Virus trojan - Page 3

Précédent
  • 1
  • 2
  • 3
  1. chocolat41 Messages postés 97 Statut Membre 2
     
    Salut à tous
    Cà y est il y a un truc qui à l'air de fonctionner. Je me suis apperçu qu'il me manquait le prog explorer.exe alors que explorer.scf était présent dans windows. J'ai donc copié un explorer.exe dans C\windows et bling ça redémarre normalement avec la barre de tâche et les icônes. J'ai pu copier ce programme en utilisant le gestionnaire de tâche et en copiant le fichier de mon ordi valide! j'ai relancer un scan antivir qui a planté au bout d'un long moment mais qui durant sa période de scan n'a rien détecté! et notament le BSD/DELF.dbu.1
    La derniere opération que j'ai fait avant ça c'était le scan en ligne de bitdefender proposé par saiyen75. Je pense qu'en voulant réparer, le programme explorer.exe a dégagé!
    Voila je joint mon dernier hijack
    Merci de me dire si j'ai des choses à faire pour assurer!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:13:43, on 08/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\S3hotkey.exe
    C:\WINDOWS\system32\S3tray2.exe
    C:\WINDOWS\system32\netdde.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://portail.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [S3hotkey] S3hotkey.exe
    O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_SA8.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B616E72A-B45E-4E1B-84E0-8821D4D0B901}: NameServer = 192.168.3.1
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    0
  2. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Ton HijackThis est propre,
    Tu peux supprimer la Tooblar de Yahoo.
    Fait quand meme ce qu'a préconisé g!rly (le combofix).

    ++
    0
  3. chocolat41 Messages postés 97 Statut Membre 2
     
    encore merci pour ton aide
    pour supprimer la toolbar de yahoo je fixed les deux lignes?
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Non non,
    Tu passe par
    poste de travail
    ajout\suppression de programmes
    0
  6. chocolat41 Messages postés 97 Statut Membre 2
     
    merci encore
    voici le rapport combofix. La encore je ne comprend pas grand chose!

    ComboFix 08-02.05.3 - daniel 2008-02-08 16:14:33.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.157 [GMT 1:00]
    Endroit: C:\Documents and Settings\daniel\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-08 07:27 . 2007-06-13 14:22 1,037,312 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
    2008-02-08 07:27 . 2007-06-13 14:22 1,037,312 --a------ C:\WINDOWS\explorer.exe
    2008-02-04 05:58 . 2008-02-06 11:43 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-02-02 13:33 . 2008-02-02 13:33 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-02-01 05:17 . 2008-02-01 05:17 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
    2008-02-01 04:41 . 2008-02-01 04:41 <REP> d-------- C:\Program Files\Yahoo!
    2008-02-01 04:41 . 2008-02-01 04:42 <REP> d-------- C:\Program Files\CCleaner
    2008-02-01 04:36 . 2008-02-01 04:36 <REP> d-------- C:\Documents and Settings\daniel\Application Data\Grisoft
    2008-02-01 04:36 . 2008-02-01 04:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-01 04:36 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-01-31 20:28 . 2008-02-01 04:13 <REP> d-------- C:\Program Files\Navilog1
    2008-01-31 19:53 . 2008-01-31 19:53 <REP> d-------- C:\_OTMoveIt
    2008-01-28 19:48 . 2008-02-01 05:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
    2008-01-28 16:17 . 2008-01-28 16:18 <REP> d-------- C:\WINDOWS\ERUNT
    2008-01-28 15:26 . 2008-01-28 15:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
    2008-01-27 19:50 . 2005-03-15 12:04 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2008-01-27 19:50 . 2005-03-15 12:04 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-01-27 19:50 . 2005-03-15 11:24 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2008-01-27 19:50 . 2008-01-28 14:42 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-01-27 19:50 . 2005-03-15 12:04 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2008-01-27 19:50 . 2005-03-15 12:04 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-01-27 19:50 . 2008-02-06 16:01 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-08 05:37 --------- d-----w C:\Program Files\Google
    2008-02-07 06:01 2,260 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
    2008-02-06 22:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-31 17:01 --------- d-----w C:\Program Files\Trend Micro
    2008-01-02 19:53 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-28 16:42 --------- d-----w C:\Program Files\SolidWorks EE 2002-2003
    2007-12-16 17:53 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
    2007-12-08 18:31 --------- d-----w C:\Program Files\PhotoFiltre Studio
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:54 15360]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 20:33 68856]
    "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 13:44 196608]
    "EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 07:00 182272]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "S3hotkey"="S3hotkey.exe" [2001-09-13 05:27 40960 C:\WINDOWS\system32\S3hotkey.exe]
    "S3TRAY2"="S3tray2.exe" [2002-02-21 00:38 69632 C:\WINDOWS\system32\S3tray2.exe]
    "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 16:32 221184]
    "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 14:24 458752]
    "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 14:14 217088]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-31 06:26 249896]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:54 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2005-10-27 17:38:40 131584]
    Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-16 19:57:24 67128]
    Wireless Configuration Utility HW.51.lnk - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-14 18:53:38 454656]

    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2005-09-26 11:05]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2005-09-26 11:05]
    R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2003-07-11 12:22]
    R2 BBDemon;Backbone Service;C:\Program Files\Dassault Systemes\B13\intel_a\code\bin\CATSysDemon.exe [2003-11-15 10:39]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c85a7e1-b49a-11d9-bdbd-00a0ccdaa896}]
    \Shell\AutoRun\command - F:\setupSNK.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8b7dcf67-b625-11dc-80a1-0040f4e2f8c8}]
    \Shell\AutoRun\command - F:\ClickMe.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f2b070-bb25-11d9-bdbf-00a0ccdaa896}]
    \Shell\AutoRun\command - F:\setupSNK.exe

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-08 16:25:51
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-08 16:33:16
    .
    2008-02-02 04:18:10 --- E O F ---
    0
  7. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut a vous deux,

    rien de ce coté la...

    juste un truc -> messenger plus a t-il ou non ete installé avec le sponnsor?

    j´en doute, sinon tu aurais une multitude de publicitées de type cid...

    tu as resussit a régler le probleme apparament d´apres tes dire?

    Bonne soirée ;-)

    @+
    0
  8. Saiyen75 Messages postés 2699 Statut Membre 184
     
    Re,

    Comment se comporte ton pc en ce moment ?

    Télécharge ToolsCleaner de A.Roshtein sur ton Bureau.

    * http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

    * Clique sur Recherche et laisse le scan se terminer.
    * Clique, sur Suppression pour finaliser.
    * Tu peux, si tu le souhaites, te servir des Options facultatives.
    * Clique sur Quitter, pour que le rapport puisse se créer.
    * Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).

    ___________________________________________________________

    Relance un Scan Spybot en vérifiant bien les mise à jour.

    ++
    0
  9. chocolat41 Messages postés 97 Statut Membre 2
     
    Salut
    Le micro me semble assez lent mais tout à l'aire de fonctionner. Deux questions cependant:
    -1- J'ai vu dans le rapport scan d'antivirqu'un fichier n'a pas pu etre ouvert! ce n'est pas grave? je te joins le rapport.
    -2- dans l'onglet quarantaine d'antivir il y a tout un tas de fichiers. Je dois les laisser comme ça?
    Voici les deux rapport : Antivir et Tcleaner

    Encore merci et je fais le scan spybot

    AntiVir PersonalEdition Classic
    Report file date: vendredi 8 février 2008 20:09

    Scanning for 1094800 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: daniel
    Computer name: PORTABLE

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:36:36
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 11:29:02
    ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 13:48:58
    ANTIVIR3.VDF : 7.0.2.101 336896 Bytes 06/02/2008 19:00:50
    AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 02/02/2008 04:15:50
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 28/01/2008 16:04:40
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 13:29:28
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Local Hard Disks
    Configuration file...............: c:\program files\antivir personaledition classic\alldiscs.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: E:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 8 février 2008 20:09

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'slserv.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
    Scan process 'CATSysDemon.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'eEBSvc.exe' - '1' Module(s) have been scanned
    Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
    Scan process 'netdde.exe' - '1' Module(s) have been scanned
    Scan process 'WlanCU.exe' - '1' Module(s) have been scanned
    Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
    Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
    Scan process 'S3tray2.exe' - '1' Module(s) have been scanned
    Scan process 'S3hotkey.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    39 processes with 39 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!
    Boot sector 'E:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '33' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\'
    Begin scan in 'E:\' <FlashDisk>

    End of the scan: vendredi 8 février 2008 22:22
    Used time: 2:13:06 min

    The scan has been done completely.

    8834 Scanning directories
    393771 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    393771 Files not concerned
    2638 Archives were scanned
    1 Warnings
    0 Notes

    **********************************************************************************************************

    TCLEANER

    -->- Recherche:

    C:\Qoobox: trouvé !
    C:\_OtMoveIt: trouvé !
    C:\Documents and Settings\Administrateur\Bureau\SdFix.exe: trouvé !
    C:\Documents and Settings\Administrateur\Recent\HijackThis.lnk: trouvé !
    C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
    C:\Documents and Settings\daniel\Bureau\HijackThis.lnk: trouvé !
    C:\Documents and Settings\daniel\Bureau\ComboFix.exe: trouvé !
    C:\hijack\HijackThis.exe: trouvé !
    C:\Program Files\Navilog1: trouvé !
    C:\Program Files\Navilog1\Navilog1.bat: trouvé !
    C:\Program Files\Trend Micro\HijackThis: trouvé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
    C:\QooBox\Quarantine\C\Combofix: trouvé !

    ---------------------------------
    -->- Suppression:

    C:\Documents and Settings\Administrateur\Bureau\SdFix.exe: supprimé !
    C:\Documents and Settings\Administrateur\Recent\HijackThis.lnk: supprimé !
    C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
    C:\Documents and Settings\daniel\Bureau\HijackThis.lnk: supprimé !
    C:\Documents and Settings\daniel\Bureau\ComboFix.exe: supprimé !
    C:\hijack\HijackThis.exe: supprimé !
    C:\Program Files\Navilog1\Navilog1.bat: supprimé !
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
    C:\Qoobox: supprimé !
    C:\_OtMoveIt: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
    C:\Program Files\Navilog1: supprimé !
    C:\Program Files\Trend Micro\HijackThis: supprimé !

    Corbeille vidée!
    Fichiers temporaires nettoyés !
    0
  10. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    supprime tous les fichiers qui sont dans la quarantaine d´antivir.

    non ce n´est pas grave pour le fichier qui n´as pas pu etre ouvert.

    As tu fais une defragmentation ressament?

    il serait bien d én faire une.

    @+
    0
Précédent
  • 1
  • 2
  • 3