Sujet Précédent Sujet Suivant

Resultat AVG

Résolu/Fermé
Utilisateur anonyme - 8 août 2007 à 10:51
 Utilisateur anonyme - 11 août 2007 à 11:06
bonjour . mon rapport AVG antivirus me dit
dans la case File....HOSTS
dans la case Result Infection....CHANGE
dans la case Path...C/windows/system32/drivers/etc/hosts
pouvez vous me dire ce que ca signifie
merci d avance

21 réponses

  • 1
  • 2
Réponse 1 / 21
Utilisateur anonyme
8 août 2007 à 11:17
personne connait??merci
0
Réponse 2 / 21
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 août 2007 à 11:33
colle un rapport hijackthis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html


manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
0
Utilisateur anonyme
8 août 2007 à 17:51
voila j ai fait ca mais en mode normal..dois je le refaire en mode sans echec??
0
Réponse 3 / 21
Utilisateur anonyme
8 août 2007 à 11:44
Logfile of HijackThis v1.99.1
Scan saved at 11:44:01, on 08/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\lxcrcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - Startup: NOTFOUND.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://www.cyber-infos.net/files/OnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
0
Réponse 4 / 21
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 août 2007 à 12:56
je ne vois rien de special

les scan en ligne que tu as fais F secure et BITDEFENDER ont trouv&é quelques choses?

_______________

avg antivirus ne trouve pas de virus non ? je pense que ce ne sont que des infos données : donc pas de souci

sinon ANTIVIR est plus performant qu'avg 7 en antivirus et aussi gratuit alors je te conseille de changer pour antivir

https://www.avira.com/


____________
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
Utilisateur anonyme
8 août 2007 à 14:25
bitedefender m avait trouve
trojan patched.T et l a supprime..
et dis moi y a rien de supperflu a supprimer?,merci de ta reponse
0
Réponse 6 / 21
Utilisateur anonyme
8 août 2007 à 14:29
et dis moi ...antivir est en francais??je supprime d abord AVG?
0
Réponse 7 / 21
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 août 2007 à 15:13
il faut d'abord supprimé avg

____________

antivir est en anglais mais simple

https://www.malekal.com/avira-free-security-antivirus-gratuit/



____________

ou sinon mets avast en francais




fait ca pour contrôler:


combofix

http://mickael.barroux.free.fr/securite/combofix.php



_____________
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

· Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
· Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
· Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

http://kerio.probb.fr/tuto-Clean-h37.html


____________

tu peux aussi refaire un scan en ligne pour voir
































pour protéger gratos ton ordi

securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions:

AD AWARE + SPYBOT + WINDOWS DEFENDER

+/-
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...


--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
zonealarm

-----------

CCLEANER pour effacer les traces de surf
0
Réponse 8 / 21
Utilisateur anonyme
8 août 2007 à 17:36
voila le rapport combfix
ComboFix 07-08-07.6 - "Administrateur" 2007-08-08 17:25:38.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.67 [GMT 2:00]
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-08 17:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-07 18:29 <REP> d-------- C:\Program Files\RegCleaner
2007-08-07 15:48 <REP> d-------- C:\Program Files\Ashampoo
2007-08-06 01:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-03 15:57 <REP> d-------- C:\Program Files\jv16 PowerTools
2007-08-02 18:54 <REP> d-------- C:\Program Files\OpenOffice.org 2.2
2007-08-02 13:41 <REP> d-------- C:\Program Files\Futuremark
2007-07-30 18:28 <REP> d-------- C:\Program Files\iolo
2007-07-30 13:25 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jetico Personal Firewall
2007-07-29 13:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-26 20:39 15,990,784 --a------ C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-07-26 20:38 <REP> dr-h-c--- C:\MSOCache
2007-07-25 12:42 69,632 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.scr
2007-07-25 12:42 167,936 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.exe
2007-07-18 20:04 2,302 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-18 19:02 <REP> d-------- C:\WINDOWS\system32\URTTemp
2007-07-16 01:48 <REP> d-------- C:\Program Files\CCleaner
2007-07-16 00:24 45 ---h----- C:\WINDOWS\dsez4668.dat
2007-07-15 18:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-15 16:46 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ma-config.com
2007-07-15 15:25 <REP> d-------- C:\WINDOWS\system32\bfubackups
2007-07-15 12:00 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-08 16:53 --------- d-------- C:\Program Files\lx_cats
2007-08-07 15:23 --------- d-------- C:\Program Files\Trend Micro
2007-08-07 00:20 --------- d-------- C:\Program Files\Lavasoft
2007-08-06 20:55 --------- d-------- C:\Program Files\eMule
2007-08-05 23:18 16391 --a--c--- C:\Windows\mozver.dat
2007-08-04 16:35 --------- d-------- C:\Program Files\JkDefrag
2007-08-02 13:56 2932 --a------ C:\Windows\system32\d3d9caps.dat
2007-08-02 13:41 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-30 21:11 77858 --a------ C:\Windows\system32\perfc00C.dat
2007-07-30 21:11 472290 --a------ C:\Windows\system32\perfh00C.dat
2007-07-29 20:24 --------- d-------- C:\Program Files\CodeStuff
2007-07-27 01:36 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
2007-07-24 12:59 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-07-15 18:38 --------- d-------- C:\Program Files\CFWebAdvancedU
2007-07-14 14:58 --------- d-------- C:\Program Files\Executive Software
2007-07-04 14:55 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-07-03 21:49 86094 --a--c--- C:\Windows\BPMNT.dll
2007-07-03 21:49 1163344 --a--c--- C:\Windows\vsapi32.dll
2007-07-01 21:35 71749 --a--c--- C:\Windows\hcextoutput.dll
2007-07-01 21:35 267845 --a--c--- C:\Windows\tsc.exe
2007-07-01 00:08 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\FaxCtr
2007-06-30 23:12 --------- d-------- C:\Program Files\AutoWebCam
2007-06-30 18:50 --------- d-------- C:\Program Files\Lexmark Fax Solutions
2007-06-30 18:38 --------- d-------- C:\Program Files\Lexmark 2400 Series
2007-06-30 18:37 --------- d-------- C:\Program Files\Lexmark Toolbar
2007-06-30 13:51 --------- d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-06-30 00:14 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Uniblue
2007-06-29 23:35 --------- d-------- C:\Program Files\Windows NT
2007-06-29 23:35 --------- d-------- C:\Program Files\Movie Maker
2007-06-29 23:34 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-06-27 19:37 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-06-23 20:29 359808 --a------ C:\Windows\system32\drivers\TCPIP.SYS.ORIGINAL
2007-05-29 20:09 41 ---h----- C:\Windows\dsez8066.dat
2007-05-16 17:13 86528 --a------ C:\Windows\system32\dllcache\directdb.dll
2007-05-16 17:13 85504 --a------ C:\Windows\system32\dllcache\wabimp.dll
2007-05-16 17:13 683520 --a------ C:\Windows\system32\inetcomm.dll
2007-05-16 17:13 683520 --a------ C:\Windows\system32\dllcache\inetcomm.dll
2007-05-16 17:13 510976 --a------ C:\Windows\system32\dllcache\wab32.dll
2007-05-16 17:13 1314816 --a------ C:\Windows\system32\dllcache\msoe.dll
2007-05-08 10:59 3583488 --a------ C:\Windows\system32\dllcache\mshtml.dll
2006-01-12 12:27 72344 --a--c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2005-12-25 23:42 278528 --a--c--- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2005-12-25 19:59 774144 --a------ C:\Program Files\RngInterstitial.dll
--------- C:\Program Files\Hijackthis Version Française
2007-04-09 09:40:46 5 --sha-w C:\Windows\system32\dedd9_g.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 18:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 20:57]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 18:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"LXCRCATS"="C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 19:27]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [2004-08-20 01:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DelRecentsDocuments"=0 (0x0)
"DelRun"=0 (0x0)
"DelFindFiles"=0 (0x0)
"DelFindComputer"=0 (0x0)
"NoSecCPL"=0 (0x0)
"NoPwdPage"=0 (0x0)
"NoProfilePage"=0 (0x0)
"NoDevMgrPage"=0 (0x0)
"NoConfigPage"=0 (0x0)
"NoFileSysPage"=0 (0x0)
"NoVirtMemPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoOpenDriveCD"=0 (0x0)
"NoDirCopy"=0 (0x0)
"NoDirDel"=0 (0x0)
"NoDirMove"=0 (0x0)
"NoDirRen"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoInstrumentation"=1 (0x1)
"DisallowRun"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
"4"=SCRNSAVE.EXE
"5"=SynTPLpr.exe
"6"=SynTPEnh.exe
"7"=srmclean.exe
"8"=cpqset.exe
"9"=rundll32.exe
"10"=MSASCui.exe
"11"=jusched.exe
"12"=SFAgent.exe
"13"=avgcc.exe
"14"=avgas.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
"1"=srvms32.exe
"2"=svcms32.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fjotho]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

R0 caboagp;ATI Cabo AGP Filter;C:\Windows\system32\DRIVERS\atisgkaf.sys
R1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
R1 avipbb;avipbb;C:\Windows\system32\DRIVERS\avipbb.sys
R1 Cdr4_xp;Cdr4_xp;C:\Windows\system32\drivers\Cdr4_xp.sys
R1 ClntMgmt.sys;ClntMgmt.sys;C:\Windows\system32\Drivers\ClntMgmt.sys
R2 NWCWorkstation;Service client pour NetWare;C:\Windows\System32\svchost.exe -k netsvcs
R3 aliadwdm;Pilote WDM d'accélérateur audio ALi;C:\Windows\system32\drivers\ac97ali.sys
R3 ALiIRDA;Pilote de périphérique infrarouge ALi;C:\Windows\system32\DRIVERS\alifir.sys
R3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
R3 NWRDR;NetWare Rdr;C:\Windows\system32\DRIVERS\nwrdr.sys
R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\Windows\system32\Drivers\RootMdm.sys
R3 Stmatm;ATM/ADSL miniport;C:\Windows\system32\DRIVERS\stmatm.sys
R3 usbscan;Pilote de scanneur USB;C:\Windows\system32\DRIVERS\usbscan.sys
S1 ssmdrv;ssmdrv;C:\Windows\system32\DRIVERS\ssmdrv.sys
S1 wceusbsh;Pilote d'hôte USB série pour Windows CE;C:\Windows\system32\DRIVERS\wceusbsh.sys
S3 AlcrFilt;Alcor Micro Corp;\??\C:\Windows\System32\Drivers\AlcrFilt.sys
S3 allegro;Pilote audio ESS Allegro (WDM);C:\Windows\system32\drivers\es198x.sys
S3 ASFWHide;ASFWHide;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASFWHide
S3 DarkSpy;DarkSpy;\??\C:\Windows\system32\DarkSpyKernel.sys
S3 DCamUSBPremier;USB Video Camera;C:\Windows\system32\Drivers\mpixvid.sys
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe
S3 fsbl;F-Secure BlackLight Engine Driver;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys
S3 ltmodem5;LT Modem Driver;C:\Windows\system32\DRIVERS\ltmdmnt.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\Windows\system32\DRIVERS\MSIRCOMM.sys
S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\Windows\system32\DRIVERS\netrcacm.sys
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys
S3 TaurusUsb;ADSL Modem USB Service;C:\Windows\system32\DRIVERS\torususb.sys
S3 USB_RNDIS;Point d'acces Inventel;C:\Windows\system32\DRIVERS\usb8023.sys
S3 USBCM;Scientific Atlanta USB Cable Modem Driver;C:\Windows\system32\DRIVERS\Sacm2K.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\Windows\system32\DRIVERS\USBSTOR.SYS

*Newly Created Service* - ANTIVIRSCHEDULER
*Newly Created Service* - ANTIVIRSERVICE
*Newly Created Service* - AVGIO
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - AVIPBB

Contents of the 'Scheduled Tasks' folder
2007-08-02 19:09:01 C:\Windows\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-03 15:15:03 C:\Windows\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 17:29:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="BFF616315C74F31FE14DBF2BA59AF8A70B7A5EDDD4FA65474CD760A2DC24C8A5BF64C6F26E43E1A2E0D97765EA3DDE28A4C862C03254E6FCEFC8F5A137D979B65534E42AE8FC192DA8F7B845EC1AC60B5BF3B7FA25265362AE65984D8BA1F45F356A0633D7A0397AA38BF7927962BFC4ED5FD05ADFF546C73B32D51E13EE04E9A6CD764D1AB3D96C4C3DDCF4B6CACAF12DB44F10EC46CC20DDFAEF6DDAB860C00769B31DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D14075D575E7D6A3B98088EDD5E5BE2F6E667C3B7436DB9990548B1D976E582F9371B4225CE9CCF9A153CCFD4B38E1F37CDF07F97C5DA0A0530799805777646B6AA01AC23015E7887A0A3117E15E6515592FC2652F216805A8B4EF1B83F0B72606EAE07F8347CE316834CBBD819C0C2E95CC2B60493E7DA7C91FB4284C26859983B9FFAC629D61C4BCE1C41B2EC3352F8BEB0074F62416E0F6E1965F9E8F464C77A370831966CBC6F4C5CE3E134F571CA7B1A3E598F342100832087310EBD9018CBB7815E2361F80F773B3DBF04E8A66D8CB35B4CBB76EEFA6772AAC403F2ED79004A0E7A6D801579FE4AB728E50C0DB11E19AD5600E467F163D2A4D18AE7209F9E7A28350536E9C3467D147B5987D02E90C85AA7E5FDAC1CF3E71FFB5D136000E2B99EC2F013E44564AF651E4F24B6B9F8245A75EDE377744BBD19E9A713F85639DB935929CB099A279C9279AD4E93739F737A7C0ADD1137CF4362460926CBA247197EB51BB969240CE7D97A4F9AD1BB805FDBF621D65AE7994C224095B04DA7608E2A98A75930854695C890813DEF374DF5F1A98E5D474BF711D10956BA05EB113CB543A2CB1B27BE0EC4B18611004F69AB86D722A55C6DE92BBED7C46F0FBB178693FE56D5FAB4902104D5931329B1ED55364B1E05B79B271A0CE7541F9D2564B689960061B51F8B7E9379D465244FA62E72523976876719C3ADF766BD72FBA1F6B35A50F9C299333CD19E664EC0DC15D3FEBF9F9A8EA75B6C6EC9D363E657275A801D6BD1311D3ED3F4C75BB760546DC874E6EE32247541C1EBA4E8CB67128453B2B7EBBBA1659822027EB8AFF9F119F340A3BB26B4AFD05198D2655673CB7C3B6185DDB249F261E856CFF96796B7339F23D10BFEBEF9C090B8A3FD0921E684CDF5654252728A6D4DA1CC8BB4D6EA8CF932D3D9EDD43881D5E7E9D909178BC7AC30BA0FDC78B2435A6709D013E993A996560F95C42095335B92FA152491A3A55BA46F2C36CDB81F7AFE9D9E1E98FEC3694AED23F9D900ACC2FAB14048E15F2E4236EBF667F72CEE019528BF99BB3FC64E225E58A9D22A758EB6EE5F0C6C31ABAD2323C01C10E1D7A32947716BC129D284BF5000126C894CA52F9169A4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Allowed MACs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Denied MACs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Launched Apps]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Rejected MACs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500]
"UserFolderName"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\101]
"Name"="101"
"FriendlyName"="TODO"
"GlobalVolumeName"="\\?\Volume{ec2ce060-63b0-11d7-9219-806d6172696f}\"
"GlobalVolumePath"="\Documents and Settings\Administrateur\Mes documents\Ma musique"
"LocalDrive"="C:"
"LocalPath"="\Documents and Settings\Administrateur\Mes documents\Ma musique"
"ShareWithEveryone"="True"
"ShareWithApprovedDevices"="False"
"State"="False"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\101\Approved]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\102]
"Name"="102"
"FriendlyName"="TODO"
"GlobalVolumeName"="\\?\Volume{ec2ce060-63b0-11d7-9219-806d6172696f}\"
"GlobalVolumePath"="\Documents and Settings\Administrateur\Mes documents\Mes images"
"LocalDrive"="C:"
"LocalPath"="\Documents and Settings\Administrateur\Mes documents\Mes images"
"ShareWithEveryone"="True"
"ShareWithApprovedDevices"="False"
"State"="False"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\102\Approved]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\103]
"Name"="103"
"FriendlyName"="TODO"
"GlobalVolumeName"="\\?\Volume{ec2ce060-63b0-11d7-9219-806d6172696f}\"
"GlobalVolumePath"="\Documents and Settings\Administrateur\Mes documents\Mes vid\xe9os"
"LocalDrive"="C:"
"LocalPath"="\Documents and Settings\Administrateur\Mes documents\Mes vid\xe9os"
"ShareWithEveryone"="True"
"ShareWithApprovedDevices"="False"
"State"="False"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\103\Approved]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-08 17:32:06
C:\ComboFix-quarantined-files.txt ... 2007-08-08 17:31
C:\ComboFix2.txt ... 2007-07-29 13:29

--- E O F ---
0
Réponse 9 / 21
Utilisateur anonyme
8 août 2007 à 18:24
voila j ai fait deux trucs en mode sans echec.je te les poste
08/08/2007 a 17:58:05,09

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\Windows\

*** Recherche des fichiers dans C:\Windows\system32
"C:\Windows\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
et l autre
ComboFix 07-08-07.6 - "Administrateur" 2007-08-08 17:59:45.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.70 [GMT 2:00]


((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-08 17:01 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\AntiVir PersonalEdition Classic
2007-08-07 18:29 <REP> d-------- C:\Program Files\RegCleaner
2007-08-07 15:48 <REP> d-------- C:\Program Files\Ashampoo
2007-08-06 01:13 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-08-03 15:57 <REP> d-------- C:\Program Files\jv16 PowerTools
2007-08-02 18:54 <REP> d-------- C:\Program Files\OpenOffice.org 2.2
2007-08-02 13:41 <REP> d-------- C:\Program Files\Futuremark
2007-07-30 18:28 <REP> d-------- C:\Program Files\iolo
2007-07-30 13:25 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Jetico Personal Firewall
2007-07-29 13:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-26 20:39 15,990,784 --a------ C:\DOCUME~1\ADMINI~1\ntuser.dat
2007-07-26 20:38 <REP> dr-h-c--- C:\MSOCache
2007-07-25 12:42 69,632 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.scr
2007-07-25 12:42 167,936 --a------ C:\WINDOWS\system32\JkDefragScreenSaver.exe
2007-07-18 20:04 2,302 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-18 19:02 <REP> d-------- C:\WINDOWS\system32\URTTemp
2007-07-16 01:48 <REP> d-------- C:\Program Files\CCleaner
2007-07-16 00:24 45 ---h----- C:\WINDOWS\dsez4668.dat
2007-07-15 18:08 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-15 16:46 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\ma-config.com
2007-07-15 15:25 <REP> d-------- C:\WINDOWS\system32\bfubackups
2007-07-15 12:00 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-08 16:53 --------- d-------- C:\Program Files\lx_cats
2007-08-07 15:23 --------- d-------- C:\Program Files\Trend Micro
2007-08-07 00:20 --------- d-------- C:\Program Files\Lavasoft
2007-08-06 20:55 --------- d-------- C:\Program Files\eMule
2007-08-05 23:18 16391 --a--c--- C:\Windows\mozver.dat
2007-08-04 16:35 --------- d-------- C:\Program Files\JkDefrag
2007-08-02 13:56 2932 --a------ C:\Windows\system32\d3d9caps.dat
2007-08-02 13:41 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-30 21:11 77858 --a------ C:\Windows\system32\perfc00C.dat
2007-07-30 21:11 472290 --a------ C:\Windows\system32\perfh00C.dat
2007-07-29 20:24 --------- d-------- C:\Program Files\CodeStuff
2007-07-27 01:36 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\MSN6
2007-07-24 12:59 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-07-15 18:38 --------- d-------- C:\Program Files\CFWebAdvancedU
2007-07-14 14:58 --------- d-------- C:\Program Files\Executive Software
2007-07-04 14:55 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Apple Computer
2007-07-03 21:49 86094 --a--c--- C:\Windows\BPMNT.dll
2007-07-03 21:49 1163344 --a--c--- C:\Windows\vsapi32.dll
2007-07-01 21:35 71749 --a--c--- C:\Windows\hcextoutput.dll
2007-07-01 21:35 267845 --a--c--- C:\Windows\tsc.exe
2007-07-01 00:08 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\FaxCtr
2007-06-30 23:12 --------- d-------- C:\Program Files\AutoWebCam
2007-06-30 18:50 --------- d-------- C:\Program Files\Lexmark Fax Solutions
2007-06-30 18:38 --------- d-------- C:\Program Files\Lexmark 2400 Series
2007-06-30 18:37 --------- d-------- C:\Program Files\Lexmark Toolbar
2007-06-30 13:51 --------- d-------- C:\Program Files\Eusing Free Registry Cleaner
2007-06-30 00:14 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Uniblue
2007-06-29 23:35 --------- d-------- C:\Program Files\Windows NT
2007-06-29 23:35 --------- d-------- C:\Program Files\Movie Maker
2007-06-29 23:34 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-06-27 19:37 --------- d-------- C:\Program Files\K-Lite Codec Pack
2007-06-23 20:29 359808 --a------ C:\Windows\system32\drivers\TCPIP.SYS.ORIGINAL
2007-05-29 20:09 41 ---h----- C:\Windows\dsez8066.dat
2007-05-16 17:13 86528 --a------ C:\Windows\system32\dllcache\directdb.dll
2007-05-16 17:13 85504 --a------ C:\Windows\system32\dllcache\wabimp.dll
2007-05-16 17:13 683520 --a------ C:\Windows\system32\inetcomm.dll
2007-05-16 17:13 683520 --a------ C:\Windows\system32\dllcache\inetcomm.dll
2007-05-16 17:13 510976 --a------ C:\Windows\system32\dllcache\wab32.dll
2007-05-16 17:13 1314816 --a------ C:\Windows\system32\dllcache\msoe.dll
2007-05-08 10:59 3583488 --a------ C:\Windows\system32\dllcache\mshtml.dll
2006-01-12 12:27 72344 --a--c--- C:\DOCUME~1\ADMINI~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2005-12-25 23:42 278528 --a--c--- C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2005-12-25 19:59 774144 --a------ C:\Program Files\RngInterstitial.dll
--------- C:\Program Files\Hijackthis Version Française
2007-04-09 09:40:46 5 --sha-w C:\Windows\system32\dedd9_g.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2006-12-11 18:12]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"lxcrmon.exe"="C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" [2007-01-11 20:57]
"EzPrint"="C:\Program Files\Lexmark 2400 Series\ezprint.exe" [2006-12-11 18:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]
"LXCRCATS"="C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-11-21 19:27]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\Windows\system32\ctfmon.exe" [2004-08-20 01:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DelRecentsDocuments"=0 (0x0)
"DelRun"=0 (0x0)
"DelFindFiles"=0 (0x0)
"DelFindComputer"=0 (0x0)
"NoSecCPL"=0 (0x0)
"NoPwdPage"=0 (0x0)
"NoProfilePage"=0 (0x0)
"NoDevMgrPage"=0 (0x0)
"NoConfigPage"=0 (0x0)
"NoFileSysPage"=0 (0x0)
"NoVirtMemPage"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"RestrictRun"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoSetTaskbar"=0 (0x0)
"NoOpenDriveCD"=0 (0x0)
"NoDirCopy"=0 (0x0)
"NoDirDel"=0 (0x0)
"NoDirMove"=0 (0x0)
"NoDirRen"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoInstrumentation"=1 (0x1)
"DisallowRun"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
"4"=SCRNSAVE.EXE
"5"=SynTPLpr.exe
"6"=SynTPEnh.exe
"7"=srmclean.exe
"8"=cpqset.exe
"9"=rundll32.exe
"10"=MSASCui.exe
"11"=jusched.exe
"12"=SFAgent.exe
"13"=avgcc.exe
"14"=avgas.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\RestrictRun]
"1"=srvms32.exe
"2"=svcms32.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fjotho]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

R0 caboagp;ATI Cabo AGP Filter;C:\Windows\system32\DRIVERS\atisgkaf.sys
R1 Cdr4_xp;Cdr4_xp;C:\Windows\system32\drivers\Cdr4_xp.sys
S1 avgio;avgio;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys
S1 avipbb;avipbb;C:\Windows\system32\DRIVERS\avipbb.sys
S1 ClntMgmt.sys;ClntMgmt.sys;C:\Windows\system32\Drivers\ClntMgmt.sys
S1 ssmdrv;ssmdrv;C:\Windows\system32\DRIVERS\ssmdrv.sys
S1 wceusbsh;Pilote d'hôte USB série pour Windows CE;C:\Windows\system32\DRIVERS\wceusbsh.sys
S2 NWCWorkstation;Service client pour NetWare;C:\Windows\System32\svchost.exe -k netsvcs
S3 AlcrFilt;Alcor Micro Corp;\??\C:\Windows\System32\Drivers\AlcrFilt.sys
S3 aliadwdm;Pilote WDM d'accélérateur audio ALi;C:\Windows\system32\drivers\ac97ali.sys
S3 ALiIRDA;Pilote de périphérique infrarouge ALi;C:\Windows\system32\DRIVERS\alifir.sys
S3 allegro;Pilote audio ESS Allegro (WDM);C:\Windows\system32\drivers\es198x.sys
S3 ASFWHide;ASFWHide;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ASFWHide
S3 avgntflt;avgntflt;\??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys
S3 DarkSpy;DarkSpy;\??\C:\Windows\system32\DarkSpyKernel.sys
S3 DCamUSBPremier;USB Video Camera;C:\Windows\system32\Drivers\mpixvid.sys
S3 F-Secure BlackLight Sensor;F-Secure BlackLight Sensor;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe
S3 fsbl;F-Secure BlackLight Engine Driver;\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys
S3 ltmodem5;LT Modem Driver;C:\Windows\system32\DRIVERS\ltmdmnt.sys
S3 MSIRCOMM;Microsoft IR Communications Driver;C:\Windows\system32\DRIVERS\MSIRCOMM.sys
S3 netrcacm;RCA USB Digital Cable Modem Driver;C:\Windows\system32\DRIVERS\netrcacm.sys
S3 NWRDR;NetWare Rdr;C:\Windows\system32\DRIVERS\nwrdr.sys
S3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\Windows\system32\Drivers\RootMdm.sys
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;C:\Windows\system32\DRIVERS\sis163u.sys
S3 Stmatm;ATM/ADSL miniport;C:\Windows\system32\DRIVERS\stmatm.sys
S3 TaurusUsb;ADSL Modem USB Service;C:\Windows\system32\DRIVERS\torususb.sys
S3 USB_RNDIS;Point d'acces Inventel;C:\Windows\system32\DRIVERS\usb8023.sys
S3 USBCM;Scientific Atlanta USB Cable Modem Driver;C:\Windows\system32\DRIVERS\Sacm2K.sys
S3 usbscan;Pilote de scanneur USB;C:\Windows\system32\DRIVERS\usbscan.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\Windows\system32\DRIVERS\USBSTOR.SYS


Contents of the 'Scheduled Tasks' folder
2007-08-02 19:09:01 C:\Windows\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-03 15:15:03 C:\Windows\Tasks\Maintenance en 1 clic.job - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-08 18:01:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="BFF616315C74F31FE14DBF2BA59AF8A70B7A5EDDD4FA65474CD760A2DC24C8A5BF64C6F26E43E1A2E0D97765EA3DDE28A4C862C03254E6FCEFC8F5A137D979B65534E42AE8FC192DA8F7B845EC1AC60B5BF3B7FA25265362AE65984D8BA1F45F356A0633D7A0397AA38BF7927962BFC4ED5FD05ADFF546C73B32D51E13EE04E9A6CD764D1AB3D96C4C3DDCF4B6CACAF12DB44F10EC46CC20DDFAEF6DDAB860C00769B31DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A9C6AECB7A5D14075D575E7D6A3B98088EDD5E5BE2F6E667C3B7436DB9990548B1D976E582F9371B4225CE9CCF9A153CCFD4B38E1F37CDF07F97C5DA0A0530799805777646B6AA01AC23015E7887A0A3117E15E6515592FC2652F216805A8B4EF1B83F0B72606EAE07F8347CE316834CBBD819C0C2E95CC2B60493E7DA7C91FB4284C26859983B9FFAC629D61C4BCE1C41B2EC3352F8BEB0074F62416E0F6E1965F9E8F464C77A370831966CBC6F4C5CE3E134F571CA7B1A3E598F342100832087310EBD9018CBB7815E2361F80F773B3DBF04E8A66D8CB35B4CBB76EEFA6772AAC403F2ED79004A0E7A6D801579FE4AB728E50C0DB11E19AD5600E467F163D2A4D18AE7209F9E7A28350536E9C3467D147B5987D02E90C85AA7E5FDAC1CF3E71FFB5D136000E2B99EC2F013E44564AF651E4F24B6B9F8245A75EDE377744BBD19E9A713F85639DB935929CB099A279C9279AD4E93739F737A7C0ADD1137CF4362460926CBA247197EB51BB969240CE7D97A4F9AD1BB805FDBF621D65AE7994C224095B04DA7608E2A98A75930854695C890813DEF374DF5F1A98E5D474BF711D10956BA05EB113CB543A2CB1B27BE0EC4B18611004F69AB86D722A55C6DE92BBED7C46F0FBB178693FE56D5FAB4902104D5931329B1ED55364B1E05B79B271A0CE7541F9D2564B689960061B51F8B7E9379D465244FA62E72523976876719C3ADF766BD72FBA1F6B35A50F9C299333CD19E664EC0DC15D3FEBF9F9A8EA75B6C6EC9D363E657275A801D6BD1311D3ED3F4C75BB760546DC874E6EE32247541C1EBA4E8CB67128453B2B7EBBBA1659822027EB8AFF9F119F340A3BB26B4AFD05198D2655673CB7C3B6185DDB249F261E856CFF96796B7339F23D10BFEBEF9C090B8A3FD0921E684CDF5654252728A6D4DA1CC8BB4D6EA8CF932D3D9EDD43881D5E7E9D909178BC7AC30BA0FDC78B2435A6709D013E993A996560F95C42095335B92FA152491A3A55BA46F2C36CDB81F7AFE9D9E1E98FEC3694AED23F9D900ACC2FAB14048E15F2E4236EBF667F72CEE019528BF99BB3FC64E225E58A9D22A758EB6EE5F0C6C31ABAD2323C01C10E1D7A32947716BC129D284BF5000126C894CA52F9169A4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Allowed MACs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Denied MACs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Launched Apps]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\MAC Access Control\Rejected MACs]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500]
"UserFolderName"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\101]
"Name"="101"
"FriendlyName"="TODO"
"GlobalVolumeName"="\\?\Volume{ec2ce060-63b0-11d7-9219-806d6172696f}\"
"GlobalVolumePath"="\Documents and Settings\Administrateur\Mes documents\Ma musique"
"LocalDrive"="C:"
"LocalPath"="\Documents and Settings\Administrateur\Mes documents\Ma musique"
"ShareWithEveryone"="True"
"ShareWithApprovedDevices"="False"
"State"="False"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\101\Approved]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\102]
"Name"="102"
"FriendlyName"="TODO"
"GlobalVolumeName"="\\?\Volume{ec2ce060-63b0-11d7-9219-806d6172696f}\"
"GlobalVolumePath"="\Documents and Settings\Administrateur\Mes documents\Mes images"
"LocalDrive"="C:"
"LocalPath"="\Documents and Settings\Administrateur\Mes documents\Mes images"
"ShareWithEveryone"="True"
"ShareWithApprovedDevices"="False"
"State"="False"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\102\Approved]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\103]
"Name"="103"
"FriendlyName"="TODO"
"GlobalVolumeName"="\\?\Volume{ec2ce060-63b0-11d7-9219-806d6172696f}\"
"GlobalVolumePath"="\Documents and Settings\Administrateur\Mes documents\Mes vid\xe9os"
"LocalDrive"="C:"
"LocalPath"="\Documents and Settings\Administrateur\Mes documents\Mes vid\xe9os"
"ShareWithEveryone"="True"
"ShareWithApprovedDevices"="False"
"State"="False"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media Connect\Users\S-1-5-21-257621693-4282951562-813958858-500\103\Approved]

scanning hidden files ...

**************************************************************************

Completion time: 2007-08-08 18:03:42
C:\ComboFix-quarantined-files.txt ... 2007-08-08 18:02
C:\ComboFix2.txt ... 2007-08-08 17:32
C:\ComboFix3.txt ... 2007-07-29 13:29

--- E O F ---
0
Réponse 10 / 21
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 août 2007 à 18:48
ok ca va

des pbs?
si tu as mis antivir ou avast scan avec pour controler

sinon tout est ok
0
Réponse 11 / 21
Utilisateur anonyme
8 août 2007 à 19:18
ok antivir est en train de scanner..je te tiens informe
0
Réponse 12 / 21
Utilisateur anonyme
8 août 2007 à 23:09
voila le rapport antivir


AntiVir PersonalEdition Classic
Report file date: mercredi 8 août 2007 19:02

Scanning for 1006464 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: UCE552

Version information:
BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 15:09:10
ANTIVIR2.VDF : 6.39.0.207 1077248 Bytes 02/08/2007 15:09:10
ANTIVIR3.VDF : 6.39.0.221 126976 Bytes 08/08/2007 15:09:10
AVEWIN32.DLL : 7.4.0.57 2707968 Bytes 08/08/2007 15:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 08/08/2007 15:09:11
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 8 août 2007 19:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'ezprint.exe' - '1' Module(s) have been scanned
Scan process 'lxcrmon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'lxcrcoms.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
29 processes with 29 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '11' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: mercredi 8 août 2007 20:10
Used time: 1:08:29 min

The scan has been done completely.

3998 Scanning directories
226702 Files were scanned
0 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
226702 Files not concerned
6774 Archives were scanned
1 Warnings
0 Notes
0 Hidden objects were found
0
Réponse 13 / 21
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 août 2007 à 23:40
rien de trouvé

encore des pbs? lequels?



si pas de pb c'est ok






pour protéger gratos ton ordi

securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions:

AD AWARE + SPYBOT + WINDOWS DEFENDER

+/-
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...


--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
zonealarm

-----------

CCLEANER pour effacer les traces de surf
0
Réponse 14 / 21
Utilisateur anonyme
9 août 2007 à 08:49
bonjour. voila ce matin message d erreur
htp/%1/020c/windows/system32/spoll/drivers/w32x86/LEXSUP.HTM est introuvable.verifiez que le chemin d acces ou l adresse internet sont corrects
et sans rien faire ca m a ouvert directement internet explorer
.. cest grave docteur?
0
Réponse 15 / 21
Utilisateur anonyme
9 août 2007 à 09:19
Logfile of HijackThis v1.99.1
Scan saved at 09:18:12, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\lxcrcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - Startup: NOTFOUND.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://www.cyber-infos.net/files/OnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
0
Réponse 16 / 21
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 août 2007 à 12:27
je pense que ca vient de ton imprimante lexmark
desinstalle puis reinstalle les pilotes de l'imprimante pour voir

__________
0
Réponse 17 / 21
Utilisateur anonyme
9 août 2007 à 13:47
ok je vais essayer..je vais voir..et te dis..
0
Réponse 18 / 21
Utilisateur anonyme
9 août 2007 à 14:33
voila j ai desinstalle et reinstalle. y a plus le message d erreur au demarrage. je te remet un rapport hitjackthis
Logfile of HijackThis v1.99.1
Scan saved at 14:31:16, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\lxcrcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - Startup: NOTFOUND.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://www.cyber-infos.net/files/OnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure BlackLight Sensor - Unknown owner - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe (file missing)
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
0
Réponse 19 / 21
Utilisateur anonyme
9 août 2007 à 16:10
et voila antivir


AntiVir PersonalEdition Classic
Report file date: jeudi 9 août 2007 14:49

Scanning for 1007149 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: UCE552

Version information:
BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 15:09:10
ANTIVIR2.VDF : 6.39.0.207 1077248 Bytes 02/08/2007 15:09:10
ANTIVIR3.VDF : 6.39.0.223 136704 Bytes 09/08/2007 12:48:03
AVEWIN32.DLL : 7.4.0.57 2707968 Bytes 08/08/2007 15:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 08/08/2007 15:09:11
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 9 août 2007 14:49

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ezprint.exe' - '1' Module(s) have been scanned
Scan process 'lxcrmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'lxcrcoms.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Start scanning boot sectors:
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '11' files ).


Starting the file scan:

Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Lemark 2400>


End of the scan: jeudi 9 août 2007 16:04
Used time: 1:15:18 min

The scan has been done completely.

4289 Scanning directories
246442 Files were scanned
0 viruses and/or unwanted programs were found
0 classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
246442 Files not concerned
8122 Archives were scanned
1 Warnings
0 Notes
0 Hidden objects were found
0
Réponse 20 / 21
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
9 août 2007 à 17:05
c'est bon

!
0

Discussions similaires

Récupérer un résultat selon la date d'aujourd'hui
l1607 -
l1607 -

3 réponses
Obtenir un affichage décimal sur ma Casio fx 92
Anomyme. -
Bruno -

25 réponses
Avoir les résultats du dernier tirage du loto :)
Tutozz -
Tutozz -

9 réponses
Bonjour,j'ai besoin des résultats d'aujourd'hui vendredi 29 octobre 2021 de 17h
Besoindesresultats -
brucine -

4 réponses
generer toutes les combinaisons du loto premier bet 5/90 et 4/52 .
Riccilo -
ccm81 -

8 réponses