Sujet Précédent Sujet Suivant

[SERWAb]Toujours les popup WINANTIVIRUS,...

Fermé
volt - 5 mars 2007 à 17:36
 volt - 5 mars 2007 à 18:16
Bonjour, j'ai déjà posté un message mais on ne me répond plus donc je résume la situation. Je suis infecté (comme beaucoup d'autre) par des popup Win antivirus pro, your computer is infected, serwab,...

Voici les rapports.
1) HijackThis

Logfile of HijackThis v1.99.1
Scan saved at 17:10:38, on 05/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Anvshell.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Stéphane\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [anvshell] C:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

2) ComboScan

ComboScan v20070226.18 run by Stéphane on 2007-03-05 at 17:11:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Stéphane.exe) ---------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 17:10:38, on 05/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avast\aswUpdSv.exe
C:\Program Files\Avast\ashServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avast\ashMaiSv.exe
C:\Program Files\Avast\ashWebSv.exe
C:\WINDOWS\Anvshell.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Avast\ashDisp.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Stéphane\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [anvshell] C:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast\ashDisp.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ASUS Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


-- Files created between 2007-02-05 and 2007-03-05 ------------------------------

2007-03-05 11:43:33 485572 ---hs---- C:\WINDOWS\system32\uvvwa.bak2<UVVWA~2.BAK>
2007-03-04 17:22:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-03-04 11:16:33 482602 ---hs---- C:\WINDOWS\system32\uvvwa.bak1<UVVWA~1.BAK>
2007-03-04 11:16:20 282212 ---hs---- C:\WINDOWS\system32\awvvu.dll
2007-03-02 20:48:14 0 d-------- C:\Documents and Settings\Naomie\Application Data\AVG7
2007-03-02 20:18:13 0 dr-h----- C:\$VAULT$.AVG
2007-03-02 20:02:28 0 d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-03-02 20:02:24 0 d-------- C:\Documents and Settings\Justine\Application Data\AVG7
2007-03-02 19:31:10 12415366 -----n--- C:\AVG7QT.DAT
2007-03-02 19:24:10 497591 ---hs---- C:\WINDOWS\system32\nqtss.ini2<NQTSS~1.INI>
2007-03-02 17:28:34 0 d-------- C:\Documents and Settings\Stéphane\Application Data\AVG7
2007-03-02 17:28:23 110592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2007-03-02 17:28:22 3968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2007-03-02 17:28:21 4960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2007-03-02 17:28:21 19840 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2007-03-02 17:28:21 27776 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2007-03-02 17:28:20 4224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2007-03-02 17:28:19 775680 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2007-03-02 17:28:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-03-02 17:28:10 0 d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-03-02 17:05:46 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-03-02 17:05:19 42920 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll<VSUTIL~1.DLL>
2007-03-02 17:04:54 0 d-------- C:\WINDOWS\system32\ZoneLabs
2007-03-02 17:04:54 0 d-------- C:\Program Files\ZoneAlarm<ZONEAL~1>
2007-03-02 17:04:06 0 d-------- C:\WINDOWS\Internet Logs<INTERN~1>
2007-03-02 17:03:07 2074 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-01 16:55:52 485372 ---hs---- C:\WINDOWS\system32\nqtss.bak1<NQTSS~1.BAK>
2007-02-28 18:07:15 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-26 20:22:49 0 d-------- C:\Program Files\Western Digital Technologies<WESTER~1>
2007-02-25 17:17:39 0 d-------- C:\Documents and Settings\Stéphane\.trigger<TRIGGE~1>
2007-02-25 16:31:00 0 d-------- C:\Program Files\metal oxide software<METALO~1>
2007-02-25 12:19:52 0 d-------- C:\Documents and Settings\Stéphane\Application Data\OfficeUpdate12<OFFICE~1>
2007-02-22 21:10:49 0 d-------- C:\Program Files\Ihsv
2007-02-22 19:16:13 0 d--h----- C:\Documents and Settings\All Users\Application Data\CanonBJ
2007-02-22 14:42:17 43176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-02-22 14:42:17 23352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-02-22 14:42:16 31560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-02-22 14:42:14 94424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-02-22 14:42:14 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-02-22 14:42:07 90112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-02-22 14:42:07 689280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-02-22 14:42:02 0 d-------- C:\Program Files\Avast
2007-02-19 17:06:11 0 d-------- C:\Documents and Settings\Stéphane\Application Data\Lavasoft
2007-02-19 17:05:40 0 d-------- C:\Program Files\Lavasoft
2007-02-19 16:56:14 0 d-------- C:\Program Files\RegCleaner<REGCLE~1>
2007-02-19 16:41:34 0 d-------- C:\Program Files\CCleaner
2007-02-17 10:38:15 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-02-15 13:10:27 0 d-------- C:\Documents and Settings\Stéphane\.jpi_cache<JPI_CA~1>
2007-02-15 13:10:27 0 d-------- C:\Documents and Settings\Stéphane\.java<JAVA~1>
2007-02-06 13:02:01 6016 --a------ C:\WINDOWS\system32\drivers\vnccom.SYS
2007-02-06 13:01:38 5760 --a------ C:\WINDOWS\system32\vnchelp.dll
2007-02-06 13:01:38 12800 --a------ C:\WINDOWS\system32\vncdrv.dll
2007-02-06 13:01:38 4736 --a------ C:\WINDOWS\system32\drivers\vncdrv.sys


-- Find3M Report ----------------------------------------------------------------

2007-03-05 17:06:14 0 d-------- C:\Program Files\Mozilla Firefox<MOZILL~1>
2007-03-02 17:28:10 0 d-------- C:\Program Files\Grisoft
2007-03-02 17:27:01 0 d---s---- C:\Documents and Settings\Stéphane\Application Data\Microsoft<MICROS~1>
2007-03-01 12:58:24 0 d-------- C:\Program Files\Logitech
2007-02-25 14:05:55 0 d-------- C:\Documents and Settings\Stéphane\Application Data\Adobe
2007-02-22 14:37:39 0 d-------- C:\Program Files\Fichiers communs\Adobe
2007-02-22 08:48:36 0 d-------- C:\Documents and Settings\Stéphane\Application Data\AdobeUM
2007-02-17 18:07:44 0 d-------- C:\Documents and Settings\Stéphane\Application Data\OpenOffice.org2<OPENOF~1.ORG>
2007-02-03 18:38:39 0 d-------- C:\Program Files\Shareaza
2007-02-03 18:22:34 0 d-------- C:\Program Files\Fichiers communs<FICHIE~1>
2007-02-03 18:22:34 0 d-------- C:\Program Files\Fichiers communs\BOONTY Shared<BOONTY~1>
2007-02-03 18:22:05 0 d-------- C:\Program Files\Boonty
2007-02-01 18:20:00 0 d-------- C:\Program Files\MultiProxy<MULTIP~1>
2007-01-29 19:59:59 0 d-------- C:\Program Files\Astase
2007-01-29 09:58:06 60416 -----n--- C:\WINDOWS\system32\tzchange.exe
2007-01-22 17:37:54 0 d-------- C:\Program Files\SuperScan<SUPERS~1>
2007-01-19 20:14:16 0 d-------- C:\Program Files\HEXWORKS
2007-01-10 20:18:55 233472 --a------ C:\WINDOWS\system32\ILDA32.dll
2007-01-10 20:07:34 0 d-------- C:\Program Files\Programmation<PROGRA~1>
2007-01-10 19:44:32 0 d-------- C:\Program Files\Windows Media Connect 2<WINDOW~4>
2007-01-08 11:56:50 0 d-------- C:\Program Files\OpenOffice.org 2.1<OPENOF~1.1>
2006-12-19 22:49:47 135168 --a------ C:\WINDOWS\system32\shsvcs.dll
2006-12-19 19:17:50 334336 --a------ C:\WINDOWS\system32\wiaservc.dll


-- Registry Dump ----------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"HTpatch"="C:\\WINDOWS\\htpatch.exe"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"anvshell"="C:\\WINDOWS\\Anvshell.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"avast!"="C:\\PROGRA~1\\Avast\\ashDisp.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{C47A9554-195A-4769-9B13-04F15B450A39}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\awvvu
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqrsspo
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sstqn

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0


[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
Shell\AutoRun\command F:\Launcher\LAUNCHER.EXE
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_WINIO


-- End of ComboScan: finished at 2007-03-05 at 17:17:16 -------------------------

Merci d'avance pour votre aide
A voir également:

1 réponse

Réponse 1 / 1
volt
5 mars 2007 à 18:16
Search Navipromo version 1.0.5 commencé le 05/03/2007 à 18:06:04,32

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Documents and Settings\St‚phane\Bureau\navilog1
Mise a jour le 03.03.2007 a 23h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\St‚phane\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1055.

[+] Started on 03/05/07 at 18:06:11.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .........................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 03/05/07 at 18:11:57 (return code = 0).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de recherche complémentaire ***
(recherche fichiers spécifiques)

1)Recherche nouveaux fichiers connus:

2)Recherche Heuristique :
*
**
***
****


*** Analyse Terminé le 05/03/2007 à 18:12:10,43 ***
0

Discussions similaires

pc bloque
nico -
NICO -

33 réponses
mon ordi est bloquer sur american megatrends
kpointe -
doudous -

23 réponses
PC bloqué sur American megatrend
Sabrina -
Sabrina -

2 réponses
Application popup
xavier -
cpd -

11 réponses
Fenêtre Pop-up PHP
msslimani -
msslimani -

2 réponses