----w C:\Program Files\Realtek
2008-03-29 08:49 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-16 09:25 643,920 ----a-w C:\PortableRoboForm.exe
2008-02-02 22:18 174 --sha-w C:\Program Files\desktop.ini
2007-12-29 15:25 612 ----a-w C:\Users\Marie\AppData\Roaming\wklnhst.dat
2007-12-25 14:50 47,360 ----a-w C:\Users\Marie\AppData\Roaming\pcouffin.sys
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-05-29_ 9.44.10,65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-29 07:41:14 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-29 11:52:50 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-29 11:49:55 6,193,152 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
- 2008-05-29 07:41:41 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 11:53:13 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-29 11:53:13 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-29 07:41:42 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-29 11:53:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-29 11:53:13 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-29 07:41:25 32,768 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-29 11:53:00 32,768 ------w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-29 07:41:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-29 11:53:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-29 07:41:25 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-29 11:53:00 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-29 07:39:35 104,158 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-29 07:47:26 104,570 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-29 07:39:35 117,866 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-29 07:47:26 118,244 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-29 07:39:35 612,436 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-29 07:47:26 612,848 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-29 07:39:35 692,602 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-29 07:47:26 693,350 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-14 20:29:00 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-29 11:51:46 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-05-29 06:57:34 10,700 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-918319700-1789878857-3928151191-1001_UserData.bin
+ 2008-05-29 07:43:10 11,072 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-918319700-1789878857-3928151191-1001_UserData.bin
- 2008-05-29 06:57:34 65,546 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-29 07:43:10 65,624 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-14 09:10:02 33,745,134 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-05-29 07:46:26 35,076,460 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 12:28 1232896]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-03-16 11:26 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 20:31 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-09-25 02:11 54672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 13:25 249896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-918319700-1789878857-3928151191-1001]
"EnableNotificationsRef"=dword:00000025
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-918319700-1789878857-3928151191-1002]
"EnableNotificationsRef"=dword:0000001d
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-918319700-1789878857-3928151191-501]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C811BB3A-C6BF-48F1-A9B2-9E3A25CD7478}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{EF6CA61F-9863-45F4-8549-FD48443B7E7E}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AD63F5DE-D4D5-42A6-8136-9102C7EF05E3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{0AB6ED54-0E52-40D4-9621-20AB7D749574}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{66FF50A4-40D9-4C3E-A4CD-BC4C3A933208}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{DBCB39EF-C1D7-4419-9ECE-DE15D7C52483}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{2B83BC5B-2FC0-449C-91AE-F09F87BA0CCF}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{069B212C-2947-402F-BD6A-6350E37F07BA}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{9D29FF59-F50C-4BA1-94E7-82EE4774A370}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2F331BA3-FEE9-45EE-9FAD-333B66B1B548}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B7C2AFAF-395A-4625-94FA-518E61011C64}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 10:32]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 02:35]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 09:13]
S3 s716bus;Sony Ericsson Device 716 driver (WDM);C:\Windows\system32\DRIVERS\s716bus.sys [2007-04-04 12:43]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s716mdfl.sys [2007-04-04 12:43]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s716mdm.sys [2007-04-04 12:43]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s716mgmt.sys [2007-04-04 12:43]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS);C:\Windows\system32\DRIVERS\s716nd5.sys [2007-04-04 12:43]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s716obex.sys [2007-04-04 12:43]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM);C:\Windows\system32\DRIVERS\s716unic.sys [2007-04-04 12:43]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-28 19:05:05 C:\Windows\Tasks\User_Feed_Synchronization-{7C3D90E6-AD2A-4875-97E6-4A717C6CB81D}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-29 11:47:00 C:\Windows\Tasks\User_Feed_Synchronization-{A285B298-96D4-42DD-A080-185995B07532}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 13:53:20
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\hp\KBD\kbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-29 13:56:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-29 11:56:11
ComboFix2.txt 2008-05-29 07:44:41
ComboFix3.txt 2008-05-24 11:51:29
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
244 --- E O F --- 2008-05-21 19:53:41
Le je vais redemmarer car avast ne sais pas mis en route a l'ouverture de la session
|
|
|
|
|
Pas la peine on va le virer 
Désinstalle Avast! avec ceci.
Pourquoi changer ?
Avast est bien trop lent pour intégrer les nouvelles infections : Avast! VS Antivir
Télécharge AntiVir sur ton Bureau.
Double clique sur l'exécutable téléchargé pour lancer l'installation.
** Une fois installé, ouvre Antivir et mets le à jour en vérifiant la date d'update.
-> S'il ne se met pas à jour, aide ICI.
** Redémarre en MSE <=> Aide : Comment redémarrer en Mode sans Echec
-> Ne jamais redémarrer via msconfig.
Lance AntiVir : Dans l'onglet Local Protection, choisis Scanner.
Active la recherche de rootkits via le + de rootkit search. Dans manual selection, coche tout (tes partitions de disque dur).
Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
Quand l'analyse sera terminée, clique sur l'onglet Overview, puis choisis Reports, tu trouveras le rapport généré.
Enregistre le sur bureau et poste-le sur le forum.
Aide : Comment installer et utiliser AntiVir.
@+
|
|
|
|
|
|
|
En l'occurrence ici tu as un gros problème.
J'ai eu pendant plus de 2 ans avast et je n'ai jamais eu de probleme
C'est le discours classique des personnes qui ont rarement de problème car celles ci ont une attitude vigilante sur le net (= pas de sites porno, warez P2P etc..).
Cela ne signifie pas pour autant qu'Avast est un bon antivirus. Avast est bien trop lent pour intégrer les infections, 5 jours, 1 semaines, 2 semaines ... Pendant ce temps, tu n'es pas protégé et donc tu cours un risque.
C'est testé - prouvé et très visible sur les forums de désinfection.
j'ai mis antivir y a envrion un mois et ca m'a fait déconner l'ordi completement
Avais tu désinstaller Avast avant ? Si ce n'était pas le cas, les deux antivirus ont dû rentrer en conflit et il est tout à fait normal que ton ordinateur a planté.
Pour rappel : Un antivirus - Un antispyware - Un pare feu sur une machine. Pas un de plus !
**********************************
Tu ne veux pas de AntiVir / okay je respecte ton choix. Mais sache qu'ici on est là pour te conseiller, et nos conseils sont loin d'être injustifiés
Dans ce cas ...
Fais un scan en ligne Kaspersky avec Internet Explorer :
Clique sur 
Clique maintenant sur J'accepte.
Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
Patiente pendant l'installation des Mises à jour.
Choisis par la suite l'analyse du Poste de travail
Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
@+
-->Message édité par HaTe-LoVe-AnGer le 29/05/2008 21:31:37<--
|
|
|
|
|
Bah ok je vais virer avast alors, mais ca me donne envie de pleurer mdr
Antivir est deja installé, y a t'il besoin que je le desinstale et que je le reinstale ?
Je te tiens au courant, et merci beaucoup
|
|
|
|
|
Désinstalle Avast comme indiqué ci dessus.
Et mets à jour AntiVir.
|
|
|
|
|
J'ai desinstallé avast et mis a jour antivir.
A peine mis a jour antivir m'a detecté un virus dans : ... Local/temp/tmp00cf24a, Je l'ai mis en quarantaine
Donc voici le rapport du scan :
AntiVir PersonalEdition Classic
Report file date: 2008-05-29 22:08
Scanning for 1301396 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: Propriétaire
Computer name: PC-DE-PROPRIÉTA
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 12:36:36
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 12:07:50
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008-05-17 06:00:00
ANTIVIR3.VDF : 7.0.4.113 361984 Bytes 2008-05-29 14:34:34
AVEWIN32.DLL : 7.8.0.24 2834944 Bytes 2008-05-29 12:53:14
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2008-05-29 14:34:36
AVPACK32.DLL : 7.6.1.2 368680 Bytes 2008-04-29 09:54:08
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Active Processes
Configuration file...............: c:\program files\avira\antivir personaledition classic\process.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: on
Extended process scan............: on
Scan registry....................: off
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-05-29 22:08
The scan of running processes will be started
Scan process 'avscan.exe' - '38' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '32' Module(s) have been scanned
Scan process 'avguard.exe' - '45' Module(s) have been scanned
Scan process 'avcenter.exe' - '78' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '37' Module(s) have been scanned
Scan process 'kbd.exe' - '54' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '94' Module(s) have been scanned
Scan process 'iPodService.exe' - '30' Module(s) have been scanned
Scan process 'hpqste08.exe' - '81' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '48' Module(s) have been scanned
Scan process 'iexplore.exe' - '141' Module(s) have been scanned
Scan process 'taskeng.exe' - '47' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '46' Module(s) have been scanned
Scan process 'mobsync.exe' - '35' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '40' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '7' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '22' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '23' Module(s) have been scanned
Scan process 'IAANTmon.exe' - '36' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'DQLWinService.exe' - '20' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '26' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'CCC.exe' - '156' Module(s) have been scanned
Scan process 'ehmsas.exe' - '19' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '67' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '41' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '114' Module(s) have been scanned
Scan process 'ehtray.exe' - '26' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '53' Module(s) have been scanned
Scan process 'schtasks.exe' - '27' Module(s) have been scanned
Scan process 'avgnt.exe' - '43' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '16' Module(s) have been scanned
Scan process 'jureg.exe' - '13' Module(s) have been scanned
Scan process 'MOM.exe' - '48' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '47' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '39' Module(s) have been scanned
Scan process 'OSD.exe' - '18' Module(s) have been scanned
Scan process 'explorer.exe' - '145' Module(s) have been scanned
Scan process 'taskeng.exe' - '79' Module(s) have been scanned
Scan process 'dwm.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'spoolsv.exe' - '83' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '85' Module(s) have been scanned
Scan process 'svchost.exe' - '84' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '146' Module(s) have been scanned
Scan process 'svchost.exe' - '96' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '59' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
66 processes with 3213 modules were scanned
End of the scan: 2008-05-29 22:09
Used time: 00:14 min
The scan has been done completely.
0 Scanning directories
3212 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
3212 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
Merci
|
|
|
|
|
Un scan de 14 min ?
Refais le tu t'es planté quelque part ...
|
|
|
|
|
Ah, je sais pas ce que j'ai foutu alors 
Je vais recommencer merci
|
|
|
|
|
Re
Donc voici le rapport(il m'a detecté pas mal de virus et trojans quand meme) :
AntiVir PersonalEdition Classic
Report file date: 2008-05-30 09:35
Scanning for 1301396 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: Propriétaire
Computer name: PC-DE-PROPRIÉTA
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 12:36:36
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 12:07:50
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008-05-17 06:00:00
ANTIVIR3.VDF : 7.0.4.113 361984 Bytes 2008-05-29 14:34:34
AVEWIN32.DLL : 7.8.0.24 2834944 Bytes 2008-05-29 12:53:14
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2008-05-29 14:34:36
AVPACK32.DLL : 7.6.1.2 368680 Bytes 2008-04-29 09:54:08
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007 | | |
