Sujet Précédent Sujet Suivant

Virus data base

Résolu/Fermé
NINIDUWEB Messages postés 412 Date d'inscription vendredi 1 décembre 2006 Statut Membre Dernière intervention 3 juin 2018 - 28 nov. 2007 à 07:50
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 7 déc. 2007 à 15:55
Bonjour,

Quelqu'un peut t-il m'aider svp car mon pc rame et j'ai trouvéun virus data base mais je ne sais ? je vous joint un scan
--Logfile of HijackThis v1.99.1
Scan saved at 07:43:12, on 28/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Fichiers communs\PasenDommagement\mc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Install5G] E:\Install.exe 0
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe"
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\PasenDommagement\mc.exe" dm=http://pasendommagement.com; ad=http://pasendommagement.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PasenDommagement] C:\Program Files\PasenDommagement\GDC.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/MAINE%20Nicole/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Merci de votre aide à tous

NINI

31 réponses

  • 1
  • 2
Réponse 1 / 31
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
28 nov. 2007 à 07:59
salut nini

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
0
Réponse 2 / 31
NINIDUWEB Messages postés 412 Date d'inscription vendredi 1 décembre 2006 Statut Membre Dernière intervention 3 juin 2018 3
28 nov. 2007 à 21:13
--ComboFix 07-11-19.4C - MAINE Nicole 2007-11-28 21:00:45.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.161 [GMT 1:00]
Running from: C:\DOCUME~1\MAINEN~1\Bureau\combofix.exe
* Created a new restore point
.
[i] ADS - svchost.exe: deleted 228 bytes in 1 streams. [/i]

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\salesmonitor

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NWSAPAGENT
-------\nm
-------\NwSapAgent


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-28 ))))))))))))))))))))))))))))))))))))
.

2007-11-24 23:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 23:04 <REP> d-------- C:\Program Files\AIM6
2007-11-20 19:22 <REP> d-------- C:\Program Files\D‚penses
2007-11-19 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-16 11:34 <REP> d-------- C:\Documents and Settings\ARNOULD ASSEMAT\Application Data\Pegasys Inc
2007-11-14 11:10 <REP> d-------- C:\Documents and Settings\ARNOULD ASSEMAT\Application Data\eBay
2007-11-14 07:42 <REP> d-------- C:\Program Files\GamesBar
2007-11-14 07:42 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2007-11-14 07:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GamesBar
2007-11-14 06:23 <REP> d-------- C:\Documents and Settings\MAINE Nicole\Application Data\PasenDommagement
2007-11-14 06:18 <REP> d-------- C:\Program Files\Fichiers communs\PasenDommagement
2007-11-10 19:13 <REP> d-------- C:\Program Files\VirusGarde
2007-11-10 19:13 <REP> d-------- C:\Program Files\Fichiers communs\VirusGarde
2007-11-07 12:16 <REP> d-------- C:\Documents and Settings\MAINE Jacques\Application Data\eBay
2007-11-02 18:12 <REP> d-------- C:\Documents and Settings\MAINE Nicole\Application Data\eBay
2007-11-02 18:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\eBay
2007-10-31 13:07 <REP> d-------- C:\Program Files\IncrediMail

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-28 20:08 --------- d-----w C:\Program Files\Wanadoo
2007-11-28 17:44 --------- d-----w C:\Program Files\eMule
2007-11-28 06:42 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-11-27 17:02 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\dvdcss
2007-11-27 05:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-11-24 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-24 07:49 --------- d-----w C:\Program Files\Dépenses
2007-11-22 19:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-21 08:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 14:10 59,704 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\GDIPFONTCACHEV1.DAT
2007-11-03 21:20 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\Vso
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-24 09:45 --------- d-----w C:\Documents and Settings\MAINE Jacques\Application Data\dvdcss
2007-10-24 09:41 --------- d-----w C:\Documents and Settings\MAINE Jacques\Application Data\vlc
2007-10-21 10:31 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-10-21 10:31 --------- d-----w C:\Program Files\Ahead
2007-10-20 20:17 --------- d-----w C:\Program Files\palmOne
2007-10-20 20:17 --------- d-----w C:\Program Files\Navilog1
2007-10-14 17:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-13 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-08 15:29 --------- d-----w C:\Program Files\BoontyGames
2007-10-08 13:21 --------- d-----w C:\Program Files\eBay
2007-10-05 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-10-05 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2007-10-05 07:18 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2007-10-05 07:16 --------- d-----w C:\Program Files\Boonty
2007-05-18 17:26 81,920 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\ezpinst.exe
2007-05-18 17:26 47,360 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\pcouffin.sys
2006-09-22 17:24 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-05-24 19:35 2,657,568 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-24 19:35 20,000 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
2007-06-19 16:09 380928 --a------ C:\Program Files\GamesBar\oberontb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6F282B65-56BF-4BD1-A8B2-A4449A05863D}"= C:\Program Files\GamesBar\oberontb.dll [2007-06-19 16:09 380928]

[HKEY_CLASSES_ROOT\clsid\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}]
[HKEY_CLASSES_ROOT\Oberontb.Band.1]
[HKEY_CLASSES_ROOT\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}]
[HKEY_CLASSES_ROOT\Oberontb.Band]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2007-06-20 19:27]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 12:02]
"PasenDommagement"="C:\Program Files\PasenDommagement\GDC.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 14:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-06-25 15:20]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 11:28]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 05:53]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"HPHmon06"="C:\WINDOWS\System32\hphmon06.exe" [2004-06-07 05:43]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-08 06:41]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-08 06:36]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"Install5G"="E:\Install.exe" []
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2007-06-20 19:27]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-11-02 16:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"NI.UGA6PV_0001_N122M2910"="C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digimax Viewer 2.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digimax Viewer 2.0.lnk
backup=C:\WINDOWS\pss\Digimax Viewer 2.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe"
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
S3 ASIOMI;ASIOMI;\??\C:\WINDOWS\system32\drivers\ASIOMI.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 ids00026;ids00026;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys
S3 ids00118;ids00118;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys
S3 ids0014f;ids0014f;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys
S3 ids0015d;ids0015d;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys
S3 ids00180;ids00180;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-28 17:18:00 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
"2007-11-23 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2006-09-07 07:37:11 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-28 21:07:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-28 21:09:45 - machine was rebooted
.
--- E O F ---
Bonsoir Voici le scan merci

NINI
0
Réponse 3 / 31
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
29 nov. 2007 à 10:03
salut nini,

on continu :

Téléchargez ceci (de gchris) : http://komun.chez-alice.fr/Repertoire/Utilitaires.Desinfection.html
Dézippez-le sur votre bureau (clic droit -> extraire tout).
Vérifiez que vous êtes bien connecté à internet.
Dans le dossier créé, double-cliquez sur le fichier "Ad-Fix.bat" ou "Ad-fix"
Choisissez l'option 1.
Si vous avez un message de votre pare-feu qui vous demande si vous voulez autoriser le fichier URL2FILE.EXE à
se connecter à Internet, Autorisez, c'est nécessaire à ad-fix pour vérifier la version.
Quand c'est finit (cela peut prendre plusieurs minutes), un rapport s'ouvre avec le bloc-notes.
Merci de faire un copier/coller ici du contenu du rapport (Ad-Fix.txt)

@+
0
Réponse 4 / 31
niniduweb
30 nov. 2007 à 11:55
Bonjour,

j'ai téléchargé comme dit mais il y a un petit souci voici ce qu'il me marque
avez vous une idée ? J'ai téléchargé de nouveau mais pareil
Merci @

md5sum.exe Manquant ! -- Téléchargez de nouveau Ad-Fix.zip
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 31
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
30 nov. 2007 à 13:11
salut nini:

post un nouveau hijack this stp

@+
0
Réponse 6 / 31
NINIDUWEB Messages postés 412 Date d'inscription vendredi 1 décembre 2006 Statut Membre Dernière intervention 3 juin 2018 3
3 déc. 2007 à 20:11
Logfile of HijackThis v1.99.1
Scan saved at 20:09:34, on 03/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Install5G] E:\Install.exe 0
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PasenDommagement] C:\Program Files\PasenDommagement\GDC.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/MAINE%20Nicole/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Bonsoir, j'ai un peu de retard merci de ton aide
0
Réponse 7 / 31
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
3 déc. 2007 à 21:20
salut nini

Copie le texte ci-dessous :

File::
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\PasenDommagement\GDC.exe
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

Folder::
C:\Program Files\GamesBar
C:\Program Files\PasenDommagement
C:\Program Files\Fichiers communs\BOONTY Shared


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6F282B65-56BF-4BD1-A8B2-A4449A05863D}"=-
[-HKEY_CLASSES_ROOT\clsid\{6f282b65-56bf-4bd1-a8b2-a4449a05863d}]
[-HKEY_CLASSES_ROOT\Oberontb.Band.1]
[-HKEY_CLASSES_ROOT\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}]
[-HKEY_CLASSES_ROOT\Oberontb.Band]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PasenDommagement"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.


puis coche et fix ceci avec hijacjk this

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

comment fixer :

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm


puis cilick sur demarrer et execute > dans la case de dialogue tape ceci >services.msc puis valid par ok
dans la fenetre des services arrete ce service si il ne l´est deja :

Boonty Games - BOONTY

puis fais analyser ces deux fichiers :

C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe"
E:\Install.exe

sur ce site :

http://virusscan.jotti.org/de/

et post les rapports ici

@+
0
Réponse 8 / 31
NINIDUWEB Messages postés 412 Date d'inscription vendredi 1 décembre 2006 Statut Membre Dernière intervention 3 juin 2018 3
4 déc. 2007 à 21:00
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

ogfile of HijackThis v1.99.1
Scan saved at 20:58:32, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [Install5G] E:\Install.exe 0
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PasenDommagement] C:\Program Files\PasenDommagement\GDC.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/MAINE%20Nicole/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.ex

Bonsoir j'ai fait comme tu ma dit j'espère n'avoir rien oublié merci encore pour ton aide
NINI
0
Réponse 9 / 31
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
4 déc. 2007 à 21:04
salut nin

peux envoyer le combofix.txt2 stp
0
Réponse 10 / 31
NINIDUWEB Messages postés 412 Date d'inscription vendredi 1 décembre 2006 Statut Membre Dernière intervention 3 juin 2018 3
5 déc. 2007 à 07:17
ComboFix 07-11-19.4C - MAINE Nicole 2007-12-04 19:55:54.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.153 [GMT 1:00]
Running from: C:\Documents and Settings\MAINE Nicole\Bureau\combofix.exe
Command switches used :: C:\Documents and Settings\MAINE Nicole\Bureau\CFScript.txt..txt
* Created a new restore point

FILE
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\PasenDommagement\GDC.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\GamesBar
C:\Program Files\GamesBar\Localization-French.ini
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\GamesBar\OBGet.exe
C:\Program Files\GamesBar\uninst.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))))))))
.

2007-11-24 23:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 23:04 <REP> d-------- C:\Program Files\AIM6
2007-11-20 19:22 <REP> d-------- C:\Program Files\D‚penses
2007-11-19 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-16 11:34 <REP> d-------- C:\Documents and Settings\ARNOULD ASSEMAT\Application Data\Pegasys Inc
2007-11-14 11:10 <REP> d-------- C:\Documents and Settings\ARNOULD ASSEMAT\Application Data\eBay
2007-11-14 07:42 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2007-11-14 07:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GamesBar
2007-11-14 06:23 <REP> d-------- C:\Documents and Settings\MAINE Nicole\Application Data\PasenDommagement
2007-11-14 06:18 <REP> d-------- C:\Program Files\Fichiers communs\PasenDommagement
2007-11-10 19:13 <REP> d-------- C:\Program Files\VirusGarde
2007-11-10 19:13 <REP> d-------- C:\Program Files\Fichiers communs\VirusGarde
2007-11-07 12:16 <REP> d-------- C:\Documents and Settings\MAINE Jacques\Application Data\eBay

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 19:02 --------- d-----w C:\Program Files\Wanadoo
2007-12-04 17:20 --------- d-----w C:\Program Files\BarreConfCMCIC
2007-12-04 14:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-04 12:18 --------- d-----w C:\Program Files\eMule
2007-12-03 19:09 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-12-03 18:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-12-01 18:30 --------- d-----w C:\Program Files\Navilog1
2007-11-27 17:02 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\dvdcss
2007-11-24 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-24 07:49 --------- d-----w C:\Program Files\Dépenses
2007-11-21 08:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 14:10 59,704 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\GDIPFONTCACHEV1.DAT
2007-11-03 21:20 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\Vso
2007-11-02 17:12 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\eBay
2007-11-02 17:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\eBay
2007-10-31 12:07 --------- d-----w C:\Program Files\IncrediMail
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-24 09:45 --------- d-----w C:\Documents and Settings\MAINE Jacques\Application Data\dvdcss
2007-10-24 09:41 --------- d-----w C:\Documents and Settings\MAINE Jacques\Application Data\vlc
2007-10-21 10:31 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-10-21 10:31 --------- d-----w C:\Program Files\Ahead
2007-10-20 20:17 --------- d-----w C:\Program Files\palmOne
2007-10-14 17:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-13 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-08 15:29 --------- d-----w C:\Program Files\BoontyGames
2007-10-08 13:21 --------- d-----w C:\Program Files\eBay
2007-10-05 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-10-05 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2007-10-05 07:18 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2007-10-05 07:16 --------- d-----w C:\Program Files\Boonty
2007-05-18 17:26 81,920 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\ezpinst.exe
2007-05-18 17:26 47,360 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\pcouffin.sys
2006-09-22 17:24 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-05-24 19:35 2,657,568 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-24 19:35 20,000 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((( snapshot@2007-11-28_21.08.46.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-04 19:01:48 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6f8.dat
+ 2007-12-04 19:02:28 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_c64.dat
- 1999-12-17 08:13:04 86,016 ----a-w C:\WINDOWS\unvise32.exe
+ 1999-12-17 09:13:04 86,016 ----a-w C:\WINDOWS\unvise32.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2007-06-20 19:27]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 12:02]
"PasenDommagement"="C:\Program Files\PasenDommagement\GDC.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 14:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-06-25 15:20]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 11:28]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 05:53]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"HPHmon06"="C:\WINDOWS\System32\hphmon06.exe" [2004-06-07 05:43]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-08 06:41]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-08 06:36]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"Install5G"="E:\Install.exe" []
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2007-06-20 19:27]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-11-02 16:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"NI.UGA6PV_0001_N122M2910"="C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digimax Viewer 2.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digimax Viewer 2.0.lnk
backup=C:\WINDOWS\pss\Digimax Viewer 2.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe"
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
S3 ASIOMI;ASIOMI;\??\C:\WINDOWS\system32\drivers\ASIOMI.sys
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"
S3 ids00026;ids00026;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys
S3 ids00118;ids00118;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys
S3 ids0014f;ids0014f;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys
S3 ids0015d;ids0015d;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys
S3 ids00180;ids00180;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-04 17:18:01 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
"2007-11-30 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2006-09-07 07:37:11 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 20:02:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-04 20:04:55 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-28 21:09
.
--- E O F ---
Bonjour Je suis matinale voici le rapport Merci @+ et bonne Journée
0
Réponse 11 / 31
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 déc. 2007 à 13:15
bonjour nini,

a l´aide de hijack this coche et fix les lignes ci dessous :

O4 - HKLM\..\Run: [Install5G] E:\Install.exe 0
O4 - HKLM\..\Run: [NI.UGA6PV_0001_N122M2910] "C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe"
O4 - HKCU\..\Run: [PasenDommagement] C:\Program Files\PasenDommagement\GDC.exe
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\WINDOWS\System32\shdocvw.dll
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

comment fixer :

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

click sur demarrer > execute > dans la boite de dialogue tape ceci > services.msc e t valide par ok
dans la fenetre des services arrete ce service :
France Telecom Routing Table Service (FTRTSVC)

par le panneau de configuration>ajout et suppression de programme supprime ce programme : PasenDommagement

on est bien d´accord tu utilise canal play?

puis

Copie le texte ci-dessous :

File::
C:\WINDOWS\System32\shdocvw.dll
C:\Documents and Settings\MAINE Nicole\Bureau\install_fr.exe
E:\Install.exe
C:\WINDOWS\System32\FTRTSVC.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Install5G"=-
"NI.UGA6PV_0001_N122M2910"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt3 accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
Réponse 12 / 31
NINIDUWEB Messages postés 412 Date d'inscription vendredi 1 décembre 2006 Statut Membre Dernière intervention 3 juin 2018 3
5 déc. 2007 à 17:28
--Logfile of HijackThis v1.99.1
Scan saved at 17:25:01, on 05/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Multi Media France Toolbar - {7009fcd4-05be-44f4-9583-93fe419ab7b0} - C:\Program Files\Multi_Media_France\tbMul1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] "C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.virustraq.com/img/scan_virus/webscan.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner371420.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.servicesalacarte.orange.fr/activex/zylomgamesplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs-beta.jeu.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - file:///C:/Documents%20and%20Settings/MAINE%20Nicole/Local%20Settings/Application%20Data/Oberon%20Media/Oberon%20Games%20Host/popcaploader_v6.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (file missing)
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

ComboFix 07-12-02.6 - MAINE Nicole 2007-12-05 17:17:29.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.113 [GMT 1:00]
Running from: C:\Documents and Settings\MAINE Nicole\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-05 to 2007-12-05 ))))))))))))))))))))))))))))))))))))
.

2007-11-24 23:06 . 2007-11-24 23:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-11-24 23:04 . 2007-11-24 23:05 <REP> d-------- C:\Program Files\AIM6
2007-11-24 23:02 . 2007-11-24 23:05 986 --ah----- C:\IPH.PH
2007-11-20 19:22 . 2007-11-24 08:49 <REP> d-------- C:\Program Files\Dépenses
2007-11-19 17:37 . 2007-11-19 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-16 11:34 . 2007-11-16 11:34 <REP> d-------- C:\Documents and Settings\ARNOULD ASSEMAT\Application Data\Pegasys Inc
2007-11-16 11:09 . 2007-11-16 11:09 <REP> d-------- C:\Documents and Settings\MAINE Séverine\Application Data\eBay
2007-11-14 12:47 . 2007-11-14 12:47 1,393 --a------ C:\WINDOWS\imsins.BAK
2007-11-14 11:10 . 2007-11-14 11:10 <REP> d-------- C:\Documents and Settings\ARNOULD ASSEMAT\Application Data\eBay
2007-11-14 07:42 . 2007-11-14 07:42 <REP> d-------- C:\Program Files\Fichiers communs\Oberon Media
2007-11-14 07:42 . 2007-12-04 18:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\GamesBar
2007-11-14 06:23 . 2007-11-14 06:23 <REP> d-------- C:\Documents and Settings\MAINE Nicole\Application Data\PasenDommagement
2007-11-10 19:13 . 2007-11-10 19:19 <REP> d-------- C:\Program Files\VirusGarde
2007-11-10 19:13 . 2007-11-10 19:19 <REP> d-------- C:\Program Files\Fichiers communs\VirusGarde
2007-11-08 19:36 . 2007-11-08 19:36 <REP> d--hs---- C:\WINDOWS\ftpcache
2007-11-07 12:16 . 2007-11-07 12:16 <REP> d-------- C:\Documents and Settings\MAINE Jacques\Application Data\eBay

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 16:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2007-12-05 15:29 --------- d-----w C:\Program Files\Hijackthis Version Française
2007-12-05 15:08 --------- d-----w C:\Program Files\Wanadoo
2007-12-05 08:51 --------- d-----w C:\Program Files\eMule
2007-12-04 19:40 --------- d-----w C:\Program Files\Navilog1
2007-12-04 17:20 --------- d-----w C:\Program Files\BarreConfCMCIC
2007-12-04 14:47 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-27 17:02 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\dvdcss
2007-11-24 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2007-11-21 08:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-14 05:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 14:10 59,704 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\GDIPFONTCACHEV1.DAT
2007-11-03 21:20 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\Vso
2007-11-02 17:12 --------- d-----w C:\Documents and Settings\MAINE Nicole\Application Data\eBay
2007-11-02 17:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\eBay
2007-10-31 12:07 --------- d-----w C:\Program Files\IncrediMail
2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-10-25 17:05 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-10-25 16:14 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-10-24 09:45 --------- d-----w C:\Documents and Settings\MAINE Jacques\Application Data\dvdcss
2007-10-24 09:41 --------- d-----w C:\Documents and Settings\MAINE Jacques\Application Data\vlc
2007-10-21 10:31 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2007-10-21 10:31 --------- d-----w C:\Program Files\Ahead
2007-10-20 20:17 --------- d-----w C:\Program Files\palmOne
2007-10-14 17:39 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-10-13 05:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-10-08 15:29 --------- d-----w C:\Program Files\BoontyGames
2007-10-08 13:21 --------- d-----w C:\Program Files\eBay
2007-10-05 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2007-10-05 07:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\BOONTY
2007-10-05 07:18 --------- d-----w C:\Program Files\Fichiers communs\BOONTY Shared
2007-10-05 07:16 --------- d-----w C:\Program Files\Boonty
2007-05-24 19:38 46,722 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_05_24_21_33_50_small.dmp.zip
2007-05-24 19:32 46,137 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_05_24_21_30_27_small.dmp.zip
2007-05-24 09:50 46,323 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2007_05_24_11_03_42_small.dmp.zip
2007-05-24 08:51 70,197 ----a-w C:\WINDOWS\Internet Logs\UpdClient_2nd_2007_05_23_20_50_57_small.dmp.zip
2007-05-24 08:51 69,569 ----a-w C:\WINDOWS\Internet Logs\UpdClient_2nd_2007_05_23_20_45_48_small.dmp.zip
2007-05-18 17:26 81,920 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\ezpinst.exe
2007-05-18 17:26 47,360 ----a-w C:\Documents and Settings\MAINE Nicole\Application Data\pcouffin.sys
2006-09-22 17:24 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-05-24 19:35 2,657,568 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-05-24 19:35 20,000 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50]
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2007-06-20 19:27]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2007-10-09 12:02]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 14:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-10-28 20:10]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-06-25 15:20]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 11:28]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 05:53]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 12:38]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 14:18]
"HPHmon06"="C:\WINDOWS\System32\hphmon06.exe" [2004-06-07 05:43]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-09-08 06:41]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:31]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-09-08 06:36]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55]
"CanalPlayer"="C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe" [2007-06-20 19:27]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2007-11-02 16:22]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digimax Viewer 2.0.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digimax Viewer 2.0.lnk
backup=C:\WINDOWS\pss\Digimax Viewer 2.0.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys
R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys
S3 ASIOMI;ASIOMI;\??\C:\WINDOWS\system32\drivers\ASIOMI.sys
S3 ids00026;ids00026;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys
S3 ids00118;ids00118;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00118.sys
S3 ids0014f;ids0014f;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0014f.sys
S3 ids0015d;ids0015d;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids0015d.sys
S3 ids00180;ids00180;\??\C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00180.sys
S3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe"
S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe"

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-05 13:18:01 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
"2007-11-30 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
"2006-09-07 07:37:11 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-05 17:21:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-05 17:23:14
C:\ComboFix2.txt ... 2007-12-05 17:12
C:\ComboFix3.txt ... 2007-12-04 20:04
.
--- E O F ---

Bonsoir on ne se quitte plus voici les rapports, j'espère que cela suffira à trouver le virus data Merci encore
@+




NINI
0
Réponse 13 / 31
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 déc. 2007 à 17:52
re,

tu m´as pas dis si tu utilisais canal play?

@+
0
Réponse 14 / 31
NINIDUWEB Messages postés 412 Date d'inscription vendredi 1 décembre 2006 Statut Membre Dernière intervention 3 juin 2018 3
5 déc. 2007 à 19:51
Re
Oui de temps en temps canlal paly appartient à canla plus
--@+

NINI
0
Réponse 15 / 31
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 déc. 2007 à 20:05
bon tres bien,

regarde ceci concernant avast :

Antivir vs Avast :

->http://forum.malekal.com/ftopic3528.php

alors desinstal avast et instal antivir :

Désinstalleur Avast:
https://www.avast.com/fr-fr/uninstall-utility

Telecharge et instal l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner...

puis redemarre en mode sans echec et effectue un scan complet de ta machine

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

une fois antivir ouvert click sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

post le rapport d´antivir dans ta prochaine réponse

@+
0
Réponse 16 / 31
NINIDUWEB Messages postés 412 Date d'inscription vendredi 1 décembre 2006 Statut Membre Dernière intervention 3 juin 2018 3
5 déc. 2007 à 21:47
--

AntiVir PersonalEdition Classic
Report file date: mercredi 5 décembre 2007 20:58

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: SN402464340003

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 5 décembre 2007 20:58

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'IncMail.exe' - '1' Module(s) have been scanned
Scan process 'WOOBrowser.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'ImApp.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'eBayTBDaemon.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'hphmon06.exe' - '1' Module(s) have been scanned
Scan process 'AOSD.EXE' - '1' Module(s) have been scanned
Scan process 'hpcmpmgr.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb11.exe' - '1' Module(s) have been scanned
Scan process 'ABOARD.EXE' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0083
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '64' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: mercredi 5 décembre 2007 21:42
Used time: 43:37 min

The scan has been done completely.

6603 Scanning directories
306415 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
306415 Files not concerned
7055 Archives were scanned
2 Warnings
7 Notes

Voici le rapport Merci et bonne nuit

NINI
0
Réponse 17 / 31
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 déc. 2007 à 21:49
re,

tu as encore des soucis?
0
Réponse 18 / 31
NINIDUWEB Messages postés 412 Date d'inscription vendredi 1 décembre 2006 Statut Membre Dernière intervention 3 juin 2018 3
5 déc. 2007 à 21:54
--C'est lr rapport du nouveau AntVir Personal que tu m'a demandé de faire pour savoir si tout est ok maintenant
Merci
NINI
0
Réponse 19 / 31
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
5 déc. 2007 à 22:02
oui je voie, comment va ton pc maintenant?
0
Réponse 20 / 31
NINIDUWEB Messages postés 412 Date d'inscription vendredi 1 décembre 2006 Statut Membre Dernière intervention 3 juin 2018 3
5 déc. 2007 à 22:10
--Pour l'instant ça va j'espère que le virus data est bien parti merci encore de votre aide
Quand même dans le rapport j'ai vu qu'il y avait 2 avertissements ? avez vous une idée

NINI
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Qu'est ce que le disque Data (D:)?
dededu4733 -
Acxion -

2 réponses
mon téléphone ne reconnait plus sa base
TELEPHONaz -
baladur13 -

7 réponses
Verifying DMI Pool Data...
yvon -
Xninof -

110 réponses
Exemple de base de données access
Abdlahsaki -
Fleptche -

9 réponses