|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour , j'ai besoin d'aide pour remettre un PC en état de marche , je ne sais pas ce qu'il lui ait arrivé , c'est un PC fixe que ma famille utilise , moi je n'ai aucun soucis sur le mien , bref , il est complètement au ralenti , des pubs internet apparaissent sans arret, la totale , quelqu'un pourrait me dire comment le soigner  , merci
-->Message édité par mar7xion le 22/05/2008 17:17:56<--
|
|
|
|
|
bonjour,
Télécharge HijackThis
Guide d'utilisation : http://mickael.barroux.free.fr/securite/hijackthis.php
Clique alors sur "Do a system scan and save a logfile"
Le scan se fait très rapidement, puis un bloc-note apparaît
(le "logfile")
Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
le texte est alors séléctionné, retourne dans "Edition" toujours
en laissant le texte séléctionné, et clique sur copier.
Colle le contenu ici dans ta prochaine réponse !
|
|
|
|
|
Merci beaucoup , voilà le scan :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:16:49, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Documents and Settings\Jérôme\Mes documents\SYSTRAN\SYSTRAN6\COMMON\INSTALLS\UPDATESE\ISUSPM.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\PokerOffice\bin\javaw.exe
C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&(...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: (no name) - {450723EA-B364-42AC-991F-A1D188B85F05} - C:\WINDOWS\system32\khfDuRlM.dll
O2 - BHO: {acc218b6-16f5-8ba8-e734-1f480fa96e85} - {58e69af0-84f1-437e-8ab8-5f616b812cca} - C:\WINDOWS\system32\kfmdhwxg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B9FEBF8C-8E79-4DF5-9281-EC0A6EE56BC4} - C:\WINDOWS\system32\geBrrrSL.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: (no name) - {07AA283A-43D7-4CBE-A064-32A21112D94D} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [RegistryMonitor] C:\WINDOWS\sysfade.exe
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\sysfade1.exe
O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ISUSPM] "C:\Documents and Settings\Jérôme\Mes documents\SYSTRAN\SYSTRAN6\COMMON\INSTALLS\UPDATESE\ISUSPM.EXE" -scheduler
O4 - HKLM\..\Run: [POEngine] "C:\Program Files\PokerOffice\POEngine.exe" C:\Program Files\PokerOffice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [SeekmoOE] C:\Program Files\Seekmo\bin\10.0.406.0\OEAddOn.exe
O4 - HKLM\..\Run: [SeekmoSA] "C:\Program Files\Seekmo\bin\10.0.406.0\SeekmoSA.exe"
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Videora] C:\Program Files\Videora\Videora.exe -t
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [e07f2009] rundll32.exe "C:\WINDOWS\system32\wuavwqdl.dll",b
O4 - HKLM\..\Run: [BMe34c1395] Rundll32.exe "C:\WINDOWS\system32\sfjtajlf.dll",s
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3871262721-1104348080-2599456547-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Propriétaire')
O4 - HKUS\S-1-5-21-3871262721-1104348080-2599456547-1003\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized (User 'Propriétaire')
O4 - HKUS\S-1-5-21-3871262721-1104348080-2599456547-1003\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c (User 'Propriétaire')
O4 - HKUS\S-1-5-21-3871262721-1104348080-2599456547-1003\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe (User 'Propriétaire')
O4 - HKUS\S-1-5-21-3871262721-1104348080-2599456547-1003\..\Run: [A00F8B8F3B.exe] C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\_A00F8B8F3B.exe (User 'Propriétaire')
O4 - HKUS\S-1-5-21-3871262721-1104348080-2599456547-1003\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'Propriétaire')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Xanadu - {5CC384BB-1326-11D5-F4AE-00C04923F885} - C:\Program Files\Foreignword\Xanadu\XanaduLaunch.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s(...)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C3075E6-43C3-4E14-BCFC-B6E2D1DB8CAD}: NameServer = 192.168.30.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3651CB86-B4C2-4F33-9B86-8DA1771B17C0}: NameServer = 192.168.30.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF76843-6BBD-44E9-8BF7-B8687D33FB01}: NameServer = 192.168.30.1
O20 - Winlogon Notify: __c0021772 - C:\WINDOWS\system32\__c0021772.dat
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 13159 bytes
|
|
|
|
|
re,  désinstalle Seekmo via ajout/suppr de programmes si présent puis supprime son dossier dans C:\Program Files\
ensuite t'as une belle infection vundo 
Télécharge ComboFix (créé par sUBs) sur ton Bureau
Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
ComboFix redémarrera ton PC
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
|
|
|
|
|
ComboFix 08-05-21.2 - Jérôme 2008-05-22 12:22:44.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.119 [GMT 2:00]
Endroit: C:\Documents and Settings\Jérôme\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.url
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.url
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Désinstaller.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\MessengerSkinner\Website.url
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.lnk
C:\Documents and Settings\juju\Application Data\MessengerSkinner
C:\Documents and Settings\juju\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\juju\Application Data\MessengerSkinner\Userdata\pack1.cab
C:\Documents and Settings\juju\Menu Démarrer\Programmes\MessengerSkinner
C:\Documents and Settings\juju\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\juju\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk
C:\Program Files\messengerskinner
C:\Program Files\messengerskinner\download\defaultPack.cab
C:\Program Files\messengerskinner\MessengerSkinnerDll.dll
C:\Program Files\messengerskinner\resources\appconfig.xml
C:\Program Files\messengerskinner\resources\btn.rgn
C:\Program Files\messengerskinner\resources\btnBnr.rgn
C:\Program Files\messengerskinner\resources\btnIn.rgn
C:\Program Files\messengerskinner\resources\btnInNormal.bmp
C:\Program Files\messengerskinner\resources\btnInOver.bmp
C:\Program Files\messengerskinner\resources\btnNormal.bmp
C:\Program Files\messengerskinner\resources\btnNormal.gif
C:\Program Files\messengerskinner\resources\btnNormalBnr.bmp
C:\Program Files\messengerskinner\resources\btnNormalBnr.gif
C:\Program Files\messengerskinner\resources\btnOver.bmp
C:\Program Files\messengerskinner\resources\btnOver.gif
C:\Program Files\messengerskinner\resources\btnOverBnr.bmp
C:\Program Files\messengerskinner\resources\btnOverBnr.gif
C:\Program Files\messengerskinner\resources\languages_v2.xml
C:\Program Files\messengerskinner\uninst.exe
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\Conditions générales.url
C:\Program Files\webmediaplayer\Confidentialité.url
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\Program Files\webmediaplayer\Website.url
C:\WINDOWS\BMe34c1395.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\agewmlhr.ini
C:\WINDOWS\system32\aidqekih.ini
C:\WINDOWS\system32\AKUELnpo.ini
C:\WINDOWS\system32\AKUELnpo.ini2
C:\WINDOWS\system32\axfhvxkf.dll
C:\WINDOWS\system32\bdgtqhcc.ini
C:\WINDOWS\system32\bokkjegk.dll
C:\WINDOWS\system32\bquuudgu.ini
C:\WINDOWS\system32\buwtxooy.dll
C:\WINDOWS\system32\cbXPgfgg.dll
C:\WINDOWS\system32\cbXRjigf.dll
C:\WINDOWS\system32\cewredjm.exe
C:\WINDOWS\system32\DJlmonpo.ini
C:\WINDOWS\system32\DJlmonpo.ini2
C:\WINDOWS\system32\duwmamah.dll
C:\WINDOWS\system32\efcDUmmK.dll
C:\WINDOWS\system32\fgijRXbc.ini
C:\WINDOWS\system32\fgijRXbc.ini2
C:\WINDOWS\system32\fsjxiepx.ini
C:\WINDOWS\system32\geBrrrSL.dll
C:\WINDOWS\system32\geBrsTjH.dll
C:\WINDOWS\system32\ggfgPXbc.ini
C:\WINDOWS\system32\ggfgPXbc.ini2
C:\WINDOWS\system32\gjgersor.dll
C:\WINDOWS\system32\HjTsrBeg.ini
C:\WINDOWS\system32\HjTsrBeg.ini2
C:\WINDOWS\system32\HPWEgfii.ini
C:\WINDOWS\system32\HPWEgfii.ini2
C:\WINDOWS\system32\ichupmqy.ini
C:\WINDOWS\system32\iifgEWPH.dll
C:\WINDOWS\system32\iofnjkcn.dll
C:\WINDOWS\system32\jbhlantw.dll
C:\WINDOWS\system32\jjmrircr.ini
C:\WINDOWS\system32\jkkLDuSL.dll
C:\WINDOWS\system32\jwrickjl.dll
C:\WINDOWS\system32\khfDuRlM.dll
C:\WINDOWS\system32\KmmUDcfe.ini
C:\WINDOWS\system32\KmmUDcfe.ini2
C:\WINDOWS\system32\kppbntoh.exe
C:\WINDOWS\system32\kstxeaad.dll
C:\WINDOWS\system32\KTwDNnmp.ini
C:\WINDOWS\system32\KTwDNnmp.ini2
C:\WINDOWS\system32\kwjdxvfh.ini
C:\WINDOWS\system32\ldqwvauw.ini
C:\WINDOWS\system32\lihoevdh.dll
C:\WINDOWS\system32\lkoahlhl.exe
C:\WINDOWS\system32\lntbmgtm.dll
C:\WINDOWS\system32\LSrrrBeg.ini
C:\WINDOWS\system32\LSrrrBeg.ini2
C:\WINDOWS\system32\LSuDLkkj.ini
C:\WINDOWS\system32\LSuDLkkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\miunxyts.ini
C:\WINDOWS\system32\MlRuDfhk.ini
C:\WINDOWS\system32\MlRuDfhk.ini2
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\opnLEUKA.dll
C:\WINDOWS\system32\opnlJcbA.dll
C:\WINDOWS\system32\opnomlJD.dll
C:\WINDOWS\system32\oputnjfp.dll
C:\WINDOWS\system32\ovalxagl.ini
C:\WINDOWS\system32\ovnrpltj.ini
C:\WINDOWS\system32\plbtrlpj.dll
C:\WINDOWS\system32\pmlbywbf.ini
C:\WINDOWS\system32\pmnmLeCt.dll
C:\WINDOWS\system32\pmnNDwTK.dll
C:\WINDOWS\system32\qnhgqjfg.dll
C:\WINDOWS\system32\qvwsemmp.dll
C:\WINDOWS\system32\rgeffqee.exe
C:\WINDOWS\system32\rhlmwega.dll
C:\WINDOWS\system32\rjiqhkon.dll
C:\WINDOWS\system32\rxrgghri.dll
C:\WINDOWS\system32\sacejuvk.dll
C:\WINDOWS\system32\sepnrjfq.dll
C:\WINDOWS\system32\sfjtajlf.dll
C:\WINDOWS\system32\sfpplyid.ini
C:\WINDOWS\system32\tCeLmnmp.ini
C:\WINDOWS\system32\tCeLmnmp.ini2
C:\WINDOWS\system32\ukuerylf.exe
C:\WINDOWS\system32\uloceodm.ini
C:\WINDOWS\system32\vappvede.dll
C:\WINDOWS\system32\vjfvjkba.dll
C:\WINDOWS\system32\vwgoocga.dll
C:\WINDOWS\system32\wevmqwyv.ini
C:\WINDOWS\system32\wuamyudq.ini
C:\WINDOWS\system32\wvUoPjjh.dll
C:\WINDOWS\system32\xkxvftwv.ini
C:\WINDOWS\system32\yayrldmn.ini
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))))))))
.
2008-05-22 11:53 . 2008-05-22 11:53 2,624 --a------ C:\WINDOWS\system32\hymnbrbl.exe
2008-05-21 19:49 . 2008-05-21 19:49 2,624 --a------ C:\WINDOWS\system32\ajcwfkxm.exe
2008-05-21 19:46 . 2008-05-21 19:46 101,440 --a------ C:\WINDOWS\system32\kfmdhwxg.dll
2008-05-21 19:46 . 2008-05-21 19:46 99,904 --a------ C:\WINDOWS\system32\axlhmtkd.dll
2008-05-21 19:46 . 2008-05-21 19:46 92,224 --a------ C:\WINDOWS\system32\wuavwqdl.dll
2008-05-21 19:11 . 2008-05-21 19:11 101,440 --a------ C:\WINDOWS\system32\hxuojrvu.dll
2008-05-21 19:08 . 2008-05-21 19:08 2,624 --a------ C:\WINDOWS\system32\ntqktuhx.exe
2008-05-21 19:00 . 2008-05-21 19:00 99,904 --a------ C:\WINDOWS\system32\myqkndxm.dll
2008-05-21 13:21 . 2008-05-21 13:21 2,624 --a------ C:\WINDOWS\system32\blxmfqvt.exe
2008-05-20 16:34 . 2008-05-20 16:34 2,624 --a------ C:\WINDOWS\system32\laxckkvx.exe
2008-05-20 16:28 . 2008-05-20 16:28 101,440 --a------ C:\WINDOWS\system32\njmgthhu.dll
2008-05-20 16:25 . 2008-05-20 16:25 2,112 --a------ C:\WINDOWS\system32\deakpsso.exe
2008-05-20 16:10 . 2008-05-20 16:10 99,904 --a------ C:\WINDOWS\system32\wmxvotts.dll
2008-05-20 16:07 . 2008-05-20 16:07 99,904 --a------ C:\WINDOWS\system32\lkvdfrtn.dll
2008-05-20 15:21 . 2008-05-20 15:21 2,624 --a------ C:\WINDOWS\system32\wvbhhxbx.exe
2008-05-20 14:07 . 2008-05-20 14:07 2,624 --a------ C:\WINDOWS\system32\rnjgmftw.exe
2008-05-20 13:40 . 2008-05-20 13:40 2,624 --a------ C:\WINDOWS\system32\eakpssov.exe
2008-05-20 13:34 . 2008-05-20 13:34 92,224 --a------ C:\WINDOWS\system32\xpeixjsf.dll
2008-05-20 13:26 . 2008-05-20 13:26 101,440 --a------ C:\WINDOWS\system32\mqviuqud.dll
2008-05-20 13:25 . 2008-05-20 13:25 99,904 --a------ C:\WINDOWS\system32\pwmxvott.dll
2008-05-20 08:21 . 2008-05-20 08:21 2,624 --a------ C:\WINDOWS\system32\jgfdswdd.exe
2008-05-20 08:15 . 2008-05-20 08:15 100,928 --a------ C:\WINDOWS\system32\fxgcmwwr.dll
2008-05-20 08:13 . 2008-05-20 08:13 98,880 --a------ C:\WINDOWS\system32\uwfchaen.dll
2008-05-19 13:38 . 2008-05-19 13:38 93,248 --a------ C:\WINDOWS\system32\mdoecolu.dll
2008-05-19 13:32 . 2008-05-19 13:32 100,928 --a------ C:\WINDOWS\system32\ithkttia.dll
2008-05-19 13:29 . 2008-05-19 13:29 2,112 --a------ C:\WINDOWS\system32\rhejhrqs.exe
2008-05-19 13:27 . 2008-05-19 13:27 98,880 --a------ C:\WINDOWS\system32\htgyejbn.dll
2008-05-19 13:27 . 2008-05-19 13:27 3,648 --a------ C:\WINDOWS\system32\hbqjfnqq.dll
2008-05-19 07:59 . 2008-05-19 07:59 101,952 --a------ C:\WINDOWS\system32\tnvgwqos.dll
2008-05-19 07:59 . 2008-05-19 07:59 2,112 --a------ C:\WINDOWS\system32\sicvhogo.exe
2008-05-19 07:54 . 2008-05-19 07:54 98,880 --a------ C:\WINDOWS\system32\llfqjaog.dll
2008-05-19 07:54 . 2008-05-19 07:54 3,648 --a------ C:\WINDOWS\system32\judnwgen.dll
2008-05-19 07:50 . 2008-05-19 07:50 98,880 --a------ C:\WINDOWS\system32\ijqxvtvx.dll
2008-05-19 07:50 . 2008-05-19 07:50 3,648 --a------ C:\WINDOWS\system32\dmbksvxv.dll
2008-05-19 07:38 . 2008-05-19 07:38 98,880 --a------ C:\WINDOWS\system32\nbbdlakk.dll
2008-05-19 07:36 . 2008-05-19 07:36 3,648 --a------ C:\WINDOWS\system32\obpaekac.dll
2008-05-18 21:13 . 2008-05-18 21:13 101,952 --a------ C:\WINDOWS\system32\jrspjipb.dll
2008-05-18 21:11 . 2008-05-18 21:11 2,112 --a------ C:\WINDOWS\system32\svsewxpq.exe
2008-05-18 21:10 . 2008-05-18 21:10 98,880 --a------ C:\WINDOWS\system32\urehpdvv.dll
2008-05-18 21:10 . 2008-05-18 21:10 3,648 --a------ C:\WINDOWS\system32\fdxanmhw.dll
2008-05-18 20:56 . 2008-05-18 20:57 101,952 --a------ C:\WINDOWS\system32\xrjikgth.dll
2008-05-18 20:56 . 2008-05-18 20:56 2,112 --a------ C:\WINDOWS\system32\vjosayjc.exe
2008-05-18 20:54 . 2008-05-18 20:54 98,880 --a------ C:\WINDOWS\system32\rjebwxfu.dll
2008-05-18 20:54 . 2008-05-18 20:54 3,648 --a------ C:\WINDOWS\system32\tcqsfqop.dll
2008-05-18 20:51 . 2008-05-18 20:51 98,880 --a------ C:\WINDOWS\system32\lkepfwvq.dll
2008-05-18 20:49 . 2008-05-18 20:49 3,648 --a------ C:\WINDOWS\system32\djkqqpbl.dll
2008-05-18 13:32 . 2008-05-18 13:32 2,112 --a------ C:\WINDOWS\system32\kbuobemm.exe
2008-05-18 13:29 . 2008-05-18 13:29 101,952 --a------ C:\WINDOWS\system32\bqutfpcm.dll
2008-05-18 13:27 . 2008-05-18 13:27 92,736 --a------ C:\WINDOWS\system32\lgaxlavo.dll
2008-05-18 13:24 . 2008-05-18 13:24 98,880 --a------ C:\WINDOWS\system32\waxmaqvw.dll
2008-05-18 13:24 . 2008-05-18 13:24 3,648 --a------ C:\WINDOWS\system32\lhdrwqxq.dll
2008-05-18 12:11 . 2008-05-18 12:11 2,112 --a------ C:\WINDOWS\system32\xsooighn.exe
2008-05-18 12:08 . 2008-05-18 12:08 101,952 --a------ C:\WINDOWS\system32\phjwumby.dll
2008-05-18 12:05 . 2008-05-18 12:05 3,648 --a------ C:\WINDOWS\system32\rljkwmci.dll
2008-05-18 12:03 . 2008-05-18 12:03 98,880 --a------ C:\WINDOWS\system32\akheawbe.dll
2008-05-17 22:46 . 2008-05-17 22:46 100,928 --a------ C:\WINDOWS\system32\sdvjahrg.dll
2008-05-17 22:37 . 2008-05-17 22:37 2,112 --a------ C:\WINDOWS\system32\jvoglsdo.exe
2008-05-17 22:34 . 2008-05-17 22:34 3,648 --a------ C:\WINDOWS\system32\bieckvld.dll
2008-05-17 22:32 . 2008-05-17 22:32 100,928 --a------ C:\WINDOWS\system32\almegbnu.dll
2008-05-17 07:56 . 2008-05-17 07:56 <REP> d-------- C:\Program Files\MalwareAlarm
2008-05-17 07:16 . 2008-05-17 08:06 354 ---hs---- C:\WINDOWS\system32\kumjmoct.ini
2008-05-17 07:15 . 2008-05-17 07:15 90,688 --a------ C:\WINDOWS\system32\tcomjmuk.dll
2008-05-17 07:15 . 2008-05-17 07:15 2,112 --a------ C:\WINDOWS\system32\vfgneecb.exe
2008-05-17 07:12 . 2008-05-17 07:12 102,464 --a------ C:\WINDOWS\system32\lrgwlvkn.dll
2008-05-17 07:09 . 2008-05-17 07:09 3,648 --a------ C:\WINDOWS\system32\swenndyu.dll
2008-05-17 07:07 . 2008-05-17 07:07 96,832 --a------ C:\WINDOWS\system32\uvaujern.dll
2008-05-16 22:30 . 2008-05-16 22:30 <REP> d-------- C:\d96c2291f9fec0e12e53
2008-04-25 20:33 . 2008-04-25 20:33 <REP> d-------- C:\Documents and Settings\juju\Application Data\Creative
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 05:28 --------- d-----w C:\Program Files\PokerStars
2008-05-11 10:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-05-09 18:16 --------- d-----w C:\Program Files\Incomplete
2008-05-09 16:17 --------- d-----w C:\Program Files\Limewire
2008-04-25 18:17 --------- d-----w C:\Program Files\Videora
2008-04-16 18:46 --------- d-----w C:\Documents and Settings\juju\Application Data\LimeWire
2008-04-15 19:01 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-15 18:27 --------- d-----w C:\Program Files\BitComet
2008-04-15 18:09 --------- d-----w C:\Program Files\Acala DivX to iPod
2008-04-15 18:02 --------- d-----w C:\Program Files\Red Kawa
2008-04-08 19:17 --------- d-----w C:\Documents and Settings\juju\Application Data\Nokia Multimedia Player
2008-04-06 11:25 --------- d-----w C:\Program Files\Guitar Pro 5
2008-04-05 21:12 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-25 17:23 --------- d-----w C:\Program Files\Ski Alpin Racing 2007
2008-03-24 17:57 101,376 ----a-w C:\WINDOWS\system32\drivers\ACEDRV07.sys
2008-03-24 15:50 --------- d-----w C:\Program Files\Java
2008-03-22 09:30 --------- d-----w C:\Documents and Settings\juju\Application Data\DataLayer
2008-03-22 09:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 09:14 --------- d-----w C:\Documents and Settings\juju\Application Data\PC Suite
2008-03-22 09:13 --------- d-----w C:\Program Files\Nokia
2008-03-22 09:12 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-03-22 09:12 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-03-19 12:43 1,064 ----a-w C:\Documents and Settings\juju\Application Data\wklnhst.dat
2007-12-21 14:01 22,328 ----a-w C:\Documents and Settings\juju\Application Data\PnkBstrK.sys
2007-11-28 17:34 36,800 ----a-w C:\Documents and Settings\juju\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 23:27 68856]
"BackupNotify"="c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 02:34 32768]
"RecordNow!"="" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-16 13:24 167368]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 16:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 04:23 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 04:16 483328]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 20:02 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-05-03 20:21 67584 C:\WINDOWS\SOUNDMAN.EXE]
"AlcWzrd"="ALCWZRD.EXE" [2004-05-03 22:23 2533888 C:\WINDOWS\ALCWZRD.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 16:57 81920]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-04-21 21:00 335872]
"UpdateManager"="c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"PKR Pal"="C:\Program Files\PKR\pkrpal.exe" [2007-09-01 13:27 2224744]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2006-11-29 08:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 13:39 136768]
"ISUSPM"="C:\Documents and Settings\Jérôme\Mes documents\SYSTRAN\SYSTRAN6\COMMON\INSTALLS\UPDATESE\ISUSPM.exe" [ ]
"POEngine"="C:\Program Files\PokerOffice\POEngine.exe" [2007-02-22 17:17 475136]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42 267064]
"VF0060 STISvc"="V0060Pin.dll" [2004-11-01 03:00 36864 C:\WINDOWS\system32\V0060Pin.dll]
"DataLayer"="C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE" [2004-09-23 11:33 1019392]
"PCSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [2004-09-15 16:36 148992]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"Videora"="C:\Program Files\Videora\Videora.exe" [2006-04-08 20:43 499712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 23:27 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c0021772]
C:\WINDOWS\system32\__c0021772.dat 2008-05-21 13:18 37376 C:\WINDOWS\system32\__c0021772.dat
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-07-16 15:50 2841824 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Xanadu]
--a------ 2002-08-14 17:26 819200 C:\Program Files\Foreignword\Xanadu\Xanadu.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Limewire\\LimeWire.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Morpheus\\Morpheus.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Documents and Settings\\juju\\Mes documents\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Atari\\TopSpin\\TopSpin.exe"=
"C:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"C:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"C:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\SYSTRAN\\6\\SystranDictionaryManager.exe"=
"C:\\Program Files\\SYSTRAN\\6\\SystranToolbar.exe"=
"C:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranCodingEngine.exe"=
"C:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranTranslationEngine.exe"=
"C:\\Program Files\\SYSTRAN\\6\\SystranTranslationProjectManager.exe"=
"C:\\Program Files\\SYSTRAN\\6\\Dicts\\SystranFilterEngine.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\PokerOffice\\bin\\javaw.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\multijoeur.exe"=
"C:\\Program Files\\Ubisoft\\XIII\\system\\XIII.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8063:TCP"= 8063:TCP:BitComet 8063 TCP
"8063:UDP"= 8063:UDP:BitComet 8063 UDP
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
R3 V0060VID;Creative WebCam Live! Ultra;C:\WINDOWS\system32\DRIVERS\V0060Vid.sys [2005-02-02 10:15]
R3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver;C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-02 23:18]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 03:13]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-09-16 18:00]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\Auto\command - AdobeR.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-21 18:14:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 12:38:11
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
-> C:\WINDOWS\system32\__c0021772.dat
PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\PokerOffice\bin\pshimp.Dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\PokerOffice\bin\javaw.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-22 12:47:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-22 10:47:14
Pre-Run: 46,392,229,888 octets libres
Post-Run: 47,662,292,992 octets libres
392 --- E O F --- 2008-05-17 05:04:56
|
|
|
|
|
c'est déjà mieux
Passe un coup de MalwareBytes et nettoie tout ce qu'il trouve
Aide : http://mickael.barroux.free.fr/securite/malwarebytes.php
Post moi le rapport généré à la fin dans ta prochaine réponse
|
|
|
|
|
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 775
Type de recherche: Examen rapide
Eléments examinés: 67787
Temps écoulé: 7 minute(s), 40 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 16
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\__c0021772.dat (Trojan.Agent) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c0021772 (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\tcomjmuk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kumjmoct.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm0.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\mfc71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\msvcp71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\msvcr71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c0021772.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sfxzmtforum.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtsmt.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtwbmail.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtaim.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtgtal.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmticq.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtymsg.dll (Malware.Trace) -> Quarantined and deleted successfully.
|
|
|
|
|
re,
redémarre le PC puis post moi un nouveau rapport hijackthis
|
|
|
|
|
re
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:55, on 22/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Documents and Settings\Jérôme\Mes documents\SYSTRAN\SYSTRAN6\COMMON\INSTALLS\UPDATESE\ISUSPM.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\FICHIE~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\program files\hp\digital imaging\bin\hpdtlk02.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SYSTRAN Toolbar - {95daa571-4def-4a6d-97d8-98a346672a24} - mscoree.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PKR Pal] "C:\Program Files\PKR\pkrpal.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "C:\Documents and Settings\Jérôme\Mes documents\SYSTRAN\SYSTRAN6\COMMON\INSTALLS\UPDATESE\ISUSPM.EXE" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FICHIE~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: Consulter les dictionnaires (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/lookup.js
O8 - Extra context menu item: Traduire (SYSTRAN) - res://C:\Program Files\SYSTRAN\6\\GUIres.dll/translate.js
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s(...)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C3075E6-43C3-4E14-BCFC-B6E2D1DB8CAD}: NameServer = 192.168.30.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3651CB86-B4C2-4F33-9B86-8DA1771B17C0}: NameServer = 192.168.30.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDF76843-6BBD-44E9-8BF7-B8687D33FB01}: NameServer = 192.168.30.1
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
--
End of file - 9621 bytes
|
|
|
|
|
bah c'est presque bon ca
Fais un scan BitDefender en ligne (avec Internet Explorer pas avec Firefox !)
(clique à gauche sur scan online).
et post moi le rapport de ce scan ici une fois terminé !
Guide d'utilisation de Bitdefender en ligne (merci Bruce Lee) : http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm
|
|
|
|
|
J'ai voulu enregistrer en format txt plutot que HTLM et ca me donne un scan vraiment bizarre  , mais je poste quand meme , en tout cas merci
<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >
<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Thu, May 22, 2008 - 15:58:30</b></span></font></p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistiques</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Temps</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">00:37:50</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">83605</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Directoires</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">12038</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Secteurs de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1402</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7717</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Résultats</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus identifiés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">20</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers infectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">88</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers suspects</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Désinfectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers effacés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">88</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Définition virus</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1221726</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Version des moteurs</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">16</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">42</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Système plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Première action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Seconde Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristique</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Acceptez les avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Extensions analysées</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Excludez les extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse d'emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyser paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan=2>
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Downloads\WorldPokerChampionship2-dm[1].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Détecté avec: Adware.Trymedia.B.2</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Downloads\WorldPokerChampionship2-dm[1].exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AdVantage\TR.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Détecté avec: Application.Memedia.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AdVantage\TR.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Program Files\AdVantage\TR.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP246\A0047783.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Détecté avec: Adware.MSNSkinner.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP246\A0047783.dll</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP246\A0047784.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Détecté avec: Adware.MSNSkinner.A</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{A6B224D0-A415-4BA9-8115-B5AA59C9F2C7}\RP246\A0047784.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2"&g | | |
