Rapport mauvais ?
Résolu/Fermé
Pancho
-
5 oct. 2007 à 22:46
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 4 juil. 2008 à 12:17
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 4 juil. 2008 à 12:17
A voir également:
- Rapport mauvais ?
- Plan rapport de stage - Guide
- On vous a donné accès à un fichier rapport. il est partagé avec plusieurs personnes sur cet espace pix cloud. répondez aux questions - Forum Cloud
- Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport existant - Forum Excel
- Envoyer un rapport de bug à mi pour analyse - Forum Xiaomi
- Rapport erreur windows - Guide
166 réponses
Julien06
Messages postés
129
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
3 avril 2012
7 déc. 2007 à 12:10
7 déc. 2007 à 12:10
re,ok je vais faire ce que tu m'a demandé.
Julien06
Messages postés
129
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
3 avril 2012
7 déc. 2007 à 12:28
7 déc. 2007 à 12:28
re, voici le rapport de antivir...
AntiVir PersonalEdition Classic
Report file date: vendredi 7 décembre 2007 12:12
Scanning for 963056 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: SYSTEM
Computer name: MAISON-6ZNO7WTT
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 20:16:38
ANTIVIR3.VDF : 7.0.1.56 105984 Bytes 07/12/2007 09:41:17
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 03/12/2007 20:16:38
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 7 décembre 2007 12:12
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'GUI.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\1033v.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\1033v.exe
[WARNING] The file could not be opened!
The registry was scanned ( '25' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\!KillBox\aadcaad.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] A backup was created as '47bd2b1b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\!KillBox\aadcaad.dll.bak
[DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
[INFO] A backup was created as '4631dc84.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\!KillBox\apmrwkrf.dll.bak
[DETECTION] Is the Trojan horse TR/Delf.103242
[INFO] A backup was created as '47c62b2a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\!KillBox\zgnlkjga.dll.bak
[DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
[INFO] A backup was created as '47c72b22.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{7057E3FF-F4E8-4421-856D-A22F39080A4B}\RP2\A0000065.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] A backup was created as '47892c7a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\1033v.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\aadcaad.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] A backup was created as '47bd2d6a.qua' ( QUARANTINE )
[WARNING] The file could not be deleted!
End of the scan: vendredi 7 décembre 2007 12:24
Used time: 11:41 min
The scan has been done completely.
2520 Scanning directories
110335 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
5 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
110329 Files not concerned
716 Archives were scanned
5 Warnings
0 Notes
et enfin voici le rapport de combofix
ComboFix 07-12-07.3 - maison 2007-12-07 12:25:41.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.224 [GMT 1:00]
Running from: C:\Documents and Settings\maison\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-07 to 2007-12-07 ))))))))))))))))))))))))))))))))))))
.
2007-12-07 11:58 . 2007-12-07 11:58 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-07 11:57 . 2007-12-07 11:57 <REP> d-------- C:\WINDOWS\report
2007-12-07 11:57 . 2007-12-07 11:56 39,917,509 --a------ C:\WINDOWS\LPT$VPN.869
2007-12-07 11:11 . 2007-12-07 11:33 <REP> d-------- C:\Program Files\a-squared Free
2007-12-07 01:22 . 2007-12-07 01:22 <REP> d--h----- C:\WINDOWS\PIF
2007-12-07 00:48 . 2007-12-07 00:48 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-06 23:17 . 2007-12-06 23:17 1,678 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-06 22:15 . 2007-12-06 22:18 325 --a------ C:\WINDOWS\KillProcess.INI
2007-12-06 21:35 . 2007-12-06 21:35 <REP> d-------- C:\Program Files\Kill Process
2007-12-06 18:30 . 2007-12-02 18:48 1,500 --a------ C:\WINDOWS\system32\Copie de tmp.reg
2007-12-06 17:39 . 2007-12-06 18:06 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-12-06 16:50 . 2007-12-07 11:38 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-06 16:14 . 2007-12-06 18:41 <REP> d-------- C:\Program Files\Yahoo!
2007-12-06 16:14 . 2007-12-06 16:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Lavasoft
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-02 23:07 . 2007-12-02 23:07 <REP> d-------- C:\VundoFix Backups
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Program Files\Avira
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-02 20:04 . 2007-12-02 20:04 <REP> d-------- C:\Documents and Settings\maison\Application Data\Grisoft
2007-12-02 20:04 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-02 20:01 . 2007-12-02 20:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-02 19:22 . 2007-12-02 19:25 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-12-01 11:17 . 2007-12-01 11:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-30 14:40 . 2007-11-30 14:39 45,056 -r-hs---- C:\WINDOWS\system32\1033v.exe
2007-11-30 14:40 . 2007-11-30 14:40 144 --ahs---- C:\WINDOWS\system32\1549314879.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 10:58 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-12-07 10:58 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-12-07 10:56 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-12-07 10:56 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-12-07 10:56 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-12-07 10:56 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-12-07 10:56 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-12-07 10:07 --------- d-----w C:\Program Files\Wanadoo
2007-12-06 20:59 3,310 ----a-w C:\Documents and Settings\maison\Application Data\wklnhst.dat
2007-12-06 17:05 --------- d-----w C:\Program Files\Navilog1
2007-12-02 23:07 --------- d-----w C:\Program Files\eMule
2007-12-02 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-18 20:26 --------- d-----w C:\Program Files\DivX
2007-10-17 04:54 --------- d-----w C:\Program Files\Zapu
2007-10-17 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-16 20:55 81,408 ----a-w C:\WINDOWS\system32\aadcaad.dll
2007-10-14 18:16 --------- d-----w C:\Program Files\Trend Micro
2007-10-14 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-14 06:41 17,792 ----a-w C:\WINDOWS\system32\drivers\miqvzwcl.dat
2007-10-12 17:07 --------- d-----w C:\Program Files\Fichiers communs\G DATA
2007-10-12 16:50 --------- d-----w C:\Documents and Settings\maison\Application Data\Lavasoft
2007-10-05 23:24 52,602 ----a-w C:\WINDOWS\system32\interceptor.sys
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((( snapshot_2007-12-07_11.36.49,75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-11-09 19:05:12 86,094 ----a-w C:\WINDOWS\AU_Temp\2\4\BPMNT.dll
+ 2007-06-12 17:49:28 1,163,344 ----a-w C:\WINDOWS\AU_Temp\2\4\vsapi32.dll
+ 1999-07-23 09:53:20 129,536 ----a-w C:\WINDOWS\AuHCcup1.dll
- 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-12-07 10:38:49 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2002-10-15 13:29:40 77,824 ----a-w C:\WINDOWS\loadhttp.dll
+ 2001-12-14 12:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2005-11-02 17:07:12 99,328 ----a-w C:\WINDOWS\runtsckl.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91AD9DC2-523A-47E2-A598-6C277F16CC50}]
2007-10-16 21:55 81408 --a------ c:\windows\system32\aadcaad.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 15:33]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" [2007-11-30 14:39]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" [2007-11-30 14:39]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-03 21:16]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-02 11:25]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 03:37 C:\WINDOWS\RTHDCPL.EXE]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 10:54]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"M1000Mnt"="M1000Rmv.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" []
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" [2007-11-30 14:39]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" [2007-11-30 14:39]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
UpdateWin REG_SZ C:\WINDOWS\System32\1033v.exe
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R0 nvrfhgrt;Microsoft RPC API Helper;C:\WINDOWS\System32\drivers\miqvzwcl.dat
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R3 MarkFun_NT;MarkFun_NT;\??\C:\Program Files\Gigabyte\ET5\markfun.w32
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 M1000Srv;M5603C USB2.0 Camera Driver;C:\WINDOWS\System32\Drivers\M1000KNT.sys
*Newly Created Service* - A2FREE
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 12:26:45
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-07 12:27:18
C:\ComboFix2.txt ... 2007-12-07 11:37
C:\ComboFix3.txt ... 2007-11-04 20:20
.
--- E O F ---
AntiVir PersonalEdition Classic
Report file date: vendredi 7 décembre 2007 12:12
Scanning for 963056 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Username: SYSTEM
Computer name: MAISON-6ZNO7WTT
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 20:16:38
ANTIVIR3.VDF : 7.0.1.56 105984 Bytes 07/12/2007 09:41:17
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 03/12/2007 20:16:38
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 7 décembre 2007 12:12
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'GUI.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\1033v.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\1033v.exe
[WARNING] The file could not be opened!
The registry was scanned ( '25' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\!KillBox\aadcaad.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] A backup was created as '47bd2b1b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\!KillBox\aadcaad.dll.bak
[DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
[INFO] A backup was created as '4631dc84.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\!KillBox\apmrwkrf.dll.bak
[DETECTION] Is the Trojan horse TR/Delf.103242
[INFO] A backup was created as '47c62b2a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\!KillBox\zgnlkjga.dll.bak
[DETECTION] Is the Trojan horse TR/Crypt.Morphine.Gen
[INFO] A backup was created as '47c72b22.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{7057E3FF-F4E8-4421-856D-A22F39080A4B}\RP2\A0000065.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] A backup was created as '47892c7a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\WINDOWS\system32\1033v.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\aadcaad.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] A backup was created as '47bd2d6a.qua' ( QUARANTINE )
[WARNING] The file could not be deleted!
End of the scan: vendredi 7 décembre 2007 12:24
Used time: 11:41 min
The scan has been done completely.
2520 Scanning directories
110335 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
5 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
110329 Files not concerned
716 Archives were scanned
5 Warnings
0 Notes
et enfin voici le rapport de combofix
ComboFix 07-12-07.3 - maison 2007-12-07 12:25:41.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.224 [GMT 1:00]
Running from: C:\Documents and Settings\maison\Bureau\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2007-11-07 to 2007-12-07 ))))))))))))))))))))))))))))))))))))
.
2007-12-07 11:58 . 2007-12-07 11:58 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-07 11:57 . 2007-12-07 11:57 <REP> d-------- C:\WINDOWS\report
2007-12-07 11:57 . 2007-12-07 11:56 39,917,509 --a------ C:\WINDOWS\LPT$VPN.869
2007-12-07 11:11 . 2007-12-07 11:33 <REP> d-------- C:\Program Files\a-squared Free
2007-12-07 01:22 . 2007-12-07 01:22 <REP> d--h----- C:\WINDOWS\PIF
2007-12-07 00:48 . 2007-12-07 00:48 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-06 23:17 . 2007-12-06 23:17 1,678 --a------ C:\WINDOWS\system32\tmp.reg
2007-12-06 22:15 . 2007-12-06 22:18 325 --a------ C:\WINDOWS\KillProcess.INI
2007-12-06 21:35 . 2007-12-06 21:35 <REP> d-------- C:\Program Files\Kill Process
2007-12-06 18:30 . 2007-12-02 18:48 1,500 --a------ C:\WINDOWS\system32\Copie de tmp.reg
2007-12-06 17:39 . 2007-12-06 18:06 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-12-06 16:50 . 2007-12-07 11:38 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-06 16:14 . 2007-12-06 18:41 <REP> d-------- C:\Program Files\Yahoo!
2007-12-06 16:14 . 2007-12-06 16:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Lavasoft
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-02 23:07 . 2007-12-02 23:07 <REP> d-------- C:\VundoFix Backups
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Program Files\Avira
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-02 20:04 . 2007-12-02 20:04 <REP> d-------- C:\Documents and Settings\maison\Application Data\Grisoft
2007-12-02 20:04 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-02 20:01 . 2007-12-02 20:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-02 19:22 . 2007-12-02 19:25 <REP> d-------- C:\Program Files\RogueRemover FREE
2007-12-01 11:17 . 2007-12-01 11:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-30 14:40 . 2007-11-30 14:39 45,056 -r-hs---- C:\WINDOWS\system32\1033v.exe
2007-11-30 14:40 . 2007-11-30 14:40 144 --ahs---- C:\WINDOWS\system32\1549314879.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-07 10:58 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-12-07 10:58 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-12-07 10:56 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-12-07 10:56 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-12-07 10:56 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-12-07 10:56 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-12-07 10:56 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-12-07 10:07 --------- d-----w C:\Program Files\Wanadoo
2007-12-06 20:59 3,310 ----a-w C:\Documents and Settings\maison\Application Data\wklnhst.dat
2007-12-06 17:05 --------- d-----w C:\Program Files\Navilog1
2007-12-02 23:07 --------- d-----w C:\Program Files\eMule
2007-12-02 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-18 20:26 --------- d-----w C:\Program Files\DivX
2007-10-17 04:54 --------- d-----w C:\Program Files\Zapu
2007-10-17 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-16 20:55 81,408 ----a-w C:\WINDOWS\system32\aadcaad.dll
2007-10-14 18:16 --------- d-----w C:\Program Files\Trend Micro
2007-10-14 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-14 06:41 17,792 ----a-w C:\WINDOWS\system32\drivers\miqvzwcl.dat
2007-10-12 17:07 --------- d-----w C:\Program Files\Fichiers communs\G DATA
2007-10-12 16:50 --------- d-----w C:\Documents and Settings\maison\Application Data\Lavasoft
2007-10-05 23:24 52,602 ----a-w C:\WINDOWS\system32\interceptor.sys
2007-10-03 22:36 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((( snapshot_2007-12-07_11.36.49,75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-11-09 19:05:12 86,094 ----a-w C:\WINDOWS\AU_Temp\2\4\BPMNT.dll
+ 2007-06-12 17:49:28 1,163,344 ----a-w C:\WINDOWS\AU_Temp\2\4\vsapi32.dll
+ 1999-07-23 09:53:20 129,536 ----a-w C:\WINDOWS\AuHCcup1.dll
- 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-12-07 10:38:49 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2002-10-15 13:29:40 77,824 ----a-w C:\WINDOWS\loadhttp.dll
+ 2001-12-14 12:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2005-11-02 17:07:12 99,328 ----a-w C:\WINDOWS\runtsckl.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{91AD9DC2-523A-47E2-A598-6C277F16CC50}]
2007-10-16 21:55 81408 --a------ c:\windows\system32\aadcaad.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 15:33]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" [2007-11-30 14:39]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" [2007-11-30 14:39]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-03 21:16]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-02 11:25]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 03:37 C:\WINDOWS\RTHDCPL.EXE]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 10:54]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
"M1000Mnt"="M1000Rmv.exe" []
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" []
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" []
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" [2007-11-30 14:39]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"UpdateWin"="C:\WINDOWS\System32\1033v.exe" [2007-11-30 14:39]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
UpdateWin REG_SZ C:\WINDOWS\System32\1033v.exe
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R0 nvrfhgrt;Microsoft RPC API Helper;C:\WINDOWS\System32\drivers\miqvzwcl.dat
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R3 MarkFun_NT;MarkFun_NT;\??\C:\Program Files\Gigabyte\ET5\markfun.w32
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 M1000Srv;M5603C USB2.0 Camera Driver;C:\WINDOWS\System32\Drivers\M1000KNT.sys
*Newly Created Service* - A2FREE
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-07 12:26:45
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-07 12:27:18
C:\ComboFix2.txt ... 2007-12-07 11:37
C:\ComboFix3.txt ... 2007-11-04 20:20
.
--- E O F ---
Julien06
Messages postés
129
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
3 avril 2012
7 déc. 2007 à 17:46
7 déc. 2007 à 17:46
re, que veux tu que je fasse maintenant... le virus est tjs la.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
7 déc. 2007 à 22:18
7 déc. 2007 à 22:18
slt
lyonnais 92
pour voir tout ce qui a été fait avec
Julien06
regarde là:
http://www.commentcamarche.net/forum/affich 4187223 systeme infecte?page=4#0
lyonnais 92
pour voir tout ce qui a été fait avec
Julien06
regarde là:
http://www.commentcamarche.net/forum/affich 4187223 systeme infecte?page=4#0
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
7 déc. 2007 à 22:24
7 déc. 2007 à 22:24
slt,
Lyonnais92,
juste pour faire remarquer que tu fais deux posts
pancho
et
Julien06
Lyonnais92,
juste pour faire remarquer que tu fais deux posts
pancho
et
Julien06
Julien06
Messages postés
129
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
3 avril 2012
7 déc. 2007 à 22:40
7 déc. 2007 à 22:40
voila le rapport de virus totale
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: 49b5595b1824bea6d850e0ed08b53e43
Antivirus Version Last Update Result
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Additional information
MD5: 49b5595b1824bea6d850e0ed08b53e43
Julien06
Messages postés
129
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
3 avril 2012
7 déc. 2007 à 23:30
7 déc. 2007 à 23:30
deslé a toi aussi je ne savais pas que je devais resté sur le meme topic... g!rl m'a dit de garder ce topic la avec toi en esperant que tu veuille tjs m'aider ;-)
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
8 déc. 2007 à 12:11
8 déc. 2007 à 12:11
salut a vous deux ;-)
pour suivre...
pour suivre...
Salut Pancho, Lyonnais
Juste pour suivre ce topic très intéressant :-)
@+
ps:
Lyonnais tu es sur pour le script ?
Juste pour suivre ce topic très intéressant :-)
@+
ps:
Lyonnais tu es sur pour le script ?
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
8 déc. 2007 à 14:13
8 déc. 2007 à 14:13
salut lyonnais, moe
moe
je suis du meme avis que toi : 'Driver' dans CFscript ne devait comporter seulement que le nom du driver...
Driver::
nvrfhgrt
File::
C:\WINDOWS\System32\drivers\miqvzwcl.dat
quand aux cles de registre il faut imperativement les inclure au script...
lyonnais92 je t´ai envoyé un mp (pour ne pas ajouter de confusion ici ) avec mon script, dis moi ce que tu en pensse
@+
moe
je suis du meme avis que toi : 'Driver' dans CFscript ne devait comporter seulement que le nom du driver...
Driver::
nvrfhgrt
File::
C:\WINDOWS\System32\drivers\miqvzwcl.dat
quand aux cles de registre il faut imperativement les inclure au script...
lyonnais92 je t´ai envoyé un mp (pour ne pas ajouter de confusion ici ) avec mon script, dis moi ce que tu en pensse
@+
Julien06
Messages postés
129
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
3 avril 2012
9 déc. 2007 à 13:19
9 déc. 2007 à 13:19
Bonjour lyonnais 92,
T'inquiete pas je ne lacherai pas l'affaire avant que mon pc soit clair comme de l'eau de roche...lol
SInon j'ai fait tout ce que tu m'as demandé avec combofix... et voila le rapport...
ComboFix 07-12-07.3 - maison 2007-12-09 13:13:12.12 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.246 [GMT 1:00]
Running from: C:\Documents and Settings\maison\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\maison\Bureau\CFscript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\1033v.exe
C:\WINDOWS\system32\aadcaad.dll
C:\WINDOWS\System32\drivers\miqvzwcl.dat
C:\WINDOWS\system32\M1000Rmv.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\aadcaad.dll
C:\WINDOWS\System32\drivers\miqvzwcl.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NVRFHGRT
-------\nvrfhgrt
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))))))))
.
2007-12-07 22:24 . 2007-12-07 22:24 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-07 22:11 . 2007-12-07 22:11 <REP> d-------- C:\Program Files\Panda Security
2007-12-07 11:57 . 2007-12-07 11:57 <REP> d-------- C:\WINDOWS\report
2007-12-07 11:57 . 2007-12-07 11:56 39,917,509 --a------ C:\WINDOWS\LPT$VPN.869
2007-12-07 11:11 . 2007-12-07 11:33 <REP> d-------- C:\Program Files\a-squared Free
2007-12-07 01:22 . 2007-12-07 01:22 <REP> d--h----- C:\WINDOWS\PIF
2007-12-07 00:48 . 2007-12-07 00:48 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-06 18:30 . 2007-12-02 18:48 1,500 --a------ C:\WINDOWS\system32\Copie de tmp.reg
2007-12-06 17:39 . 2007-12-06 18:06 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-12-06 16:50 . 2007-12-07 20:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-06 16:14 . 2007-12-06 16:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Lavasoft
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-02 23:07 . 2007-12-02 23:07 <REP> d-------- C:\VundoFix Backups
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Program Files\Avira
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-02 20:04 . 2007-12-02 20:04 <REP> d-------- C:\Documents and Settings\maison\Application Data\Grisoft
2007-12-02 20:04 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-02 20:01 . 2007-12-02 20:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-01 11:17 . 2007-12-01 11:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-30 14:40 . 2007-11-30 14:40 144 --ahs---- C:\WINDOWS\system32\1549314879.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 12:15 --------- d-----w C:\Program Files\Wanadoo
2007-12-07 21:24 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-12-07 21:24 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-12-07 13:44 --------- d-----w C:\Program Files\Shareaza
2007-12-07 10:56 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-12-07 10:56 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-12-07 10:56 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-12-07 10:56 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-12-07 10:56 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-12-06 20:59 3,310 ----a-w C:\Documents and Settings\maison\Application Data\wklnhst.dat
2007-12-06 17:05 --------- d-----w C:\Program Files\Navilog1
2007-12-02 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-17 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-14 18:16 --------- d-----w C:\Program Files\Trend Micro
2007-10-14 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-12 17:07 --------- d-----w C:\Program Files\Fichiers communs\G DATA
2007-10-12 16:50 --------- d-----w C:\Documents and Settings\maison\Application Data\Lavasoft
.
((((((((((((((((((((((((((((( snapshot_2007-12-07_11.36.49,75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-11-09 19:05:12 86,094 ----a-w C:\WINDOWS\AU_Temp\2\4\BPMNT.dll
+ 2007-06-12 17:49:28 1,163,344 ----a-w C:\WINDOWS\AU_Temp\2\4\vsapi32.dll
+ 1999-07-23 09:53:20 129,536 ----a-w C:\WINDOWS\AuHCcup1.dll
- 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-12-07 10:38:49 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-09-11 12:49:24 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\LibComm.dll
+ 2007-09-11 12:49:28 38,280 ----a-w C:\WINDOWS\Downloaded Program Files\NanoInst.dll
+ 2007-09-11 12:49:30 43,824 ----a-w C:\WINDOWS\Downloaded Program Files\PSComm.dll
+ 2007-09-11 12:49:34 100,656 ----a-w C:\WINDOWS\Downloaded Program Files\PSNAdbrk.dll
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2002-10-15 13:29:40 77,824 ----a-w C:\WINDOWS\loadhttp.dll
+ 2001-12-14 12:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2005-11-02 17:07:12 99,328 ----a-w C:\WINDOWS\runtsckl.exe
+ 2007-10-11 13:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2005-10-12 23:15:25 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 13:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 15:33]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-03 21:16]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-02 11:25]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 03:37 C:\WINDOWS\RTHDCPL.EXE]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 10:54]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
UpdateWin REG_SZ C:\WINDOWS\System32\1033v.exe
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 M1000Srv;M5603C USB2.0 Camera Driver;C:\WINDOWS\System32\Drivers\M1000KNT.sys
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 13:15:55
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\ET5\markfun.w32"
.
Completion time: 2007-12-09 13:16:33 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-07 22:51
C:\ComboFix3.txt ... 2007-12-07 22:34
.
--- E O F ---
T'inquiete pas je ne lacherai pas l'affaire avant que mon pc soit clair comme de l'eau de roche...lol
SInon j'ai fait tout ce que tu m'as demandé avec combofix... et voila le rapport...
ComboFix 07-12-07.3 - maison 2007-12-09 13:13:12.12 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.246 [GMT 1:00]
Running from: C:\Documents and Settings\maison\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\maison\Bureau\CFscript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\1033v.exe
C:\WINDOWS\system32\aadcaad.dll
C:\WINDOWS\System32\drivers\miqvzwcl.dat
C:\WINDOWS\system32\M1000Rmv.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\aadcaad.dll
C:\WINDOWS\System32\drivers\miqvzwcl.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_NVRFHGRT
-------\nvrfhgrt
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))))))))
.
2007-12-07 22:24 . 2007-12-07 22:24 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-07 22:11 . 2007-12-07 22:11 <REP> d-------- C:\Program Files\Panda Security
2007-12-07 11:57 . 2007-12-07 11:57 <REP> d-------- C:\WINDOWS\report
2007-12-07 11:57 . 2007-12-07 11:56 39,917,509 --a------ C:\WINDOWS\LPT$VPN.869
2007-12-07 11:11 . 2007-12-07 11:33 <REP> d-------- C:\Program Files\a-squared Free
2007-12-07 01:22 . 2007-12-07 01:22 <REP> d--h----- C:\WINDOWS\PIF
2007-12-07 00:48 . 2007-12-07 00:48 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-06 18:30 . 2007-12-02 18:48 1,500 --a------ C:\WINDOWS\system32\Copie de tmp.reg
2007-12-06 17:39 . 2007-12-06 18:06 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2007-12-06 16:50 . 2007-12-07 20:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-06 16:14 . 2007-12-06 16:14 <REP> d-------- C:\Program Files\CCleaner
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Lavasoft
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-06 11:16 . 2007-12-06 11:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-02 23:07 . 2007-12-02 23:07 <REP> d-------- C:\VundoFix Backups
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Program Files\Avira
2007-12-02 21:15 . 2007-12-02 21:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-02 20:04 . 2007-12-02 20:04 <REP> d-------- C:\Documents and Settings\maison\Application Data\Grisoft
2007-12-02 20:04 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-02 20:01 . 2007-12-02 20:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-01 11:17 . 2007-12-01 11:17 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-11-30 14:40 . 2007-11-30 14:40 144 --ahs---- C:\WINDOWS\system32\1549314879.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-09 12:15 --------- d-----w C:\Program Files\Wanadoo
2007-12-07 21:24 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-12-07 21:24 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-12-07 13:44 --------- d-----w C:\Program Files\Shareaza
2007-12-07 10:56 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-12-07 10:56 69,689 ----a-w C:\WINDOWS\UNZIP.DLL
2007-12-07 10:56 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL
2007-12-07 10:56 286,720 ----a-w C:\WINDOWS\PATCH.EXE
2007-12-07 10:56 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-12-06 20:59 3,310 ----a-w C:\Documents and Settings\maison\Application Data\wklnhst.dat
2007-12-06 17:05 --------- d-----w C:\Program Files\Navilog1
2007-12-02 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-10-25 09:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-10-17 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-14 18:16 --------- d-----w C:\Program Files\Trend Micro
2007-10-14 17:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-12 17:07 --------- d-----w C:\Program Files\Fichiers communs\G DATA
2007-10-12 16:50 --------- d-----w C:\Documents and Settings\maison\Application Data\Lavasoft
.
((((((((((((((((((((((((((((( snapshot_2007-12-07_11.36.49,75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-11-09 19:05:12 86,094 ----a-w C:\WINDOWS\AU_Temp\2\4\BPMNT.dll
+ 2007-06-12 17:49:28 1,163,344 ----a-w C:\WINDOWS\AU_Temp\2\4\vsapi32.dll
+ 1999-07-23 09:53:20 129,536 ----a-w C:\WINDOWS\AuHCcup1.dll
- 2007-10-25 09:26:48 118,784 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-12-07 10:38:49 77,824 ----a-w C:\WINDOWS\BDOSCAN8\bdupd.dll
+ 2007-09-11 12:49:24 12,592 ----a-w C:\WINDOWS\Downloaded Program Files\LibComm.dll
+ 2007-09-11 12:49:28 38,280 ----a-w C:\WINDOWS\Downloaded Program Files\NanoInst.dll
+ 2007-09-11 12:49:30 43,824 ----a-w C:\WINDOWS\Downloaded Program Files\PSComm.dll
+ 2007-09-11 12:49:34 100,656 ----a-w C:\WINDOWS\Downloaded Program Files\PSNAdbrk.dll
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2002-10-15 13:29:40 77,824 ----a-w C:\WINDOWS\loadhttp.dll
+ 2001-12-14 12:34:46 164,864 ----a-w C:\WINDOWS\patchw32.dll
+ 2005-11-02 17:07:12 99,328 ----a-w C:\WINDOWS\runtsckl.exe
+ 2007-10-11 13:12:48 1,468,968 ------w C:\WINDOWS\system32\LegitCheckControl.dll
- 2005-10-12 23:15:25 15,072 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-10-08 13:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 15:33]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-03 21:16]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-02 11:25]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 16:07 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-07-13 03:37 C:\WINDOWS\RTHDCPL.EXE]
"EasyTuneV"="C:\Program Files\Gigabyte\ET5\GUI.exe" [2004-06-14 10:54]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoWindowsUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
UpdateWin REG_SZ C:\WINDOWS\System32\1033v.exe
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
S3 gdrv;gdrv;\??\C:\WINDOWS\gdrv.sys
S3 M1000Srv;M5603C USB2.0 Camera Driver;C:\WINDOWS\System32\Drivers\M1000KNT.sys
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-09 13:15:55
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\ET5\markfun.w32"
.
Completion time: 2007-12-09 13:16:33 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-07 22:51
C:\ComboFix3.txt ... 2007-12-07 22:34
.
--- E O F ---
Julien06
Messages postés
129
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
3 avril 2012
9 déc. 2007 à 13:43
9 déc. 2007 à 13:43
et le rapport hijackthis... je crois qu'il y a eu du changement ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:50, on 09/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:50, on 09/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\GUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02084dfa22d225efae05/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
9 déc. 2007 à 14:12
9 déc. 2007 à 14:12
slt,
bravo lyonnais92
g!rly et mOe
très beau boulot!
bravo lyonnais92
g!rly et mOe
très beau boulot!
Julien06
Messages postés
129
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
3 avril 2012
9 déc. 2007 à 14:14
9 déc. 2007 à 14:14
re merci a tous.
Comment je fais pour le pare feu windows?? dsl
Comment je fais pour le pare feu windows?? dsl
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
9 déc. 2007 à 14:24
9 déc. 2007 à 14:24
pour desactiver le parefeu de windows si tu as le sp1
http://www.sebsite.org/article.php3?id_article=92
http://www.sebsite.org/article.php3?id_article=92
Julien06
Messages postés
129
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
3 avril 2012
9 déc. 2007 à 14:40
9 déc. 2007 à 14:40
re,
ok j'ai choisi ZA et je l'ai installé et redemarrer mon PC...
Par curiosité je suis aller dans le panneau de config mais mon pare feu n'etait pas activé donc pas besoin de le desactiver..;-)
ok j'ai choisi ZA et je l'ai installé et redemarrer mon PC...
Par curiosité je suis aller dans le panneau de config mais mon pare feu n'etait pas activé donc pas besoin de le desactiver..;-)
Julien06
Messages postés
129
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
3 avril 2012
9 déc. 2007 à 14:49
9 déc. 2007 à 14:49
re, j'ai telechargé zeb-restore et arrivé au menu il m'ecrit l'info sur le menu du logiciel mais rien a coté des cases a cocher que dois je faire.
Ps : Je dois m'absenter pour 2 ou 3h alors si je rep pas c'est normal. Merci a plus.
Ps : Je dois m'absenter pour 2 ou 3h alors si je rep pas c'est normal. Merci a plus.
Julien06
Messages postés
129
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
3 avril 2012
9 déc. 2007 à 16:48
9 déc. 2007 à 16:48
re, oui c'est 3 colonnes de 5 cases et la case restaurer en bas au milieu.
Quand je passe avec la souris non rien ne s'inscrit.Il ya slt le menu.
j'ai coché les 3 cases et il ya ecrit les element ont bien eté restaures.
Merci
PS : Antivir a detecté ceci : Virus or unwanted program 'DR/Delphi.Gen [DR/Delphi.Gen]'
detected in file 'C:\System Volume Information\_restore{7057E3FF-F4E8-4421-856D-A22F39080A4B}\RP2\A0000139.exe.
Action performed: Delete file
Quand je passe avec la souris non rien ne s'inscrit.Il ya slt le menu.
j'ai coché les 3 cases et il ya ecrit les element ont bien eté restaures.
Merci
PS : Antivir a detecté ceci : Virus or unwanted program 'DR/Delphi.Gen [DR/Delphi.Gen]'
detected in file 'C:\System Volume Information\_restore{7057E3FF-F4E8-4421-856D-A22F39080A4B}\RP2\A0000139.exe.
Action performed: Delete file
Julien06
Messages postés
129
Date d'inscription
dimanche 2 décembre 2007
Statut
Membre
Dernière intervention
3 avril 2012
9 déc. 2007 à 22:37
9 déc. 2007 à 22:37
re, comment j'installe le SP2 ?