Resultat AVG

Résolu
Utilisateur anonyme -  
 Utilisateur anonyme -
bonjour . mon rapport AVG antivirus me dit
dans la case File....HOSTS
dans la case Result Infection....CHANGE
dans la case Path...C/windows/system32/drivers/etc/hosts
pouvez vous me dire ce que ca signifie
merci d avance
Configuration: Windows XP
Firefox 2.0.0.6

21 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Logfile of HijackThis v1.99.1
    Scan saved at 11:44:01, on 08/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Windows\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\lxcrcoms.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files\Lexmark 2400 Series\ezprint.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - Startup: NOTFOUND.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://www.cyber-infos.net/files/OnlineScan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
    O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
    0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    je ne vois rien de special

    les scan en ligne que tu as fais F secure et BITDEFENDER ont trouv&é quelques choses?

    _______________

    avg antivirus ne trouve pas de virus non ? je pense que ce ne sont que des infos données : donc pas de souci

    sinon ANTIVIR est plus performant qu'avg 7 en antivirus et aussi gratuit alors je te conseille de changer pour antivir

    https://www.avira.com/

    ____________
    0
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. Utilisateur anonyme
     
    bitedefender m avait trouve
    trojan patched.T et l a supprime..
    et dis moi y a rien de supperflu a supprimer?,merci de ta reponse
    0
  5. Utilisateur anonyme
     
    et dis moi ...antivir est en francais??je supprime d abord AVG?
    0
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    il faut d'abord supprimé avg

    ____________

    antivir est en anglais mais simple

    https://www.malekal.com/avira-free-security-antivirus-gratuit/

    ____________

    ou sinon mets avast en francais

    fait ca pour contrôler:

    combofix

    http://mickael.barroux.free.fr/securite/combofix.php

    _____________
    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

    · Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
    · Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
    · Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

    http://kerio.probb.fr/tuto-Clean-h37.html

    ____________

    tu peux aussi refaire un scan en ligne pour voir

    pour protéger gratos ton ordi

    securite

    mettre un antivirus

    AVAST en français ou ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions:

    AD AWARE + SPYBOT + WINDOWS DEFENDER

    +/-
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    --------
    un pare feu :
    celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    zonealarm

    -----------

    CCLEANER pour effacer les traces de surf
    0
  7. Utilisateur anonyme
     
    voila le rapport combfix
    ComboFix 07-08-07.6 - "Administrateur" 2007-08-08 17:25:38.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.67 [GMT 2:00]
    * Created a new restore point

    ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))

    2007-08-08 17:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
    2007-08-07 18:29 <REP> d-------- C:\Program Files\RegCleaner
    2007-08-07 15:48 <REP> d-------- C:\Program Files\Ashampoo
    2007-08-06 01:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-08-03 15:57 <REP> d-------- C:\Program Files\jv16 PowerTools
    2007-08-02 18:54 <REP> d-------- C:\Program Files\OpenOffice.org 2.2
    2007-08-02 13:41 <REP> d-------- C:\Program Files\Futuremark
    2007-07-30 18:28 <REP> d-------- C:\Program Files\iolo
    2007-07-30 13:25 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jetico Personal Firewall
    2007-07-29 13:21 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-26 20:39 15,990,784 --a------ C:\DOCUME~1\ADMINI~1\ntuser.dat
    2007-07-26 20:38 <REP> dr-h-c--- C:\MSOCache
    2007-07-25 12:42 69,632 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.scr
    2007-07-25 12:42 167,936 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.exe
    2007-07-18 20:04 2,302 --a------ C:\WINDOWS\system32\tmp.reg
    2007-07-18 19:02 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2007-07-16 01:48 <REP> d-------- C:\Program Files\CCleaner
    2007-07-16 00:24 45 ---h----- C:\WINDOWS\dsez4668.dat
    2007-07-15 18:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-07-15 16:46 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ma-config.com
    2007-07-15 15:25 <REP> d-------- C:\WINDOWS\system32\bfubackups
    2007-07-15 12:00 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-08 16:53 --------- d-------- C:\Program Files\lx_cats
    2007-08-07 15:23 --------- d-------- C:\Program Files\Trend Micro
    2007-08-07 00:20 --------- d-------- C:\Program Files\Lavasoft
    2007-08-06 20:55 --------- d-------- C:\Program Files\eMule
    2007-08-05 23:18 16391 --a--c--- C:\Windows\mozver.dat
    2007-08-04 16:35 --------- d-------- C:\Program Files\JkDefrag
    2007-08-02 13:56 2932 --a------ C:\Windows\system32\d3d9caps.dat
    2007-08-02 13:41 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-07-30 21:11 77858 --a------ C:\Windows\system32\perfc00C.dat
    2007-07-30 21:11 472290 --a------ C:\Windows\system32\perfh00C.dat
    2007-07-29 20:24 --------- d-------- C:\Program Files\CodeStuff
    2007-07-27 01:36 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
    2007-07-24 12:59 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
    2007-07-15 18:38 --------- d-------- C:\Program Files\CFWebAdvancedU
    2007-07-14 14:58 --------- d-------- C:\Program Files\Executive Software
    2007-07-04 14:55 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    2007-07-03 21:49 86094 --a--c--- C:\Windows\BPMNT.dll
    2007-07-03 21:49 1163344 --a--c--- C:\Windows\vsapi32.dll
    2007-07-01 21:35 71749 --a--c--- C:\Windows\hcextoutput.dll
    2007-07-01 21:35 267845 --a--c--- C:\Windows\tsc.exe
    2007-07-01 00:08 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\FaxCtr
    2007-06-30 23:12 --------- d-------- C:\Program Files\AutoWebCam
    2007-06-30 18:50 --------- d-------- C:\Program Files\Lexmark Fax Solutions
    2007-06-30 18:38 --------- d-------- C:\Program Files\Lexmark 2400 Series
    2007-06-30 18:37 --------- d-------- C:\Program Files\Lexmark Toolbar
    2007-06-30 13:51 --------- d-------- C:\Program Files\Eusing Free Registry Cleaner
    2007-06-30 00:14 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Uniblue
    2007-06-29 23:35 --------- d-------- C:\Program Files\Windows NT
    2007-06-29 23:35 --------- d-------- C:\Program Files\Movie Maker
    2007-06-29 23:34 --------- d-------- C:\Program Files\Windows Media Connect 2
    2007-06-27 19:37 --------- d-------- C:\Program Files\K-Lite Codec Pack
    2007-06-23 20:29 359808 --a------ C:\Windows\system32\drivers\TCPIP.SYS.ORIGINAL
    2007-05-29 20:09 41 ---h----- C:\Windows\dsez8066.dat
    2007-05-16 17:13 86528 --a------ C:\Windows\system32\dllcache\directdb.dll
    2007-05-16 17:13 85504 --a------ C:\Windows\system32\dllcache\wabimp.dll
    2007-05-16 17:13 683520 --a------ C:\Windows\system32\inetcomm.dll
    2007-05-16 17:13 683520 --a------ C:\Windows\system32\dllcache\inetcomm.dll
    2007-05-16 17:13 510976 --a------ C:\Windows\system32\dllcache\wab32.dll
    2007-05-16 17:13 1314816 --a------ C:\Windows\system32\dllcache\msoe.dll
    2007-05-08 10:59 3583488 --a------ C:\Windows\system32\dllcache\mshtml.dll
    2006-01-12 12:27 72344 --a--c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
    2005-12-25 23:42 278528 --a--c--- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2005-12-25 19:59 774144 --a------ C:\Program Files\RngInterstitial.dll
    --------- C:\Program Files\Hijackthis Version Française
    2007-04-09 09:40:46 5 --sha-w C:\Windows\system32\dedd9_g.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 18:12]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 20:57]
    "EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 18:11]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
    "LXCRCATS"="C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 19:27]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [2004-08-20 01:09]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DelRecentsDocuments"=0 (0x0)
    "DelRun"=0 (0x0)
    "DelFindFiles"=0 (0x0)
    "DelFindComputer"=0 (0x0)
    "NoSecCPL"=0 (0x0)
    "NoPwdPage"=0 (0x0)
    "NoProfilePage"=0 (0x0)
    "NoDevMgrPage"=0 (0x0)
    "NoConfigPage"=0 (0x0)
    "NoFileSysPage"=0 (0x0)
    "NoVirtMemPage"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "RestrictRun"=0 (0x0)
    "NoClose"=0 (0x0)
    "NoSetFolders"=0 (0x0)
    "NoStartMenuSubFolders"=0 (0x0)
    "NoSetTaskbar"=0 (0x0)
    "NoOpenDriveCD"=0 (0x0)
    "NoDirCopy"=0 (0x0)
    "NoDirDel"=0 (0x0)
    "NoDirMove"=0 (0x0)
    "NoDirRen"=0 (0x0)
    "NoFileMenu"=0 (0x0)
    "NoPrinterTabs"=0 (0x0)
    "NoDeletePrinter"=0 (0x0)
    "NoAddPrinter"=0 (0x0)
    "NoInstrumentation"=1 (0x1)
    "DisallowRun"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
    "4"=SCRNSAVE.EXE
    "5"=SynTPLpr.exe
    "6"=SynTPEnh.exe
    "7"=srmclean.exe
    "8"=cpqset.exe
    "9"=rundll32.exe
    "10"=MSASCui.exe
    "11"=jusched.exe
    "12"=SFAgent.exe
    "13"=avgcc.exe
    "14"=avgas.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
    "1"=srvms32.exe
    "2"=svcms32.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fjotho]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

    R0 caboagp;ATI Cabo AGP Filter;C:\Windows\system32\DRIVERS\atisgkaf.sys
    R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
    R1 avipbb;avipbb;C:\Windows\system32\DRIVERS\avipbb.sys
    R1 Cdr4_xp;Cdr4_xp;C:\Windows\system32\drivers\Cdr4_xp.sys
    R1 ClntMgmt.sys;ClntMgmt.sys;C:\Windows\system32\Drivers\ClntMgmt.sys
    R2 NWCWorkstation;Service client pour NetWare;C:\Windows\System32\svchost.exe -k netsvcs
    R3 aliadwdm;Pilote WDM d'accélérateur audio ALi;C:\Windows\system32\drivers\ac97ali.sys
    R3 ALiIRDA;Pilote de périphérique infrarouge ALi;C:\Windows\system32\DRIVERS\alifir.sys
    R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
    R3 NWRDR;NetWare Rdr;C:\Windows\system32\DRIVERS\nwrdr.sys
    R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\Windows\system32\Drivers\RootMdm.sys
    R3 Stmatm;ATM/ADSL miniport;C:\Windows\system32\DRIVERS\stmatm.sys
    R3 usbscan;Pilote de scanneur USB;C:\Windows\system32\DRIVERS\usbscan.sys
    S1 ssmdrv;ssmdrv;C:\Windows\system32\DRIVERS\ssmdrv.sys
    S1 wceusbsh;Pilote d'hôte USB série pour Windows CE;C:\Windows\system32\DRIVERS\wceusbsh.sys
    S3 AlcrFilt;Alcor Micro Corp;\??\C:\Windows\System32\Drivers\AlcrFilt.sys
    S3 allegro;Pilote audio ESS Allegro (WDM);C:\Windows\system32\drivers\es198x.sys
    S3 ASFWHide;ASFWHide;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASFWHide
    S3 DarkSpy;DarkSpy;\??\C:\Windows\system32\DarkSpyKernel.sys
    S3 DCamUSBPremier;USB Video Camera;C:\Windows\system32\Drivers\mpixvid.sys
    S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe
    S3 fsbl;F-Secure BlackLight Engine Driver;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys
    S3 ltmodem5;LT Modem Driver;C:\Windows\system32\DRIVERS\ltmdmnt.sys
    S3 MSIRCOMM;Microsoft IR Communications Driver;C:\Windows\system32\DRIVERS\MSIRCOMM.sys
    S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\Windows\system32\DRIVERS\netrcacm.sys
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys
    S3 TaurusUsb;ADSL Modem USB Service;C:\Windows\system32\DRIVERS\torususb.sys
    S3 USB_RNDIS;Point d'acces Inventel;C:\Windows\system32\DRIVERS\usb8023.sys
    S3 USBCM;Scientific Atlanta USB Cable Modem Driver;C:\Windows\system32\DRIVERS\Sacm2K.sys
    S3 USBSTOR;Pilote de stockage de masse USB;C:\Windows\system32\DRIVERS\USBSTOR.SYS

    *Newly Created Service* - ANTIVIRSCHEDULER
    *Newly Created Service* - ANTIVIRSERVICE
    *Newly Created Service* - AVGIO
    *Newly Created Service* - AVGNTFLT
    *Newly Created Service* - AVIPBB

    Contents of the 'Scheduled Tasks' folder
    2007-08-02 19:09:01 C:\Windows\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    2007-08-03 15:15:03 C:\Windows\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-08 17:29:09
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
    "OODEFRAG08.00.00.01WORKSTATION"="BFF616315C74F31FE14DBF2BA59AF8A70B7A5EDDD4FA65474CD760A2DC24C8A5BF64C6F26E43E1A2E0D97765EA3DDE28A4C862C03254E6FCEFC8F5A137D979B65534E42AE8FC192DA8F7B845EC1AC60B5BF3B7FA25265362AE65984D8BA1F45F356A0633D7A0397AA38BF7927962BFC4ED5FD05ADFF546C73B32D51E13EE04E9A6CD764D1AB3D96C4C3DDCF4B6CACAF12DB44F10EC46CC20DDFAEF6DDAB860C00769B31DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D14075D575E7D6A3B98088EDD5E5BE2F6E667C3B7436DB9990548B1D976E582F9371B4225CE9CCF9A153CCFD4B38E1F37CDF07F97C5DA0A0530799805777646B6AA01AC23015E7887A0A3117E15E6515592FC2652F216805A8B4EF1B83F0B72606EAE07F8347CE316834CBBD819C0C2E95CC2B60493E7DA7C91FB4284C26859983B9FFAC629D61C4BCE1C41B2EC3352F8BEB0074F62416E0F6E1965F9E8F464C77A370831966CBC6F4C5CE3E134F571CA7B1A3E598F342100832087310EBD9018CBB7815E2361F80F773B3DBF04E8A66D8CB35B4CBB76EEFA6772AAC403F2ED79004A0E7A6D801579FE4AB728E50C0DB11E19AD5600E467F163D2A4D18AE7209F9E7A28350536E9C3467D147B5987D02E90C85AA7E5FDAC1CF3E71FFB5D136000E2B99EC2F013E44564AF651E4F24B6B9F8245A75EDE377744BBD19E9A713F85639DB935929CB099A279C9279AD4E93739F737A7C0ADD1137CF4362460926CBA247197EB51BB969240CE7D97A4F9AD1BB805FDBF621D65AE7994C224095B04DA7608E2A98A75930854695C890813DEF374DF5F1A98E5D474BF711D10956BA05EB113CB543A2CB1B27BE0EC4B18611004F69AB86D722A55C6DE92BBED7C46F0FBB178693FE56D5FAB4902104D5931329B1ED55364B1E05B79B271A0CE7541F9D2564B689960061B51F8B7E9379D465244FA62E72523976876719C3ADF766BD72FBA1F6B35A50F9C299333CD19E664EC0DC15D3FEBF9F9A8EA75B6C6EC9D363E657275A801D6BD1311D3ED3F4C75BB760546DC874E6EE32247541C1EBA4E8CB67128453B2B7EBBBA1659822027EB8AFF9F119F340A3BB26B4AFD05198D2655673CB7C3B6185DDB249F261E856CFF96796B7339F23D10BFEBEF9C090B8A3FD0921E684CDF5654252728A6D4DA1CC8BB4D6EA8CF932D3D9EDD43881D5E7E9D909178BC7AC30BA0FDC78B2435A6709D013E993A996560F95C42095335B92FA152491A3A55BA46F2C36CDB81F7AFE9D9E1E98FEC3694AED23F9D900ACC2FAB14048E15F2E4236EBF667F72CEE019528BF99BB3FC64E225E58A9D22A758EB6EE5F0C6C31ABAD2323C01C10E1D7A32947716BC129D284BF5000126C894CA52F9169A4"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Allowed MACs]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Denied MACs]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Launched Apps]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Rejected MACs]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500]
    "UserFolderName"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\101]
    "Name"="101"
    "FriendlyName"="TODO"
    "GlobalVolumeName"="\\?\Volume{ec2ce060-63b0-11d7-9219-806d6172696f}\"
    "GlobalVolumePath"="\Documents and Settings\Administrateur\Mes documents\Ma musique"
    "LocalDrive"="C:"
    "LocalPath"="\Documents and Settings\Administrateur\Mes documents\Ma musique"
    "ShareWithEveryone"="True"
    "ShareWithApprovedDevices"="False"
    "State"="False"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\101\Approved]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\102]
    "Name"="102"
    "FriendlyName"="TODO"
    "GlobalVolumeName"="\\?\Volume{ec2ce060-63b0-11d7-9219-806d6172696f}\"
    "GlobalVolumePath"="\Documents and Settings\Administrateur\Mes documents\Mes images"
    "LocalDrive"="C:"
    "LocalPath"="\Documents and Settings\Administrateur\Mes documents\Mes images"
    "ShareWithEveryone"="True"
    "ShareWithApprovedDevices"="False"
    "State"="False"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\102\Approved]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\103]
    "Name"="103"
    "FriendlyName"="TODO"
    "GlobalVolumeName"="\\?\Volume{ec2ce060-63b0-11d7-9219-806d6172696f}\"
    "GlobalVolumePath"="\Documents and Settings\Administrateur\Mes documents\Mes vid\xe9os"
    "LocalDrive"="C:"
    "LocalPath"="\Documents and Settings\Administrateur\Mes documents\Mes vid\xe9os"
    "ShareWithEveryone"="True"
    "ShareWithApprovedDevices"="False"
    "State"="False"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\103\Approved]

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-08 17:32:06
    C:\ComboFix-quarantined-files.txt ... 2007-08-08 17:31
    C:\ComboFix2.txt ... 2007-07-29 13:29

    --- E O F ---
    0
  8. Utilisateur anonyme
     
    voila j ai fait deux trucs en mode sans echec.je te les poste
    08/08/2007 a 17:58:05,09

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\Windows\

    *** Recherche des fichiers dans C:\Windows\system32
    "C:\Windows\Downloaded Program Files\CONFLICT.1" FOUND

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !
    et l autre
    ComboFix 07-08-07.6 - "Administrateur" 2007-08-08 17:59:45.2 - NTFSx86 MINIMAL
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.70 [GMT 2:00]

    ((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))

    2007-08-08 17:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
    2007-08-07 18:29 <REP> d-------- C:\Program Files\RegCleaner
    2007-08-07 15:48 <REP> d-------- C:\Program Files\Ashampoo
    2007-08-06 01:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-08-03 15:57 <REP> d-------- C:\Program Files\jv16 PowerTools
    2007-08-02 18:54 <REP> d-------- C:\Program Files\OpenOffice.org 2.2
    2007-08-02 13:41 <REP> d-------- C:\Program Files\Futuremark
    2007-07-30 18:28 <REP> d-------- C:\Program Files\iolo
    2007-07-30 13:25 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jetico Personal Firewall
    2007-07-29 13:21 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-26 20:39 15,990,784 --a------ C:\DOCUME~1\ADMINI~1\ntuser.dat
    2007-07-26 20:38 <REP> dr-h-c--- C:\MSOCache
    2007-07-25 12:42 69,632 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.scr
    2007-07-25 12:42 167,936 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.exe
    2007-07-18 20:04 2,302 --a------ C:\WINDOWS\system32\tmp.reg
    2007-07-18 19:02 <REP> d-------- C:\WINDOWS\system32\URTTemp
    2007-07-16 01:48 <REP> d-------- C:\Program Files\CCleaner
    2007-07-16 00:24 45 ---h----- C:\WINDOWS\dsez4668.dat
    2007-07-15 18:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-07-15 16:46 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ma-config.com
    2007-07-15 15:25 <REP> d-------- C:\WINDOWS\system32\bfubackups
    2007-07-15 12:00 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-08 16:53 --------- d-------- C:\Program Files\lx_cats
    2007-08-07 15:23 --------- d-------- C:\Program Files\Trend Micro
    2007-08-07 00:20 --------- d-------- C:\Program Files\Lavasoft
    2007-08-06 20:55 --------- d-------- C:\Program Files\eMule
    2007-08-05 23:18 16391 --a--c--- C:\Windows\mozver.dat
    2007-08-04 16:35 --------- d-------- C:\Program Files\JkDefrag
    2007-08-02 13:56 2932 --a------ C:\Windows\system32\d3d9caps.dat
    2007-08-02 13:41 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-07-30 21:11 77858 --a------ C:\Windows\system32\perfc00C.dat
    2007-07-30 21:11 472290 --a------ C:\Windows\system32\perfh00C.dat
    2007-07-29 20:24 --------- d-------- C:\Program Files\CodeStuff
    2007-07-27 01:36 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
    2007-07-24 12:59 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
    2007-07-15 18:38 --------- d-------- C:\Program Files\CFWebAdvancedU
    2007-07-14 14:58 --------- d-------- C:\Program Files\Executive Software
    2007-07-04 14:55 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
    2007-07-03 21:49 86094 --a--c--- C:\Windows\BPMNT.dll
    2007-07-03 21:49 1163344 --a--c--- C:\Windows\vsapi32.dll
    2007-07-01 21:35 71749 --a--c--- C:\Windows\hcextoutput.dll
    2007-07-01 21:35 267845 --a--c--- C:\Windows\tsc.exe
    2007-07-01 00:08 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\FaxCtr
    2007-06-30 23:12 --------- d-------- C:\Program Files\AutoWebCam
    2007-06-30 18:50 --------- d-------- C:\Program Files\Lexmark Fax Solutions
    2007-06-30 18:38 --------- d-------- C:\Program Files\Lexmark 2400 Series
    2007-06-30 18:37 --------- d-------- C:\Program Files\Lexmark Toolbar
    2007-06-30 13:51 --------- d-------- C:\Program Files\Eusing Free Registry Cleaner
    2007-06-30 00:14 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Uniblue
    2007-06-29 23:35 --------- d-------- C:\Program Files\Windows NT
    2007-06-29 23:35 --------- d-------- C:\Program Files\Movie Maker
    2007-06-29 23:34 --------- d-------- C:\Program Files\Windows Media Connect 2
    2007-06-27 19:37 --------- d-------- C:\Program Files\K-Lite Codec Pack
    2007-06-23 20:29 359808 --a------ C:\Windows\system32\drivers\TCPIP.SYS.ORIGINAL
    2007-05-29 20:09 41 ---h----- C:\Windows\dsez8066.dat
    2007-05-16 17:13 86528 --a------ C:\Windows\system32\dllcache\directdb.dll
    2007-05-16 17:13 85504 --a------ C:\Windows\system32\dllcache\wabimp.dll
    2007-05-16 17:13 683520 --a------ C:\Windows\system32\inetcomm.dll
    2007-05-16 17:13 683520 --a------ C:\Windows\system32\dllcache\inetcomm.dll
    2007-05-16 17:13 510976 --a------ C:\Windows\system32\dllcache\wab32.dll
    2007-05-16 17:13 1314816 --a------ C:\Windows\system32\dllcache\msoe.dll
    2007-05-08 10:59 3583488 --a------ C:\Windows\system32\dllcache\mshtml.dll
    2006-01-12 12:27 72344 --a--c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
    2005-12-25 23:42 278528 --a--c--- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2005-12-25 19:59 774144 --a------ C:\Program Files\RngInterstitial.dll
    --------- C:\Program Files\Hijackthis Version Française
    2007-04-09 09:40:46 5 --sha-w C:\Windows\system32\dedd9_g.dll

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 18:12]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 20:57]
    "EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 18:11]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
    "LXCRCATS"="C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 19:27]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [2004-08-20 01:09]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DelRecentsDocuments"=0 (0x0)
    "DelRun"=0 (0x0)
    "DelFindFiles"=0 (0x0)
    "DelFindComputer"=0 (0x0)
    "NoSecCPL"=0 (0x0)
    "NoPwdPage"=0 (0x0)
    "NoProfilePage"=0 (0x0)
    "NoDevMgrPage"=0 (0x0)
    "NoConfigPage"=0 (0x0)
    "NoFileSysPage"=0 (0x0)
    "NoVirtMemPage"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "RestrictRun"=0 (0x0)
    "NoClose"=0 (0x0)
    "NoSetFolders"=0 (0x0)
    "NoStartMenuSubFolders"=0 (0x0)
    "NoSetTaskbar"=0 (0x0)
    "NoOpenDriveCD"=0 (0x0)
    "NoDirCopy"=0 (0x0)
    "NoDirDel"=0 (0x0)
    "NoDirMove"=0 (0x0)
    "NoDirRen"=0 (0x0)
    "NoFileMenu"=0 (0x0)
    "NoPrinterTabs"=0 (0x0)
    "NoDeletePrinter"=0 (0x0)
    "NoAddPrinter"=0 (0x0)
    "NoInstrumentation"=1 (0x1)
    "DisallowRun"=1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
    "4"=SCRNSAVE.EXE
    "5"=SynTPLpr.exe
    "6"=SynTPEnh.exe
    "7"=srmclean.exe
    "8"=cpqset.exe
    "9"=rundll32.exe
    "10"=MSASCui.exe
    "11"=jusched.exe
    "12"=SFAgent.exe
    "13"=avgcc.exe
    "14"=avgas.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
    "1"=srvms32.exe
    "2"=svcms32.exe

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 nwprovau

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fjotho]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

    R0 caboagp;ATI Cabo AGP Filter;C:\Windows\system32\DRIVERS\atisgkaf.sys
    R1 Cdr4_xp;Cdr4_xp;C:\Windows\system32\drivers\Cdr4_xp.sys
    S1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
    S1 avipbb;avipbb;C:\Windows\system32\DRIVERS\avipbb.sys
    S1 ClntMgmt.sys;ClntMgmt.sys;C:\Windows\system32\Drivers\ClntMgmt.sys
    S1 ssmdrv;ssmdrv;C:\Windows\system32\DRIVERS\ssmdrv.sys
    S1 wceusbsh;Pilote d'hôte USB série pour Windows CE;C:\Windows\system32\DRIVERS\wceusbsh.sys
    S2 NWCWorkstation;Service client pour NetWare;C:\Windows\System32\svchost.exe -k netsvcs
    S3 AlcrFilt;Alcor Micro Corp;\??\C:\Windows\System32\Drivers\AlcrFilt.sys
    S3 aliadwdm;Pilote WDM d'accélérateur audio ALi;C:\Windows\system32\drivers\ac97ali.sys
    S3 ALiIRDA;Pilote de périphérique infrarouge ALi;C:\Windows\system32\DRIVERS\alifir.sys
    S3 allegro;Pilote audio ESS Allegro (WDM);C:\Windows\system32\drivers\es198x.sys
    S3 ASFWHide;ASFWHide;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASFWHide
    S3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
    S3 DarkSpy;DarkSpy;\??\C:\Windows\system32\DarkSpyKernel.sys
    S3 DCamUSBPremier;USB Video Camera;C:\Windows\system32\Drivers\mpixvid.sys
    S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe
    S3 fsbl;F-Secure BlackLight Engine Driver;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys
    S3 ltmodem5;LT Modem Driver;C:\Windows\system32\DRIVERS\ltmdmnt.sys
    S3 MSIRCOMM;Microsoft IR Communications Driver;C:\Windows\system32\DRIVERS\MSIRCOMM.sys
    S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\Windows\system32\DRIVERS\netrcacm.sys
    S3 NWRDR;NetWare Rdr;C:\Windows\system32\DRIVERS\nwrdr.sys
    S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\Windows\system32\Drivers\RootMdm.sys
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys
    S3 Stmatm;ATM/ADSL miniport;C:\Windows\system32\DRIVERS\stmatm.sys
    S3 TaurusUsb;ADSL Modem USB Service;C:\Windows\system32\DRIVERS\torususb.sys
    S3 USB_RNDIS;Point d'acces Inventel;C:\Windows\system32\DRIVERS\usb8023.sys
    S3 USBCM;Scientific Atlanta USB Cable Modem Driver;C:\Windows\system32\DRIVERS\Sacm2K.sys
    S3 usbscan;Pilote de scanneur USB;C:\Windows\system32\DRIVERS\usbscan.sys
    S3 USBSTOR;Pilote de stockage de masse USB;C:\Windows\system32\DRIVERS\USBSTOR.SYS

    Contents of the 'Scheduled Tasks' folder
    2007-08-02 19:09:01 C:\Windows\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    2007-08-03 15:15:03 C:\Windows\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-08 18:01:52
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
    "OODEFRAG08.00.00.01WORKSTATION"="BFF616315C74F31FE14DBF2BA59AF8A70B7A5EDDD4FA65474CD760A2DC24C8A5BF64C6F26E43E1A2E0D97765EA3DDE28A4C862C03254E6FCEFC8F5A137D979B65534E42AE8FC192DA8F7B845EC1AC60B5BF3B7FA25265362AE65984D8BA1F45F356A0633D7A0397AA38BF7927962BFC4ED5FD05ADFF546C73B32D51E13EE04E9A6CD764D1AB3D96C4C3DDCF4B6CACAF12DB44F10EC46CC20DDFAEF6DDAB860C00769B31DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D14075D575E7D6A3B98088EDD5E5BE2F6E667C3B7436DB9990548B1D976E582F9371B4225CE9CCF9A153CCFD4B38E1F37CDF07F97C5DA0A0530799805777646B6AA01AC23015E7887A0A3117E15E6515592FC2652F216805A8B4EF1B83F0B72606EAE07F8347CE316834CBBD819C0C2E95CC2B60493E7DA7C91FB4284C26859983B9FFAC629D61C4BCE1C41B2EC3352F8BEB0074F62416E0F6E1965F9E8F464C77A370831966CBC6F4C5CE3E134F571CA7B1A3E598F342100832087310EBD9018CBB7815E2361F80F773B3DBF04E8A66D8CB35B4CBB76EEFA6772AAC403F2ED79004A0E7A6D801579FE4AB728E50C0DB11E19AD5600E467F163D2A4D18AE7209F9E7A28350536E9C3467D147B5987D02E90C85AA7E5FDAC1CF3E71FFB5D136000E2B99EC2F013E44564AF651E4F24B6B9F8245A75EDE377744BBD19E9A713F85639DB935929CB099A279C9279AD4E93739F737A7C0ADD1137CF4362460926CBA247197EB51BB969240CE7D97A4F9AD1BB805FDBF621D65AE7994C224095B04DA7608E2A98A75930854695C890813DEF374DF5F1A98E5D474BF711D10956BA05EB113CB543A2CB1B27BE0EC4B18611004F69AB86D722A55C6DE92BBED7C46F0FBB178693FE56D5FAB4902104D5931329B1ED55364B1E05B79B271A0CE7541F9D2564B689960061B51F8B7E9379D465244FA62E72523976876719C3ADF766BD72FBA1F6B35A50F9C299333CD19E664EC0DC15D3FEBF9F9A8EA75B6C6EC9D363E657275A801D6BD1311D3ED3F4C75BB760546DC874E6EE32247541C1EBA4E8CB67128453B2B7EBBBA1659822027EB8AFF9F119F340A3BB26B4AFD05198D2655673CB7C3B6185DDB249F261E856CFF96796B7339F23D10BFEBEF9C090B8A3FD0921E684CDF5654252728A6D4DA1CC8BB4D6EA8CF932D3D9EDD43881D5E7E9D909178BC7AC30BA0FDC78B2435A6709D013E993A996560F95C42095335B92FA152491A3A55BA46F2C36CDB81F7AFE9D9E1E98FEC3694AED23F9D900ACC2FAB14048E15F2E4236EBF667F72CEE019528BF99BB3FC64E225E58A9D22A758EB6EE5F0C6C31ABAD2323C01C10E1D7A32947716BC129D284BF5000126C894CA52F9169A4"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Allowed MACs]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Denied MACs]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Launched Apps]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Rejected MACs]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500]
    "UserFolderName"=""

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\101]
    "Name"="101"
    "FriendlyName"="TODO"
    "GlobalVolumeName"="\\?\Volume{ec2ce060-63b0-11d7-9219-806d6172696f}\"
    "GlobalVolumePath"="\Documents and Settings\Administrateur\Mes documents\Ma musique"
    "LocalDrive"="C:"
    "LocalPath"="\Documents and Settings\Administrateur\Mes documents\Ma musique"
    "ShareWithEveryone"="True"
    "ShareWithApprovedDevices"="False"
    "State"="False"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\101\Approved]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\102]
    "Name"="102"
    "FriendlyName"="TODO"
    "GlobalVolumeName"="\\?\Volume{ec2ce060-63b0-11d7-9219-806d6172696f}\"
    "GlobalVolumePath"="\Documents and Settings\Administrateur\Mes documents\Mes images"
    "LocalDrive"="C:"
    "LocalPath"="\Documents and Settings\Administrateur\Mes documents\Mes images"
    "ShareWithEveryone"="True"
    "ShareWithApprovedDevices"="False"
    "State"="False"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\102\Approved]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\103]
    "Name"="103"
    "FriendlyName"="TODO"
    "GlobalVolumeName"="\\?\Volume{ec2ce060-63b0-11d7-9219-806d6172696f}\"
    "GlobalVolumePath"="\Documents and Settings\Administrateur\Mes documents\Mes vid\xe9os"
    "LocalDrive"="C:"
    "LocalPath"="\Documents and Settings\Administrateur\Mes documents\Mes vid\xe9os"
    "ShareWithEveryone"="True"
    "ShareWithApprovedDevices"="False"
    "State"="False"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\103\Approved]

    scanning hidden files ...

    **************************************************************************

    Completion time: 2007-08-08 18:03:42
    C:\ComboFix-quarantined-files.txt ... 2007-08-08 18:02
    C:\ComboFix2.txt ... 2007-08-08 17:32
    C:\ComboFix3.txt ... 2007-07-29 13:29

    --- E O F ---
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok ca va

    des pbs?
    si tu as mis antivir ou avast scan avec pour controler

    sinon tout est ok
    0
  10. Utilisateur anonyme
     
    ok antivir est en train de scanner..je te tiens informe
    0
  11. Utilisateur anonyme
     
    voila le rapport antivir

    AntiVir PersonalEdition Classic
    Report file date: mercredi 8 août 2007 19:02

    Scanning for 1006464 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Administrateur
    Computer name: UCE552

    Version information:
    BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
    AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
    AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
    LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
    LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
    ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
    ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 15:09:10
    ANTIVIR2.VDF : 6.39.0.207 1077248 Bytes 02/08/2007 15:09:10
    ANTIVIR3.VDF : 6.39.0.221 126976 Bytes 08/08/2007 15:09:10
    AVEWIN32.DLL : 7.4.0.57 2707968 Bytes 08/08/2007 15:09:10
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 08/08/2007 15:09:11
    AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
    AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
    AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
    RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

    Configuration settings for the scan:
    Jobname..........................: Local Hard Disks
    Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 8 août 2007 19:02

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'ezprint.exe' - '1' Module(s) have been scanned
    Scan process 'lxcrmon.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'lxcrcoms.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    29 processes with 29 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '11' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!

    End of the scan: mercredi 8 août 2007 20:10
    Used time: 1:08:29 min

    The scan has been done completely.

    3998 Scanning directories
    226702 Files were scanned
    0 viruses and/or unwanted programs were found
    0 classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    226702 Files not concerned
    6774 Archives were scanned
    1 Warnings
    0 Notes
    0 Hidden objects were found
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    rien de trouvé

    encore des pbs? lequels?

    si pas de pb c'est ok

    pour protéger gratos ton ordi

    securite

    mettre un antivirus

    AVAST en français ou ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions:

    AD AWARE + SPYBOT + WINDOWS DEFENDER

    +/-
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    --------
    un pare feu :
    celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    zonealarm

    -----------

    CCLEANER pour effacer les traces de surf
    0
  13. Utilisateur anonyme
     
    bonjour. voila ce matin message d erreur
    htp/%1/020c/windows/system32/spoll/drivers/w32x86/LEXSUP.HTM est introuvable.verifiez que le chemin d acces ou l adresse internet sont corrects
    et sans rien faire ca m a ouvert directement internet explorer
    .. cest grave docteur?
    0
  14. Utilisateur anonyme
     
    Logfile of HijackThis v1.99.1
    Scan saved at 09:18:12, on 09/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\lxcrcoms.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files\Lexmark 2400 Series\ezprint.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Windows\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - Startup: NOTFOUND.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://www.cyber-infos.net/files/OnlineScan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
    O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    je pense que ca vient de ton imprimante lexmark
    desinstalle puis reinstalle les pilotes de l'imprimante pour voir

    __________
    0
  16. Utilisateur anonyme
     
    ok je vais essayer..je vais voir..et te dis..
    0
  17. Utilisateur anonyme
     
    voila j ai desinstalle et reinstalle. y a plus le message d erreur au demarrage. je te remet un rapport hitjackthis
    Logfile of HijackThis v1.99.1
    Scan saved at 14:31:16, on 09/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\lxcrcoms.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
    C:\Program Files\Lexmark 2400 Series\ezprint.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
    O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
    O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
    O4 - Startup: NOTFOUND.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://www.cyber-infos.net/files/OnlineScan.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
    O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
    0
  18. Utilisateur anonyme
     
    et voila antivir

    AntiVir PersonalEdition Classic
    Report file date: jeudi 9 août 2007 14:49

    Scanning for 1007149 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: Administrateur
    Computer name: UCE552

    Version information:
    BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
    AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
    AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
    LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
    LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
    ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
    ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 15:09:10
    ANTIVIR2.VDF : 6.39.0.207 1077248 Bytes 02/08/2007 15:09:10
    ANTIVIR3.VDF : 6.39.0.223 136704 Bytes 09/08/2007 12:48:03
    AVEWIN32.DLL : 7.4.0.57 2707968 Bytes 08/08/2007 15:09:10
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
    AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVPACK32.DLL : 7.3.0.15 360488 Bytes 08/08/2007 15:09:11
    AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
    AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
    AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
    RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
    RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

    Configuration settings for the scan:
    Jobname..........................: Manual Selection
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: jeudi 9 août 2007 14:49

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'ezprint.exe' - '1' Module(s) have been scanned
    Scan process 'lxcrmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'mdm.exe' - '1' Module(s) have been scanned
    Scan process 'lxcrcoms.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    28 processes with 28 modules were scanned

    Start scanning boot sectors:
    Boot sector 'A:\'
    [NOTE] In the drive 'A:\' no data medium is inserted!
    Boot sector 'C:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '11' files ).

    Starting the file scan:

    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    Le périphérique n'est pas prêt.

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <Lemark 2400>

    End of the scan: jeudi 9 août 2007 16:04
    Used time: 1:15:18 min

    The scan has been done completely.

    4289 Scanning directories
    246442 Files were scanned
    0 viruses and/or unwanted programs were found
    0 classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    246442 Files not concerned
    8122 Archives were scanned
    1 Warnings
    0 Notes
    0 Hidden objects were found
    0
  19. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    c'est bon

    !
    0
  • 1
  • 2