Help lyonnais92 !!!!!!! s'il te plait !!!!!

Résolu
valy61 Messages postés 360 Statut Membre -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,
bon je texplique ce qu'il se passe !!!!!
lorsque je mets n'importe quel programme en route mon pc s'éteint tout seul !! (analyse avg, scan antivirus etc impossible !!!!!! au bout de quelques minutes il s'éteint !!)
peux-tu regarder mon rapport pour me dire s'il te plait !!
merci à toi !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:24:33, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\vVX3000.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://portail.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://bibounemonninibiboune.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe

--
End of file - 8964 bytes
Configuration: Windows XP
Internet Explorer 7.0

28 réponses

  • 1
  • 2
  1. kabla
     
    bonjour est ce que ton pc démare normalement ?
    pouvez vous me donnée plus de détail sur l'état de ton pc est ce que il redémare tout seul ?
    0
  2. valy61 Messages postés 360 Statut Membre 6
     
    bonjour !!!
    non je suis obligée de le rallumer a chaque fois !!!!!
    donc en fait , des que je mets un programme en route style analyse avg et autres il s'éteint au bout de quelques minutes !!!!
    est-il infecté par ce qu'on me dit sur un autre post de fire des manipulations mais je voudrais d'abord savoir sil y a un problème !!!
    merci !!!!
    le matin il s'allume normalement !!
    0
  3. kabla
     
    bonjour,
    votre pc est infecteé essayer de redemaré en mode sans echec est d'analyser votre pc
    si ça marche pas
    Tu fais Démarrer=>Panneau de configuration=>Système=>Clique sur l' anglet "Avancé"=> Dans la case Démarrage et récupération clique sur "Paramètres" et dans la case Défaillance du système décoche la case "Redémarrer automatiquement"

    A voir également la température de ton processeur +C-M avec l' aide de =>Everest
    @+
    0
  4. valy61 Messages postés 360 Statut Membre 6
     
    ok merci !!!!! regarde dans un autre post j'ai fais un SDFix et j'ai remi un rapport nouveau d'hijackthis !! peux-tu me dire si tout est ok maintenant ???
    faut-il que je fass una analyse avec scan antivirus , avg et les autres en mode sans echec ,??
    merci à toi !!
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. valy61 Messages postés 360 Statut Membre 6
     
    je colle le rapport SDFix et le nouveau d'hijackthis !!!!
    merci à ceux qui pourront m'aider !!!!

    SDFix: Version 1.137

    Run by valerie on 07/02/2008 at 14:38

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found

    Removing Temp Files...

    ADS Check:

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-07 14:49:56
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 1

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
    "C:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"="C:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\WINDOWS\\System32\\mcoinstall.exe"="C:\\WINDOWS\\System32\\mcoinstall.exe:*:Enabled:mcoinstall"
    "E:\\Fr_main\\tools\\CTD_FirmwareUpgrader.exe"="E:\\Fr_main\\tools\\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
    "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
    "C:\\Program Files\\Kerio\\Personal Firewall\\persfw.exe"="C:\\Program Files\\Kerio\\Personal Firewall\\persfw.exe:*:Enabled:Firewall Engine"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files:
    ---------------

    Files with Hidden Attributes:

    Wed 2 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
    Wed 2 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
    Wed 2 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
    Wed 2 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
    Wed 2 Nov 2005 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
    Wed 13 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Fri 19 Oct 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

    Finished!

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:58:27, on 07/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Kerio\Personal Firewall\persfw.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\vVX3000.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://portail.free.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://bibounemonninibiboune.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
    0
  7. valy61 Messages postés 360 Statut Membre 6
     
    il n'y a personne pour me renseigner sur ces 2 rapports ????
    snif snif !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    que dois-je faire maintenant ??? mon pc est-il infecté ???
    merci à vous tous !!!!!!!!!
    0
  8. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    rien dans le rapport hijackthis

    - Télécharge DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
    - Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
    - Un nouveau dossier chercher va être créé DiagHelp
    - Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    - Une fenêtre va s'ouvrir, choisis l'option 1
    - L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.

    ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !

    - A la fin de l'analyse, il peut-être (pas obligatoire) demandé de redemanderl'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
    - Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
    -- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
    -- A nouveau menu Edition / copier
    -- Dans un nouveau message ici, faire un clic droit / coller
    0
  9. valy61 Messages postés 360 Statut Membre 6
     
    bonjour lyonnais92 !!!! je vais suivre tes precieux conseils car il y a des fois je me demande si les conseils que l'on me donne sont bons !!!
    pour info j'ai enlevé avast et mis antivir suite au post de melekal que j'ai lu !!!
    merci merci beaucoup à toi !!!! donc je fais tout ça et je te tiens au courant
    0
  10. valy61 Messages postés 360 Statut Membre 6
     
    bon lyonnais92 !! je t'explique !! j'ai donc fait ce que tu m'as demandé !!!! la 1ère analyse s'est très bien déroulée je te post le rapport !!! par contre lors de la 2è partie antivir mùa signalé un virus j'ai fait delete et ensuite mon pc s'est éteint !!!!!!!!!!!!!!!!!!!!!!!!! je dois recommencer en mode sans échec ou pas ?
    merci à toi !!!!!!!!!!

    DiagHelp version v1.4 - http://www.malekal.com
    excute le 07/02/2008 à 21:12:23,29

    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\RUNDLL32.EXE-3C500167.pf -->06/11/2008 10:45:33
    C:\WINDOWS\prefetch\ASHDISP.EXE-204B2541.pf -->06/11/2008 10:33:33
    C:\WINDOWS\prefetch\READER_SL.EXE-02E193BD.pf -->06/11/2008 10:33:32
    C:\WINDOWS\prefetch\FLASHUTIL9C.EXE-04D097AF.pf -->06/11/2008 09:52:28
    C:\WINDOWS\prefetch\RUNDLL32.EXE-453420C4.pf -->06/11/2008 09:51:28
    C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf -->06/11/2008 09:51:08
    C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->07/02/2008 21:12:17
    C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->07/02/2008 21:12:08
    C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->07/02/2008 21:11:15
    C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-090074F0.pf -->07/02/2008 21:04:40

    C:\WINDOWS\System32\drivers\avipbb.sys -->07/02/2008 18:20:52
    C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54
    C:\WINDOWS\System32\drivers\tcpip.sys -->30/10/2007 18:20:56
    C:\WINDOWS\System32\drivers\mchInjDrv.sys -->19/09/2007 14:22:06
    C:\WINDOWS\System32\drivers\avgntdd.sys -->09/08/2007 13:04:11
    C:\WINDOWS\System32\drivers\AWRTRD.sys -->07/08/2007 12:58:08
    C:\WINDOWS\System32\drivers\NSDriver.sys -->07/08/2007 12:56:58

    C:\WINDOWS\System32\eRLog.ini -->07/02/2008 21:02:56
    C:\WINDOWS\System32\wpa.dbl -->07/02/2008 21:02:21
    C:\WINDOWS\System32\CONFIG.NT -->07/02/2008 18:10:05
    C:\WINDOWS\System32\PerfStringBackup.INI -->05/02/2008 07:35:50
    C:\WINDOWS\System32\perfh00C.dat -->05/02/2008 07:35:50
    C:\WINDOWS\System32\perfh009.dat -->05/02/2008 07:35:50
    C:\WINDOWS\System32\perfc00C.dat -->05/02/2008 07:35:50
    C:\WINDOWS\System32\perfc009.dat -->05/02/2008 07:35:50
    C:\WINDOWS\System32\FNTCACHE.DAT -->24/01/2008 07:39:32
    C:\WINDOWS\System32\QuickTimeVR.qtx -->10/01/2008 15:27:46
    C:\WINDOWS\System32\QuickTime.qts -->10/01/2008 15:27:44
    C:\WINDOWS\System32\MRT.exe -->02/01/2008 19:21:36
    C:\WINDOWS\System32\zllictbl.dat -->30/12/2007 11:22:12
    C:\WINDOWS\System32\lsdelete.exe -->14/12/2007 11:32:52
    C:\WINDOWS\System32\TZLog.log -->12/12/2007 20:04:32
    C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:12
    C:\WINDOWS\System32\lsasrv.dll -->07/11/2007 10:28:32
    C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
    C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
    C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
    C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:26
    C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
    C:\WINDOWS\System32\mscories.dll -->24/10/2007 01:47:38
    C:\WINDOWS\System32\mscorier.dll -->24/10/2007 01:47:38
    C:\WINDOWS\System32\mscoree.dll -->24/10/2007 01:47:38

    C:\WINDOWS\setupapi.log -->06/11/2008 10:09:37
    C:\WINDOWS\WindowsUpdate.log -->07/02/2008 20:52:45
    C:\WINDOWS\wiadebug.log -->07/02/2008 20:52:39
    C:\WINDOWS\0.log -->07/02/2008 20:52:35
    C:\WINDOWS\wiaservc.log -->07/02/2008 20:52:33
    C:\WINDOWS\bootstat.dat -->07/02/2008 20:51:43
    C:\WINDOWS\ntbtlog.txt -->07/02/2008 19:19:12
    C:\WINDOWS\SchedLgU.Txt -->07/02/2008 18:23:46
    C:\WINDOWS\win.ini -->05/02/2008 11:56:00
    C:\WINDOWS\system.ini -->05/02/2008 11:56:00
    C:\WINDOWS\mozver.dat -->16/12/2007 09:13:52
    C:\WINDOWS\vincent3.ini -->24/11/2007 13:19:46
    C:\WINDOWS\eReg.dat -->19/11/2007 17:02:28
    C:\WINDOWS\popcinfo.dat -->06/11/2007 19:26:02
    C:\WINDOWS\WLXPGSS.SCR -->23/10/2007 17:49:46

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Signed
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 1568
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
    0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
    0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
    0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
    0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll
    0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
    0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
    0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x02530000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
    0x02420000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x015a0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    ------------------------------------------------------------------------------
    explorer.exe pid: 4012
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
    0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
    0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
    0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll
    0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
    0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
    0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
    0x02420000 0x4b000 6.00.6000.16431 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
    0x10000000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
    0x01bc0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
    0x02d60000 0x5b000 1.01.0000.0000 C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    0x03160000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    0x031d0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    0x03330000 0x2d000 C:\Program Files\WinRAR\rarext.dll
    0x03030000 0x9000 2.00.0000.0004 C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll
    0x03140000 0x13000 1.00.0000.0000 C:\Program Files\EPSON\Creativity Suite\Easy Photo Print\EPPShell.dll
    0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
    0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
    0x03860000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
    0x03890000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
    0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
    0x039b0000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
    0x03a20000 0xd000 1.01.0000.0137 C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL
    0x40000000 0xc6000 7.00.0004.0453 C:\PROGRA~1\GLARYU~1\rtl70.bpl
    0x03b40000 0x157000 7.00.0004.0453 C:\PROGRA~1\GLARYU~1\vcl70.bpl

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 560
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x01dd0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    ------------------------------------------------------------------------------
    winlogon.exe pid: 3732
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x00cb0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

    Le volume dans le lecteur C s'appelle ACER
    Le numéro de série du volume est AC4B-276A

    Répertoire de C:\WINDOWS\system

    25/12/1998 09:15 345 983 RCDsetup.exe
    1 fichier(s) 345 983 octets
    0 Rép(s) 6 217 830 912 octets libres
    Le volume dans le lecteur C s'appelle ACER
    Le numéro de série du volume est AC4B-276A

    Répertoire de C:\WINDOWS\system32

    05/08/2004 05:00 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 6 217 830 912 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C s'appelle ACER
    Le numéro de série du volume est AC4B-276A

    Répertoire de C:\WINDOWS\Downloaded Program Files

    06/11/2008 10:09 <REP> .
    06/11/2008 10:09 <REP> ..
    02/07/2007 15:44 941 688 asquared.ocx
    07/12/2004 16:07 32 bdcore.dll
    01/03/2005 14:08 118 784 bdupd.dll
    02/11/2005 15:52 65 desktop.ini
    25/07/2002 17:13 24 576 dwusplay.dll
    25/07/2002 17:13 196 608 dwusplay.exe
    07/06/2006 11:09 1 249 erma.inf
    16/05/2007 08:22 399 gp.inf
    01/03/2005 14:08 53 248 ipsupd.dll
    25/07/2002 17:05 172 032 isusweb.dll
    09/03/2005 15:42 6 742 lang.ini
    13/04/2007 15:27 367 LegitCheckControl.inf
    07/12/2004 16:07 32 libfn.dll
    18/02/2005 16:22 126 live.ini
    16/11/2005 11:52 490 Medialogic.INF
    02/08/2007 11:31 360 320 MsnPUpld.dll
    02/08/2007 15:47 569 MSNPUpld.inf
    01/06/2006 02:57 1 331 oscan8.inf
    01/06/2006 02:54 471 040 oscan8.ocx
    31/05/2006 04:15 10 oscan81.ocx_x
    02/08/2007 11:31 67 456 PURen-us.dll
    06/08/2007 12:10 68 992 PURfr-fr.dll
    19/10/2007 19:54 144 QTPlugin.inf
    09/07/2007 12:27 2 377 088 Rawflow.ocx
    09/03/2005 15:43 6 828 scanoptions.tsi
    27/03/2007 16:00 5 021 swflash.inf
    21/01/2008 21:34 465 472 wlscBase.dll
    21/01/2008 21:37 319 wlscBase.inf
    28 fichier(s) 5 341 028 octets

    Total des fichiers listés :
    28 fichier(s) 5 341 028 octets
    2 Rép(s) 6 217 827 840 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
    "C:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"="C:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\WINDOWS\\System32\\mcoinstall.exe"="C:\\WINDOWS\\System32\\mcoinstall.exe:*:Enabled:mcoinstall"
    "E:\\Fr_main\\tools\\CTD_FirmwareUpgrader.exe"="E:\\Fr_main\\tools\\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
    "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
    "C:\\Program Files\\Kerio\\Personal Firewall\\persfw.exe"="C:\\Program Files\\Kerio\\Personal Firewall\\persfw.exe:*:Enabled:Firewall Engine"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-07 21:15:09
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden services & system hive ...

    IPC error: 2 Le fichier spécifié est introuvable.
    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0
    0
  11. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    tu peux me remettre un rapport hijackthis stp.
    0
  12. valy61 Messages postés 360 Statut Membre 6
     
    voila le rapport !!! tu as trouvé quelque chose ????
    merci

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:33:52, on 07/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\Program Files\Kerio\Personal Firewall\persfw.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\WINDOWS\vVX3000.exe
    C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\sistray.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://portail.free.fr/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://portail.free.fr/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
    O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://toolbar.imageshack.us
    O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://bibounemonninibiboune.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
    0
  13. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    rien de visible dans le rapport Hijackthis.

    Tu fais exactement comme ça :

    tu supprimes tout ce qu'il y a sur diaghelp.

    Tu refais le téléchargement de diaghelp.

    Tu te déconnectes d'Internet;

    Tu désactive antivir

    tu refais le scan de diaghelp;

    Tu réactives antivir

    tu te reconnectes

    tu poste le rapport de diaghelp.
    0
  14. valy61 Messages postés 360 Statut Membre 6
     
    bon ok !!! scan diaghelp en mode sans échec après que le pc se soit éteint pour la énième fois !!!!!!!!!!!!!!!!!!!!!!!!!!

    DiagHelp version v1.4 - http://www.malekal.com
    excute le 07/02/2008 à 22:56:00,75

    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\RUNDLL32.EXE-3C500167.pf -->06/11/2008 10:45:33
    C:\WINDOWS\prefetch\ASHDISP.EXE-204B2541.pf -->06/11/2008 10:33:33
    C:\WINDOWS\prefetch\READER_SL.EXE-02E193BD.pf -->06/11/2008 10:33:32
    C:\WINDOWS\prefetch\FLASHUTIL9C.EXE-04D097AF.pf -->06/11/2008 09:52:28
    C:\WINDOWS\prefetch\RUNDLL32.EXE-453420C4.pf -->06/11/2008 09:51:28
    C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf -->06/11/2008 09:51:08
    C:\WINDOWS\prefetch\CATCHME.EXE-2C05EF36.pf -->07/02/2008 22:52:17
    C:\WINDOWS\prefetch\FIND.EXE-0EEAD1A7.pf -->07/02/2008 22:52:07
    C:\WINDOWS\prefetch\DUMPHIVE.EXE-1CDF9D97.pf -->07/02/2008 22:52:06
    C:\WINDOWS\prefetch\SWREG.EXE-000986AC.pf -->07/02/2008 22:51:56

    C:\WINDOWS\System32\drivers\avipbb.sys -->07/02/2008 18:20:52
    C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54
    C:\WINDOWS\System32\drivers\tcpip.sys -->30/10/2007 18:20:56
    C:\WINDOWS\System32\drivers\mchInjDrv.sys -->19/09/2007 14:22:06
    C:\WINDOWS\System32\drivers\KProcCheck.sys -->02/09/2007 20:37:44
    C:\WINDOWS\System32\drivers\avgntdd.sys -->09/08/2007 13:04:11
    C:\WINDOWS\System32\drivers\PxHelp20.sys -->27/07/2007 01:06:18

    C:\WINDOWS\System32\eRLog.ini -->07/02/2008 21:20:03
    C:\WINDOWS\System32\wpa.dbl -->07/02/2008 21:19:53
    C:\WINDOWS\System32\CONFIG.NT -->07/02/2008 18:10:05
    C:\WINDOWS\System32\PerfStringBackup.INI -->05/02/2008 07:35:50
    C:\WINDOWS\System32\perfh00C.dat -->05/02/2008 07:35:50
    C:\WINDOWS\System32\perfh009.dat -->05/02/2008 07:35:50
    C:\WINDOWS\System32\perfc00C.dat -->05/02/2008 07:35:50
    C:\WINDOWS\System32\perfc009.dat -->05/02/2008 07:35:50
    C:\WINDOWS\System32\FNTCACHE.DAT -->24/01/2008 07:39:32
    C:\WINDOWS\System32\MRT.exe -->02/01/2008 19:21:36
    C:\WINDOWS\System32\zllictbl.dat -->30/12/2007 11:22:12
    C:\WINDOWS\System32\TZLog.log -->12/12/2007 20:04:32
    C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:12
    C:\WINDOWS\System32\lsasrv.dll -->07/11/2007 10:28:32
    C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
    C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
    C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
    C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:26
    C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
    C:\WINDOWS\System32\mscories.dll -->24/10/2007 01:47:38
    C:\WINDOWS\System32\mscorier.dll -->24/10/2007 01:47:38
    C:\WINDOWS\System32\mscoree.dll -->24/10/2007 01:47:38
    C:\WINDOWS\System32\dfshim.dll -->24/10/2007 01:47:28
    C:\WINDOWS\System32\settings.aaw -->23/10/2007 12:48:00
    C:\WINDOWS\System32\history.aaw -->23/10/2007 12:48:00

    C:\WINDOWS\ntbtlog.txt -->07/02/2008 22:54:57
    C:\WINDOWS\bootstat.dat -->07/02/2008 22:54:49
    C:\WINDOWS\MEMORY.DMP -->07/02/2008 22:53:30
    C:\WINDOWS\WindowsUpdate.log -->07/02/2008 22:21:32
    C:\WINDOWS\wiadebug.log -->07/02/2008 21:17:50
    C:\WINDOWS\wiaservc.log -->07/02/2008 21:17:34
    C:\WINDOWS\SchedLgU.Txt -->07/02/2008 18:23:46
    C:\WINDOWS\win.ini -->05/02/2008 11:56:00
    C:\WINDOWS\system.ini -->05/02/2008 11:56:00
    C:\WINDOWS\mozver.dat -->16/12/2007 09:13:52
    C:\WINDOWS\vincent3.ini -->24/11/2007 13:19:46
    C:\WINDOWS\eReg.dat -->19/11/2007 17:02:28
    C:\WINDOWS\popcinfo.dat -->06/11/2007 19:26:02
    C:\WINDOWS\WLXPGSS.SCR -->23/10/2007 17:49:46
    C:\WINDOWS\WMSysPr9.prx -->15/10/2007 09:35:52

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Signed
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 772
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
    0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
    0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
    0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
    0x01460000 0x4b000 6.00.6000.16431 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
    0x10000000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
    0x016c0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    0x41f00000 0x7000 1.01.0000.3917 C:\WINDOWS\system32\asfsipc.dll
    0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL
    0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\system32\wshext.dll
    0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
    0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
    0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\system32\wshFR.DLL

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 200
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x00f10000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

    Le volume dans le lecteur C s'appelle ACER
    Le numéro de série du volume est AC4B-276A

    Répertoire de C:\WINDOWS\system

    25/12/1998 09:15 345 983 RCDsetup.exe
    1 fichier(s) 345 983 octets
    0 Rép(s) 6 599 581 184 octets libres
    Le volume dans le lecteur C s'appelle ACER
    Le numéro de série du volume est AC4B-276A

    Répertoire de C:\WINDOWS\system32

    05/08/2004 05:00 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 6 599 580 672 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C s'appelle ACER
    Le numéro de série du volume est AC4B-276A

    Répertoire de C:\WINDOWS\Downloaded Program Files

    06/11/2008 10:09 <REP> .
    06/11/2008 10:09 <REP> ..
    02/07/2007 15:44 941 688 asquared.ocx
    07/12/2004 16:07 32 bdcore.dll
    01/03/2005 14:08 118 784 bdupd.dll
    02/11/2005 15:52 65 desktop.ini
    25/07/2002 17:13 24 576 dwusplay.dll
    25/07/2002 17:13 196 608 dwusplay.exe
    07/06/2006 11:09 1 249 erma.inf
    16/05/2007 08:22 399 gp.inf
    01/03/2005 14:08 53 248 ipsupd.dll
    25/07/2002 17:05 172 032 isusweb.dll
    09/03/2005 15:42 6 742 lang.ini
    13/04/2007 15:27 367 LegitCheckControl.inf
    07/12/2004 16:07 32 libfn.dll
    18/02/2005 16:22 126 live.ini
    16/11/2005 11:52 490 Medialogic.INF
    02/08/2007 11:31 360 320 MsnPUpld.dll
    02/08/2007 15:47 569 MSNPUpld.inf
    01/06/2006 02:57 1 331 oscan8.inf
    01/06/2006 02:54 471 040 oscan8.ocx
    31/05/2006 04:15 10 oscan81.ocx_x
    02/08/2007 11:31 67 456 PURen-us.dll
    06/08/2007 12:10 68 992 PURfr-fr.dll
    19/10/2007 19:54 144 QTPlugin.inf
    09/07/2007 12:27 2 377 088 Rawflow.ocx
    09/03/2005 15:43 6 828 scanoptions.tsi
    27/03/2007 16:00 5 021 swflash.inf
    21/01/2008 21:34 465 472 wlscBase.dll
    21/01/2008 21:37 319 wlscBase.inf
    28 fichier(s) 5 341 028 octets

    Total des fichiers listés :
    28 fichier(s) 5 341 028 octets
    2 Rép(s) 6 599 578 624 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe:*:Enabled:LifeExp.exe"
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
    "C:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe"="C:\\Program Files\\Alice_Triway_WiFi\\Wizard\\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\WINDOWS\\System32\\mcoinstall.exe"="C:\\WINDOWS\\System32\\mcoinstall.exe:*:Enabled:mcoinstall"
    "E:\\Fr_main\\tools\\CTD_FirmwareUpgrader.exe"="E:\\Fr_main\\tools\\CTD_FirmwareUpgrader.exe:*:Enabled:CTD_FirmwareUpgrader"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe"="C:\\WINDOWS\\System32\\ZoneLabs\\avsys\\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner"
    "C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"="C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI"
    "C:\\Program Files\\Kerio\\Personal Firewall\\persfw.exe"="C:\\Program Files\\Kerio\\Personal Firewall\\persfw.exe:*:Enabled:Firewall Engine"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-07 22:56:29
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Error loading kernel support driver!
    Make sure you are running this as Administrator.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Error loading kernel support driver!
    Make sure you are running this as Administrator.

    Liste des programmes installes

    ABBYY FineReader 6.0 Sprint
    Adobe Reader 8.1.0 - Français
    Alice Auto-diagnostic
    Apple Mobile Device Support
    Apple Software Update
    Archiveur WinRAR
    Assistant de connexion Windows Live
    AVG Anti-Spyware 7.5
    Avira AntiVir PersonalEdition Classic
    CCleaner (remove only)
    Correctif Windows XP - KB867282
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    EasyCleaner
    eMedia
    eMule2
    EPSON Attach To Email
    EPSON Attach To Email
    EPSON Copy Utility 3
    EPSON Easy Photo Print
    EPSON File Manager
    EPSON Logiciel imprimante
    EPSON Scan
    EPSON Scan Assistant
    EPSON Web-To-Page
    ESDX4000_4050_CX3900
    EZface ActiveX 207
    Gadwin PrintScreen
    Galerie de photos Windows Live
    GIMP 2.4.3
    Glary Utilities 2.4
    HijackThis 2.0.2
    iTunes
    JkDefrag 3.26 Fr
    Kerio Personal Firewall 2.1.5
    Lecteur Windows Media 11
    Les Sims Deluxe
    Memory Stick Formatter
    Messenger Plus! Live & Sponsor (CiD)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Language Pack - FRA
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft .NET Framework 3.0 French Language Pack
    Microsoft .NET Framework 3.0 Service Pack 1
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft LifeCam
    Microsoft National Language Support Downlevel APIs
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
    Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
    Mozilla Firefox (2.0.0.11)
    MP3 Player Utilities
    MSXML 6.0 Parser (KB933579)
    neroxml
    NTI Backup NOW! 4
    NTI Backup NOW! 4
    NTI CD & DVD-Maker
    NTI CD & DVD-Maker
    Package de base Microsoft de service de chiffrement pour cartes à puce
    Paint.NET v3.20
    PC Camera
    PC Camera
    PhotoFiltre
    PowerDVD
    PrintMaster
    PSP Video 9 1.74
    Samsung Camcorder USB-U01
    Samsung Digital Video Camera Capture Driver
    Security Update for CAPICOM (KB931906)
    Security Update for CAPICOM (KB931906)
    Shockwave
    SiS 900 PCI Fast Ethernet Adapter Driver
    SiS VGA Utilities
    SiSAGP driver
    Snoopy 1.0
    Spybot - Search & Destroy
    Tiscali SlideUp (suppression)
    TuneUp Utilities 2007
    VideoLAN VLC media player 0.8.6c
    Visual C++ 8.0 ATL (x86) WinSXS MSM Beta2
    Visual C++ 8.0 ATL.Policy (x86) WinSXS MSM Beta2
    Visual C++ 8.0 CRT (x86) WinSXS MSM Beta2
    Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM Beta2
    Visual C++ 8.0 MFC (x86) WinSXS MSM Beta2
    Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM Beta2
    WebFldrs XP
    Windows Communication Foundation Language Pack - FRA
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Live installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Presentation Foundation
    Windows Presentation Foundation Language Pack (FRA)
    Windows Workflow Foundation FR Language Pack
    XML Paper Specification Shared Components Language Pack 1.0
    XML Paper Specification Shared Components Pack 1.0

    Le volume dans le lecteur C s'appelle ACER
    Le numéro de série du volume est AC4B-276A

    Répertoire de C:\Program Files

    07/02/2008 22:47 <REP> .
    07/02/2008 22:47 <REP> ..
    25/08/2006 20:20 <REP> Abbyy FineReader 6.0 Sprint
    06/06/2007 16:11 <REP> Absolutist.com
    05/02/2008 18:20 <REP> Adobe
    09/12/2006 12:44 <REP> Alwil Software
    20/11/2007 15:46 <REP> Apple Software Update
    12/06/2007 23:46 <REP> AskPBar
    07/02/2008 18:14 <REP> Avira
    06/06/2007 16:27 <REP> BFG
    07/06/2007 11:22 <REP> Broderbund
    20/09/2007 15:02 <REP> CCleaner
    15/08/2006 17:50 <REP> Common Files
    02/11/2005 16:07 <REP> CyberLink
    05/02/2008 15:29 <REP> DivX
    05/02/2008 15:29 <REP> EasyCovers
    05/02/2008 15:29 <REP> eMule
    28/12/2006 15:00 <REP> epson
    04/02/2008 17:43 <REP> eRightSoft
    07/07/2007 09:14 <REP> EZFace
    05/02/2008 18:20 <REP> Fichiers communs
    04/09/2006 16:54 <REP> Gadwin Systems
    26/01/2008 16:28 <REP> GIMP-2.0
    05/02/2008 15:22 <REP> Glary Utilities
    22/05/2007 20:59 <REP> Gore
    21/10/2007 14:00 <REP> Grisoft
    07/03/2007 12:31 <REP> Incomplete
    02/11/2005 15:52 <REP> Internet Explorer
    18/01/2008 18:52 <REP> iPod
    18/01/2008 18:52 <REP> iTunes
    10/12/2007 15:02 <REP> JkDefrag
    30/12/2007 14:42 <REP> Kerio
    18/01/2008 13:00 <REP> Lavasoft
    25/08/2006 20:20 <REP> Lexmark Toolbar
    29/09/2007 09:26 <REP> Lopxp
    25/08/2006 20:23 <REP> lx_cats
    04/02/2008 09:52 <REP> Mediafour
    02/11/2005 15:51 <REP> Messenger
    05/02/2008 15:29 <REP> Messenger Plus! Live
    09/06/2007 17:43 <REP> Mgutil
    09/05/2007 14:45 <REP> Microsoft CAPICOM 2.1.0.2
    02/11/2005 15:53 <REP> microsoft frontpage
    28/11/2006 18:50 <REP> Microsoft LifeCam
    08/10/2007 19:17 <REP> Microsoft SQL Server Compact Edition
    02/11/2005 15:52 <REP> Movie Maker
    18/09/2006 16:16 <REP> Mozilla Firefox
    24/01/2007 09:19 <REP> MP3 Player Utilities
    28/08/2007 12:17 <REP> MSBuild
    02/11/2005 15:51 <REP> MSN
    02/11/2005 15:51 <REP> MSN Gaming Zone
    23/01/2008 20:10 <REP> MSXML 6.0
    17/11/2007 00:52 <REP> NCH Software
    05/02/2008 15:29 <REP> NetMeeting
    02/11/2005 16:07 <REP> NewTech Infosystems
    02/11/2005 15:51 <REP> Online Services
    02/11/2005 15:52 <REP> Outlook Express
    05/02/2008 15:29 <REP> Paint.NET
    15/08/2006 17:50 <REP> PC Camera
    07/02/2008 22:20 <REP> Peggle Deluxe
    01/09/2006 21:24 <REP> PhotoFiltre
    05/02/2008 15:29 <REP> pspvideo9
    28/08/2007 12:06 <REP> Reference Assemblies
    06/01/2007 15:51 <REP> Samsung
    02/11/2005 15:52 <REP> Services en ligne
    15/08/2006 16:21 <REP> SiS VGA Utilities V3.68
    02/11/2005 16:00 <REP> sisagp
    15/08/2006 16:16 <REP> SiSLan
    14/05/2007 16:20 <REP> SM
    18/09/2007 22:42 <REP> Snoopy
    03/08/2007 22:08 <REP> Sony
    07/02/2008 22:47 <REP> Spybot - Search & Destroy
    30/12/2007 12:22 <REP> Sunbelt Software
    08/11/2007 12:02 <REP> TechCity Solutions
    17/09/2006 17:24 <REP> Tiscali
    21/10/2007 12:17 <REP> ToniArts
    29/12/2007 22:45 <REP> Trend Micro
    15/07/2007 00:51 <REP> TuneUp Utilities 2007
    20/01/2007 12:36 <REP> Ulead Systems
    20/04/2007 19:07 <REP> Unlocker
    18/11/2007 01:08 <REP> VideoLAN
    08/10/2007 19:15 <REP> Windows Desktop Search
    07/06/2007 22:54 <REP> Windows Live
    06/11/2008 10:09 <REP> Windows Live Safety Center
    07/10/2006 02:11 <REP> Windows Live Toolbar
    24/11/2006 23:30 <REP> Windows Media Connect 2
    05/02/2008 15:29 <REP> Windows Media Player
    02/11/2005 15:51 <REP> Windows NT
    03/10/2006 14:24 <REP> WinRAR
    02/11/2005 15:53 <REP> xerox
    0 fichier(s) 0 octets
    89 Rép(s) 6 584 487 936 octets libres
    Le volume dans le lecteur C s'appelle ACER
    Le numéro de série du volume est AC4B-276A

    Répertoire de C:\Program Files\fichiers communs

    05/02/2008 18:20 <REP> .
    05/02/2008 18:20 <REP> ..
    05/02/2008 18:21 <REP> Adobe
    21/12/2007 18:48 <REP> Apple
    02/11/2005 16:00 <REP> InstallShield
    02/11/2005 15:47 <REP> Microsoft Shared
    02/11/2005 15:52 <REP> MSSoap
    02/11/2005 16:07 <REP> muvee Technologies
    02/11/2005 16:07 <REP> NewTech Infosystems
    03/01/2007 17:54 <REP> Real
    02/11/2005 15:52 <REP> Services
    24/07/2007 12:25 <REP> Simple Star Shared
    02/11/2005 15:47 <REP> SpeechEngines
    26/11/2006 12:42 <REP> Symantec Shared
    26/11/2006 11:57 <REP> Symantec Shared(2)
    02/11/2005 15:52 <REP> System
    07/02/2008 22:16 <REP> Wise Installation Wizard
    03/05/2007 15:47 <REP> xing shared
    0 fichier(s) 0 octets
    18 Rép(s) 6 584 488 960 octets libres
    Le volume dans le lecteur C s'appelle ACER
    Le numéro de série du volume est AC4B-276A

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    02/11/2005 16:01 <REP> .
    02/11/2005 16:01 <REP> ..
    18/05/2001 15:57 561 209 MSONSEXT.DLL
    03/06/1999 12:09 122 937 MSOWS409.DLL
    07/03/2001 07:00 127 033 MSOWS40c.DLL
    3 fichier(s) 811 179 octets
    2 Rép(s) 6 584 489 472 octets libres
    Le volume dans le lecteur C s'appelle ACER
    Le numéro de série du volume est AC4B-276A

    Répertoire de C:\Program Files\common files

    15/08/2006 17:50 <REP> .
    15/08/2006 17:50 <REP> ..
    16/09/2006 00:14 <REP> Companion Wizard
    15/08/2006 17:50 <REP> PCCamera
    21/09/2006 15:30 <REP> Scanner
    0 fichier(s) 0 octets
    5 Rép(s) 6 584 488 960 octets libres

    c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe
    c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
    c:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\SX3KA0HS\iTunesSetupAdmin[1].exe
    c:\Documents and Settings\valerie\Application Data\Microsoft\Installer\{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}\_26e91eb.exe
    c:\Documents and Settings\valerie\Application Data\Microsoft\Installer\{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}\_5af141bb.exe
    c:\Documents and Settings\valerie\Application Data\Microsoft\Installer\{5BBFB0E4-2250-49C3-A8A3-65BE2197D13B}\_bb32ea6.exe
    c:\Documents and Settings\valerie\Application Data\MSNInstaller\msnauins.exe
    c:\Documents and Settings\valerie\Bureau\Raccourcis Bureau non utilisés\wrar362fr.exe
    c:\Documents and Settings\valerie\Bureau\Raccourcis Bureau non utilisés\eMule-NG-0.47c-Installer[1]\eMule0.47c-Installer.exe
    c:\Documents and Settings\valerie\Bureau\Raccourcis Bureau non utilisés\mcoinstall[1]\mcoinstall.exe
    c:\Documents and Settings\valerie\Bureau\Raccourcis Bureau non utilisés\mcoinstall[1]\installer\mcoinstall.exe
    c:\Documents and Settings\valerie\Bureau\Raccourcis Bureau non utilisés\mvc[1]\setup.exe
    c:\Documents and Settings\valerie\Bureau\Raccourcis Bureau non utilisés\VirtualDub-1.7.0[1]\auxsetup.exe
    c:\Documents and Settings\valerie\Bureau\Raccourcis Bureau non utilisés\VirtualDub-1.7.0[1]\vdub.exe
    c:\Documents and Settings\valerie\Bureau\Raccourcis Bureau non utilisés\VirtualDub-1.7.0[1]\VirtualDub.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\catchme.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\diff.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\dumphive.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\find2.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\Fport.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\grep.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\gzip.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\LFiles.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\md5sums.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\pslist.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\sigcheck.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\streams.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\swreg.exe
    c:\Documents and Settings\valerie\Mes documents\DiagHelp\DiagHelp\tar.exe
    c:\Documents and Settings\All Users\Application Data\Broderbund Software\Print\PretzlDn.dll
    c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
    c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
    c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
    c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
    c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll
    c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\bejeweled2\fr-FR\Bejeweled2.dll
    c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ElDorado\fr-FR\Eldorado.dll
    c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ElDorado\fr-FR\fmod.dll
    c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\MumboJumboExtension\MumboJumboExtension.dll
    c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\MyZylomExtension\MyZylomExtension.dll
    c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\PopcapExtension\PopcapExtension.dll
    c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomDeluxeInstaller\ZylomDeluxeInstaller.dll
    c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylom\ZylomExtension\ZylomExtension.dll
    c:\Documents and Settings\Floriane\Application Data\Mozilla\Firefox\Profiles\itjdhrnr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
    c:\Documents and Settings\Floriane\Application Data\Mozilla\Firefox\Profiles\itjdhrnr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
    c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    c:\Documents and Settings\valerie\Application Data\Identities\{000HQ7FF-AD7A-3FG1-7LLS-22TDACKJ0VU0}\xmlparse.dll
    c:\Documents and Settings\valerie\Application Data\Identities\{000HQ7FF-AD7A-3FG3-USK1-22JKKIT3EVVD}\xmlparse.dll
    c:\Documents and Settings\valerie\Application Data\Identities\{000HQ7FF-AD7A-3FG6-OIK7-230KFTJUEVVN}\xmlparse.dll
    c:\Documents and Settings\valerie\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\valerie\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
    c:\Documents and Settings\valerie\Application Data\Microsoft\IdentityCRL\Production\ppcrlui.dll
    c:\Documents and Settings\valerie\Application Data\TaoUSign\jseccapi.dll

    ****** Fin du rapport DiagHelp
    Veuillez svp envoyer le fichier C:\upload_moi_ACER-FE8B363750.tar.gz a l'adresse http://upload.malekal.com
    0
  15. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Re,

    tu peux envoyer le fichier comme demandé :

    ouvre le lien http://upload.malekal.com/ et suis les instructions pour mettre ce fichier :

    C:\upload_moi_ACER-FE8B363750.tar.gz

    Il faut que je regarde et analyse.

    0
  16. valy61 Messages postés 360 Statut Membre 6
     
    ok !!! je te lirai demain matin !! je vais dodo car demain debout de bonne heure !!!
    merci beaucoup à toi pour tout le temps que tu passes à nous aider !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    le fichier est déja envoyé !!!!!!
    merci
    0
  17. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonjour,

    tu as des droits d'administrateur sur ta session ?

    Sinon, j'attends des nouvelles de l'upload.
    0
  18. valy61 Messages postés 360 Statut Membre 6
     
    bonsoir et merci de répondre !!! je comprends pas bien ta question !!!!!!!!!!!!!!!
    sinon pour info !!!! ce matin analyse avec spybot en mode sans échec puisque le pc s'est à nouveau éteint en analyse mais même en mode sans échec il s'est éteint après avoir trouvé BPSSpywareRemover et il s'arrête arrivé à TRUSWORD !!!!!!!!!!!!!!!!!!!!!!!!
    analyse avec antivir !!!!! je te poste le rapport !!!
    merci à toi !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    AntiVir PersonalEdition Classic
    Report file date: vendredi 8 février 2008 12:26

    Scanning for 1095787 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: ACER-FE8B363750

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 17:20:49
    ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 17:20:49
    ANTIVIR3.VDF : 7.0.2.107 350208 Bytes 07/02/2008 17:20:49
    AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 07/02/2008 17:20:51
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 07/02/2008 17:20:52
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: vendredi 8 février 2008 12:26

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'sistray.exe' - '1' Module(s) have been scanned
    Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'AliceAgent.exe' - '1' Module(s) have been scanned
    Scan process 'vVX3000.exe' - '1' Module(s) have been scanned
    Scan process 'Monitor.exe' - '1' Module(s) have been scanned
    Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'snmp.exe' - '1' Module(s) have been scanned
    Scan process 'PERSFW.exe' - '1' Module(s) have been scanned
    Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    35 processes with 35 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '29' files ).

    Starting the file scan:

    Begin scan in 'C:\' <ACER>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <ACERDATA>

    End of the scan: vendredi 8 février 2008 12:58
    Used time: 31:29 min

    The scan has been done completely.

    7091 Scanning directories
    163481 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    163481 Files not concerned
    6917 Archives were scanned
    2 Warnings
    0 Notes
    0
  19. valy61 Messages postés 360 Statut Membre 6
     
    au fait !! j'ai oublié !!!! le dossier je n'arrive pas à l'envoyer j'ai eu un message hier qui me dit que le fichier choisi n'est pas valide !!!!!!! je l'ai fait comme indiqué et aussi manuellement et ça ne passe pas !!!!
    0
  20. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
     
    Bonsoir,

    donc pas de virus.

    on va regarder les spywares.

    Ouvre ce lien et scanne en ligne

    https://www.emsisoft.com/fr/home/emergencykit/

    Poste le rapport si tu en obtiens un.

    Sinon, dis moi ce que tu as pu voir;
    0
  21. valy61 Messages postés 360 Statut Membre 6
     
    bon voila !! l'analyse est faite !! je te la poste !!
    merci à toi !!!

    a-squared Free - Version 2

    Scan settings:

    Objects: Memory, Traces, Cookies, C:\WINDOWS, C:\Program Files
    Scan archives: On
    Heuristics: Off
    ADS Scan: On

    Scan start: 08/02/2008 23:25:18

    Scanned

    Files: 46612
    Traces: 161376
    Cookies: 73
    Processes: 35

    Found

    Files: 0
    Traces: 0
    Cookies: 8
    Processes: 0

    Scan end: 08/02/2008 23:49:26
    Scan time: 00:24:08
    0
  • 1
  • 2