A voir également:
- Trojan games c'est quoi
- Win32:malware-gen ✓ - Forum Virus
- Trojan win32 - Forum Virus
- Win32 pup gen ✓ - Forum Linux / Unix
- Télécharger win32 valide pour windows 7 gratuit - Forum Windows
- Puadimanager win32 ✓ - Forum Virus
28 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
7 févr. 2008 à 15:54
7 févr. 2008 à 15:54
slt,
Le problème est qu'ils sont dans des fichiers de restauration (C:\System Volume Information\_restore{*}\*).
pour virer l'infection :
désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
puis redemarre ton ordi
puis réactive la
_________________
colle un rapport hiajkchtis pour verifier
Le problème est qu'ils sont dans des fichiers de restauration (C:\System Volume Information\_restore{*}\*).
pour virer l'infection :
désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)
puis redemarre ton ordi
puis réactive la
_________________
colle un rapport hiajkchtis pour verifier
jalobservateur
Messages postés
7372
Date d'inscription
lundi 16 juillet 2007
Statut
Contributeur sécurité
Dernière intervention
10 mai 2012
930
7 févr. 2008 à 15:55
7 févr. 2008 à 15:55
Salut !
Ouais tu n'auras pas accès au dossier Volume\restore, c'est normal .
Alors, simplement désactiver la resto sur Cliques droite "poste de travail"/Propriétés Resto/Désactiver /appliquer/ok
Redémarrer /Réactiver la resto/Appliquer/ ok et voilà.
Ensuite scan en MSEchec, avec ton Avast minutieux.
Ouais tu n'auras pas accès au dossier Volume\restore, c'est normal .
Alors, simplement désactiver la resto sur Cliques droite "poste de travail"/Propriétés Resto/Désactiver /appliquer/ok
Redémarrer /Réactiver la resto/Appliquer/ ok et voilà.
Ensuite scan en MSEchec, avec ton Avast minutieux.
Petit oubli : lorsque j'ai supprimé les fichiers amvo?.dll, un message d'alerte est apparu quelques secondes après, en me disant qu'une application (avec le nom d'un fichier) n'a pas pu s'initialiser. Il vient de me le rafficher lors de reboot, mais je n'ai pas pu lire le nom de fichier (de souvenir, c'était un nom vraiment tordu, sans aucune signification).
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
7 févr. 2008 à 18:27
7 févr. 2008 à 18:27
oui verifie avec avast si encore present ou
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
scan en ligne firefox
https://www.trendmicro.com/fr_fr/business.html
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
secuser en ligne :
http://www.secuser.com/outils/antivirus.htm
scan en ligne firefox
https://www.trendmicro.com/fr_fr/business.html
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Merci pour ton aide.
Le scan d'avast est en cours, en mode normal (c'est looong).
Je tenterai surement des scans en ligne ensuite.
Je vous tiens au courant dès que c'est fini.
(HS : on peut pas éditer un message si on est pas inscrit ?)
Le scan d'avast est en cours, en mode normal (c'est looong).
Je tenterai surement des scans en ligne ensuite.
Je vous tiens au courant dès que c'est fini.
(HS : on peut pas éditer un message si on est pas inscrit ?)
Bon, le scan d'avast est terminé.
Résultat : je ne vois plus aucune trace d'aucun trojan.
Cependant : j'ai pas mal d'archive détectée comme "bombe de decompression" (kesaco ?)
et le problème des fichiers cachés persiste !
Je pars pour les scans en ligne ...
Résultat : je ne vois plus aucune trace d'aucun trojan.
Cependant : j'ai pas mal d'archive détectée comme "bombe de decompression" (kesaco ?)
et le problème des fichiers cachés persiste !
Je pars pour les scans en ligne ...
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
7 févr. 2008 à 20:48
7 févr. 2008 à 20:48
ok
tu collera le rapport pour voir
a plus
tu collera le rapport pour voir
a plus
Bonjour,
J'ai fais le scan de BitDefender, Panda, et Trend Micro : aucun virus, menaces ou fichier infecté trouvé !
Mais je ne peux toujours pas afficher les fichiers cachés ...
La je ne vois vraiment pas d'où ca peut venir ... une clé de la BdR qui a été modifiée ?
A noter que à chaque racine de mes partitions, j'ai des fichiers nommés "i.com", "j.bat" ... ainsi que 2 autres avec un nom différent (ifetri.com et 288qmr.bat ou qqch dans le genre, je pourrais préciser ce soir) ; ce que je trouve bizarre, c'est que quand je les édite, ils ont la signature d'exécutable (commencent par MZ) ...
J'ai suprimé ceux qui étaient sur ma partition systeme, rien n'a l'air de bugger, je vais sans doute les virer sur les autres partitions aussi ... ? je n'ai trouvé aucune information sur ces fichiers sur google ...
En tout cas, si vous avez des idées, elles seront les bienvenues !
Merci pour votre aide.
J'ai fais le scan de BitDefender, Panda, et Trend Micro : aucun virus, menaces ou fichier infecté trouvé !
Mais je ne peux toujours pas afficher les fichiers cachés ...
La je ne vois vraiment pas d'où ca peut venir ... une clé de la BdR qui a été modifiée ?
A noter que à chaque racine de mes partitions, j'ai des fichiers nommés "i.com", "j.bat" ... ainsi que 2 autres avec un nom différent (ifetri.com et 288qmr.bat ou qqch dans le genre, je pourrais préciser ce soir) ; ce que je trouve bizarre, c'est que quand je les édite, ils ont la signature d'exécutable (commencent par MZ) ...
J'ai suprimé ceux qui étaient sur ma partition systeme, rien n'a l'air de bugger, je vais sans doute les virer sur les autres partitions aussi ... ? je n'ai trouvé aucune information sur ces fichiers sur google ...
En tout cas, si vous avez des idées, elles seront les bienvenues !
Merci pour votre aide.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
8 févr. 2008 à 15:36
8 févr. 2008 à 15:36
afficher fichiers caché (tu a essayé en mode administrateur?
https://www.informatruc.com
_____________
essaye zeb restore
http://telechargement.zebulon.fr/zeb-restore.html
_____________
si ca persiste colle pour voir un rapport combofix
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
https://www.informatruc.com
_____________
essaye zeb restore
http://telechargement.zebulon.fr/zeb-restore.html
_____________
si ca persiste colle pour voir un rapport combofix
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Re bonjour !
Ca marche !
Je te colle quand même le rapport ComboFix, au cas où tu verrais des trucs bizarres.
Par contre, le fichier de ton lien n'est pas bon (chez moi en tout cas, en voila un autre qui a marché : https://www.google.fr/?gws_rd=ssl )
A noter quand même : Secuser n'a rien trouvé, afficher les fichiers cachés, c'est ce qui marchais pas, et ma session est bien admin, zeb restore n'a rien fait non plus, donc tout semblerais venir de combofix.
De plus, les fichiers bizarres dont je t'ai parlés, qui étaient présent à la racine de mes partitions ont aussi disparus.
Est ce que tu pourrais quand même me donner ton analyse du rapport stp, et si tu sais d'où venait le problème me l'indiquer, j'aime bien comprendre, ca peut resservir ^^
Encore merci, a++
Ca marche !
Je te colle quand même le rapport ComboFix, au cas où tu verrais des trucs bizarres.
ComboFix 08-02.05.3 - Benoît 2008-02-08 18:11:49.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1047 [GMT 1:00]
Endroit: C:\Documents and Settings\Benoît\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-08 to 2008-02-08 ))))))))))))))))))))))))))))))))))))
.
2008-02-08 18:01 . 2004-08-05 13:00 400,896 --a------ C:\kmd.exe
2008-02-08 12:31 . 2008-02-08 12:30 36,053,585 --a------ C:\WINDOWS\LPT$VPN.987
2008-02-08 12:30 . 2008-02-08 12:30 <REP> d-------- C:\WINDOWS\AU_Temp
2008-02-08 12:30 . 2008-02-08 12:30 36,053,585 --a------ C:\WINDOWS\VPTNFILE.987
2008-02-07 21:49 . 2008-02-08 12:31 <REP> d-------- C:\WINDOWS\report
2008-02-07 21:49 . 2008-02-08 12:30 <REP> d-------- C:\WINDOWS\AU_Backup
2008-02-07 21:49 . 2008-02-07 21:49 1,919,160 --a------ C:\WINDOWS\tsc.ptn
2008-02-07 21:49 . 2008-02-08 12:30 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2008-02-07 21:49 . 2008-02-07 21:49 267,845 --a------ C:\WINDOWS\tsc.exe
2008-02-07 21:49 . 2008-02-08 12:30 86,094 --a------ C:\WINDOWS\BPMNT.dll
2008-02-07 21:49 . 2008-02-07 21:49 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2008-02-07 21:49 . 2008-02-08 17:43 823 --a------ C:\WINDOWS\tsc.ini
2008-02-07 21:45 . 2008-02-07 21:45 <REP> d-------- C:\WINDOWS\AU_Log
2008-02-07 21:45 . 2008-02-07 21:45 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2008-02-07 21:45 . 2008-02-07 21:45 286,720 --a------ C:\WINDOWS\PATCH.EXE
2008-02-07 21:45 . 2008-02-07 21:45 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2008-02-07 21:45 . 2008-02-08 12:30 170 --a------ C:\WINDOWS\GetServer.ini
2008-02-07 21:34 . 2008-02-07 21:36 <REP> d-------- C:\Program Files\Panda Security
2008-02-07 21:30 . 2008-02-07 22:32 <REP> d-------- C:\Documents and Settings\Benoît\.housecall6.6
2008-02-07 21:30 . 2008-02-07 22:32 <REP> d-------- C:\Documents and Settings\Benoît\.housecall6.6
2008-02-07 19:42 . 2008-02-08 07:28 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-06 23:43 . 2008-02-06 23:44 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-06 23:01 . 2008-02-06 23:02 <REP> d-------- C:\Program Files\Lavasoft
2008-02-06 23:01 . 2008-02-06 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-06 22:57 . 2008-02-06 22:57 <REP> d-------- C:\Program Files\Trend Micro
2008-02-06 22:26 . 2008-02-06 22:26 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-06 22:26 . 2008-02-06 23:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 22:05 . 2008-02-06 22:05 <REP> d-------- C:\Program Files\CCleaner
2008-02-06 21:22 . 2008-02-06 21:22 <REP> d-------- C:\Documents and Settings\Benoît\Application Data\Grisoft
2008-02-06 21:22 . 2008-02-06 21:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-06 21:22 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-05 13:07 . 2008-02-05 13:12 <REP> d-------- C:\Documents and Settings\Benoît\.maptool
2008-02-05 13:07 . 2008-02-05 13:12 <REP> d-------- C:\Documents and Settings\Benoît\.maptool
2008-02-05 12:09 . 2008-02-05 12:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-05 12:08 . 2007-11-15 10:06 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-02-05 12:08 . 2008-02-05 12:08 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-02-05 12:07 . 2008-02-05 12:08 <REP> d-------- C:\Program Files\Fichiers communs\Logishrd
2008-02-05 12:07 . 2008-02-05 12:07 <REP> d-------- C:\Documents and Settings\Benoît\Application Data\InstallShield
2008-02-03 11:16 . 2008-02-03 11:16 <REP> d-------- C:\WINDOWS\Sun
2008-02-02 16:17 . 2008-02-02 16:17 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-02-02 16:17 . 2008-02-02 16:17 <REP> d-------- C:\Documents and Settings\Benoît\Application Data\DAEMON Tools
2008-01-29 22:05 . 2008-01-29 22:16 357 --a------ C:\Documents and Settings\Benoît\.cb_layout.bin
2008-01-29 22:05 . 2008-01-29 22:16 357 --a------ C:\Documents and Settings\Benoît\.cb_layout.bin
2008-01-29 22:03 . 2008-01-29 22:11 <REP> d-------- C:\Documents and Settings\Benoît\.CodeBlocks
2008-01-29 22:03 . 2008-01-29 22:11 <REP> d-------- C:\Documents and Settings\Benoît\.CodeBlocks
2008-01-29 20:13 . 2008-01-29 20:14 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-01-26 20:32 . 2008-01-26 20:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-25 19:08 . 2008-01-25 19:08 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-01-25 09:03 . 2005-04-12 19:09 159,744 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2008-01-25 09:03 . 2005-04-12 19:21 45,504 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-01-25 09:03 . 2005-04-12 19:21 22,240 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-01-25 09:03 . 2005-04-12 19:21 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-01-25 09:03 . 2005-04-12 19:21 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-01-24 20:33 . 2008-01-24 20:33 <REP> d-------- C:\Documents and Settings\Benoît\workspace
2008-01-24 20:33 . 2008-01-24 20:33 <REP> d-------- C:\Documents and Settings\Benoît\workspace
2008-01-24 12:33 . 2008-01-24 12:33 <REP> d-------- C:\Program Files\Microsoft Games
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 21:39 --------- d-----w C:\Documents and Settings\Benoît\Application Data\U3
2008-02-06 22:01 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-05 11:08 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-02-05 11:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 12:21 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-31 16:58 --------- d-----w C:\Program Files\eMule
2008-01-31 16:58 --------- d-----w C:\Documents and Settings\Benoît\Application Data\Azureus
2008-01-31 14:15 --------- d-----w C:\Documents and Settings\Benoît\Application Data\FileZilla
2008-01-29 21:16 357 ----a-w C:\Documents and Settings\Benoît\.cb_layout.bin
2008-01-29 21:16 357 ----a-w C:\Documents and Settings\Benoît\.cb_layout.bin
2008-01-28 19:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-01-26 19:32 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-01-25 08:03 --------- d-----w C:\Program Files\Logitech
2008-01-24 17:17 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-17 16:35 --------- d-----w C:\Program Files\Notepad++
2008-01-07 20:44 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-05 15:25 --------- d-----w C:\Documents and Settings\Benoît\Application Data\My Games
2008-01-05 15:20 --------- d-----w C:\Documents and Settings\Benoît\Application Data\InstallShield Installation Information
2008-01-05 15:15 --------- d-----w C:\Program Files\MagicISO
2008-01-05 11:19 --------- d-----w C:\Documents and Settings\Benoît\Application Data\Todae
2008-01-05 09:27 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-04 22:52 --------- d-----w C:\Program Files\MSBuild
2008-01-04 22:49 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-04 22:22 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-01-04 17:25 --------- d-----w C:\Documents and Settings\Benoît\Application Data\skypePM
2008-01-04 17:25 --------- d-----w C:\Documents and Settings\Benoît\Application Data\Skype
2008-01-04 17:19 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-01-04 17:19 --------- d-----w C:\Documents and Settings\Benoît\Application Data\Logitech
2008-01-04 17:18 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-04 17:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-01-04 17:18 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-01-04 17:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-04 13:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-04 10:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-12-23 21:38 --------- d-----w C:\Program Files\Azureus
2007-12-22 15:20 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-12-22 15:20 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-22 15:20 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-22 15:20 22,328 ----a-w C:\Documents and Settings\Benoît\Application Data\PnkBstrK.sys
2007-12-22 15:20 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-22 09:21 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-19 20:54 --------- d-----w C:\Documents and Settings\Benoît\Application Data\fretsonfire
2007-12-18 22:22 81,920 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-10 21:09 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-09 11:39 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-09 11:39 --------- d--h--r C:\Documents and Settings\Benoît\Application Data\SecuROM
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-02 13:26 86,016 ----a-w C:\WINDOWS\system32\ct_oal.dll
2007-12-02 13:26 262,144 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2007-12-01 20:01 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-30 13:29 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-26 13:25 480,000 ----a-w C:\WINDOWS\boinc.scr
2007-11-15 09:07 76,304 ----a-w C:\WINDOWS\system32\KemXML.dll
2007-11-15 09:07 170,512 ----a-w C:\WINDOWS\system32\kemutb.dll
2007-11-15 09:07 141,840 ----a-w C:\WINDOWS\system32\KemUtil.dll
2007-11-15 09:07 117,264 ----a-w C:\WINDOWS\system32\KemWnd.dll
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-04-04 14:20 81920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 17:51 486856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 07:49 16126464 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2007-05-10 23:03 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-05-10 23:03 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-05-10 23:03 8429568]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 09:30 81920]
"D-Link AirPlus XtremeG"="C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2006-06-16 10:24 1323008]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 16:59 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\WINDOWS\KHALMNPR.Exe]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\BenoŒt\Menu D‚marrer\Programmes\D‚marrage\
TribalWeb.lnk - C:\Program Files\TribalWeb\tribalweb.exe [2007-12-02 12:06:10 1077248]
World Community Grid - BOINC Manager.lnk - F:\BOINC\boincmgr.exe [2007-11-26 14:25:32 3863296]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-01-04 18:19:14 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-05 12:08:03 784912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 10:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 04:15]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 07:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2656c6c-a4d7-11dc-9fc2-001b11c743fd}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe pagefile.sys.vbs
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 18:12:20
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-08 18:12:33
.
2008-01-09 20:01:26 --- E O F ---
Par contre, le fichier de ton lien n'est pas bon (chez moi en tout cas, en voila un autre qui a marché : https://www.google.fr/?gws_rd=ssl )
A noter quand même : Secuser n'a rien trouvé, afficher les fichiers cachés, c'est ce qui marchais pas, et ma session est bien admin, zeb restore n'a rien fait non plus, donc tout semblerais venir de combofix.
De plus, les fichiers bizarres dont je t'ai parlés, qui étaient présent à la racine de mes partitions ont aussi disparus.
Est ce que tu pourrais quand même me donner ton analyse du rapport stp, et si tu sais d'où venait le problème me l'indiquer, j'aime bien comprendre, ca peut resservir ^^
Encore merci, a++
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 févr. 2008 à 20:51
11 févr. 2008 à 20:51
ok c'est bon!
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
((AVAST en français)) ou ANTIVIR de preference(en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT + si tea timer non active de spybot: WINDOWS DEFENDER ou SPYWARE TERMINATOR
+/-
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
((AVAST en français)) ou ANTIVIR de preference(en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT + si tea timer non active de spybot: WINDOWS DEFENDER ou SPYWARE TERMINATOR
+/-
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
8 févr. 2008 à 19:20
8 févr. 2008 à 19:20
non rien dans les rapport c'est windows.....
tu as le tea timer de spybot et avg antispyware en analyse en temps réel? si c'est le cas désactive un des deux car ca peut faire planter
a plus
tu as le tea timer de spybot et avg antispyware en analyse en temps réel? si c'est le cas désactive un des deux car ca peut faire planter
a plus
ranirun
Messages postés
7
Date d'inscription
vendredi 8 février 2008
Statut
Membre
Dernière intervention
11 février 2008
8 févr. 2008 à 19:31
8 févr. 2008 à 19:31
salut à tous !
j'ai un trojan et j'arrive pas à m'en débarraser ! j'ai déjà essayé avec avast, AVG et trojan remover, ils le detectent mais il ne le suppriment pas! et mon pc devient deviens de plus en plus lent!! à chaque application avast me signale la présence du virus.
file name: c:`\windows\system32\amvo0.dll
Malware name : Win32: Online games- CAZ[Trj]
malware type: trojan horse
aider moi svp!!
merci
j'ai un trojan et j'arrive pas à m'en débarraser ! j'ai déjà essayé avec avast, AVG et trojan remover, ils le detectent mais il ne le suppriment pas! et mon pc devient deviens de plus en plus lent!! à chaque application avast me signale la présence du virus.
file name: c:`\windows\system32\amvo0.dll
Malware name : Win32: Online games- CAZ[Trj]
malware type: trojan horse
aider moi svp!!
merci
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
9 févr. 2008 à 16:51
9 févr. 2008 à 16:51
pour verifer:
remplace avast par antivir et colle un rapport:
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
a plus
remplace avast par antivir et colle un rapport:
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
a plus
Voila le rapport d'antivir : un virus trouvé, qui venait d'un scan en ligne (j'ai tout viré après) :
Il semblerait que ça soit définitivement bon ...
Je vois vraiment pas ce qui continuait à merder.
Merci beaucoup pourle temps que tu as passé à m'aider !
A++
Kobe
AntiVir PersonalEdition Classic
Report file date: dimanche 10 février 2008 13:55
Scanning for 1096761 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Benoît
Computer name: BENO-139196BB54
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 12:47:34
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 12:47:34
ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 08/02/2008 12:47:34
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 10/02/2008 12:47:34
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 10/02/2008 12:47:34
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 10 février 2008 13:55
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'wcg_hpf2_rosetta_5.18_windows_intelx86' - '1' Module(s) have been scanned
Scan process 'wcg_hpf2_rosetta_5.18_windows_intelx86' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wcg_hpf2_rosetta_5.18_windows_intelx86' - '1' Module(s) have been scanned
Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nTuneService.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'boinc.exe' - '1' Module(s) have been scanned
Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned
Scan process 'boincmgr.exe' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'WZCSLDR2.exe' - '1' Module(s) have been scanned
Scan process 'AirPlusCFG.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] No virus was found!
Boot sector 'I:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '40' files ).
Starting the file scan:
Begin scan in 'C:\' <Disque local - Windows>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was deleted!
C:\Program Files\Panda Security\NanoScan\Engine\psnfstdb.dll
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\psnglknt.dll
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\psnhsh.dll
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\psnkrnl.dll
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\psnmem.dll
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\PsnPen.dll
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\PSNStat.dll
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\psnxprs.dll
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\putczip.dll
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\RKPavProc.sys
[WARNING] The file could not be opened!
C:\Program Files\Panda Security\NanoScan\Engine\RKPavProc64.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'F:\' <Disque local - Installation>
Begin scan in 'G:\' <Disque local - Stockage>
Begin scan in 'H:\' <U3 System>
Begin scan in 'I:\' <MYUSBKEY>
End of the scan: dimanche 10 février 2008 14:54
Used time: 59:37 min
The scan has been done completely.
11688 Scanning directories
677833 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
13 Files cannot be scanned
677832 Files not concerned
2741 Archives were scanned
13 Warnings
2 Notes
Il semblerait que ça soit définitivement bon ...
Je vois vraiment pas ce qui continuait à merder.
Merci beaucoup pourle temps que tu as passé à m'aider !
A++
Kobe
ranirun
Messages postés
7
Date d'inscription
vendredi 8 février 2008
Statut
Membre
Dernière intervention
11 février 2008
10 févr. 2008 à 21:53
10 févr. 2008 à 21:53
voilà le rapport avec antivir
AntiVir PersonalEdition Classic
Report file date: dimanche 10 février 2008 12:00
Scanning for 1096761 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: RUN-3EE39A88A94
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 01:05:28
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 01:05:28
ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 08/02/2008 01:05:28
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 09/02/2008 01:05:29
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/02/2008 01:05:29
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 10 février 2008 12:00
Starting search for hidden objects.
'52583' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'OFFLB.EXE' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'Adobelm_Cleanup.0001' - '1' Module(s) have been scanned
Scan process 'Adobelmsvc.exe' - '1' Module(s) have been scanned
Scan process 'Adobelm_Cleanup.0001' - '1' Module(s) have been scanned
Scan process '_Photoshop.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'IcoSauve.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'I:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '17' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\eMule.de 0.48a v18\Temp\006.part
[0] Archive type: ACE
--> Jah Shaka meets Aswad - 6 - Behold HIM.mp3
[WARNING] An exception has been identified!
[WARNING] An exception has been identified!
Begin scan in 'E:\' <HP Personal Media Drive>
Begin scan in 'I:\' <RûN>
End of the scan: dimanche 10 février 2008 13:29
Used time: 1:28:58 min
The scan has been done completely.
14129 Scanning directories
360306 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
360306 Files not concerned
11934 Archives were scanned
4 Warnings
0 Notes
52583 Objects were scanned with rootkit scan
0 Hidden objects were found
AntiVir PersonalEdition Classic
Report file date: dimanche 10 février 2008 12:00
Scanning for 1096761 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: RUN-3EE39A88A94
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 01:05:28
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 01:05:28
ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 08/02/2008 01:05:28
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 09/02/2008 01:05:29
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/02/2008 01:05:29
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 10 février 2008 12:00
Starting search for hidden objects.
'52583' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'OFFLB.EXE' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'Adobelm_Cleanup.0001' - '1' Module(s) have been scanned
Scan process 'Adobelmsvc.exe' - '1' Module(s) have been scanned
Scan process 'Adobelm_Cleanup.0001' - '1' Module(s) have been scanned
Scan process '_Photoshop.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'IcoSauve.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'I:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '17' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\eMule.de 0.48a v18\Temp\006.part
[0] Archive type: ACE
--> Jah Shaka meets Aswad - 6 - Behold HIM.mp3
[WARNING] An exception has been identified!
[WARNING] An exception has been identified!
Begin scan in 'E:\' <HP Personal Media Drive>
Begin scan in 'I:\' <RûN>
End of the scan: dimanche 10 février 2008 13:29
Used time: 1:28:58 min
The scan has been done completely.
14129 Scanning directories
360306 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
360306 Files not concerned
11934 Archives were scanned
4 Warnings
0 Notes
52583 Objects were scanned with rootkit scan
0 Hidden objects were found
jalobservateur
Messages postés
7372
Date d'inscription
lundi 16 juillet 2007
Statut
Contributeur sécurité
Dernière intervention
10 mai 2012
930
11 févr. 2008 à 03:35
11 févr. 2008 à 03:35
Bonjour ranirun,
ranirun
Messages postés
7
Date d'inscription
vendredi 8 février 2008
Statut
Membre
Dernière intervention
11 février 2008
11 févr. 2008 à 14:46
11 févr. 2008 à 14:46
ah bon ! peu importe!
j'ai toujours le virus ou pas ?!!
voilà un autre rapport
AntiVir PersonalEdition Classic
Report file date: lundi 11 février 2008 12:00
Scanning for 1098011 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: RUN-3EE39A88A94
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 01:05:28
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 01:05:28
ANTIVIR3.VDF : 7.0.2.116 20992 Bytes 10/02/2008 22:24:38
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 09/02/2008 01:05:29
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/02/2008 01:05:29
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 11 février 2008 12:00
Starting search for hidden objects.
'52578' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'RAC38.exe' - '1' Module(s) have been scanned
Scan process 'MediaDico38.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'IcoSauve.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'I:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '18' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\eMule.de 0.48a v18\Temp\006.part
[0] Archive type: ACE
--> Jah Shaka meets Aswad - 6 - Behold HIM.mp3
[WARNING] An exception has been identified!
[WARNING] An exception has been identified!
C:\System Volume Information\_restore{B0C4DFB3-3129-4ED6-977A-D8522A68C11B}\RP6\A0000279.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.32
[INFO] The file was deleted!
Begin scan in 'E:\' <HP Personal Media Drive>
Begin scan in 'I:\' <RûN>
End of the scan: lundi 11 février 2008 12:59
Used time: 59:39 min
The scan has been done completely.
14138 Scanning directories
360483 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
360482 Files not concerned
11943 Archives were scanned
4 Warnings
0 Notes
52578 Objects were scanned with rootkit scan
0 Hidden objects were found
j'ai toujours le virus ou pas ?!!
voilà un autre rapport
AntiVir PersonalEdition Classic
Report file date: lundi 11 février 2008 12:00
Scanning for 1098011 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: RUN-3EE39A88A94
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 01:05:28
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 01:05:28
ANTIVIR3.VDF : 7.0.2.116 20992 Bytes 10/02/2008 22:24:38
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 09/02/2008 01:05:29
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 09/02/2008 01:05:29
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 11 février 2008 12:00
Starting search for hidden objects.
'52578' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'RAC38.exe' - '1' Module(s) have been scanned
Scan process 'MediaDico38.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'IcoSauve.exe' - '1' Module(s) have been scanned
Scan process 'SUPERAntiSpyware.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'I:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '18' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\eMule.de 0.48a v18\Temp\006.part
[0] Archive type: ACE
--> Jah Shaka meets Aswad - 6 - Behold HIM.mp3
[WARNING] An exception has been identified!
[WARNING] An exception has been identified!
C:\System Volume Information\_restore{B0C4DFB3-3129-4ED6-977A-D8522A68C11B}\RP6\A0000279.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.32
[INFO] The file was deleted!
Begin scan in 'E:\' <HP Personal Media Drive>
Begin scan in 'I:\' <RûN>
End of the scan: lundi 11 février 2008 12:59
Used time: 59:39 min
The scan has been done completely.
14138 Scanning directories
360483 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
360482 Files not concerned
11943 Archives were scanned
4 Warnings
0 Notes
52578 Objects were scanned with rootkit scan
0 Hidden objects were found
jalobservateur
Messages postés
7372
Date d'inscription
lundi 16 juillet 2007
Statut
Contributeur sécurité
Dernière intervention
10 mai 2012
930
11 févr. 2008 à 16:28
11 févr. 2008 à 16:28
Rebonjour.
ton rapport précédent indiquait : 0 viruses and/or unwanted programs were found
Donc excellent.
Mais là. tu as joué de la "Mule" il me semble ???
C:\Program Files\eMule.de 0.48a v18\Temp\006.part
[0] Archive type: ACE
--> Jah Shaka meets Aswad - 6 - Behold HIM.mp3
[WARNING] An exception has been identified!
[WARNING] An exception has been identified!
C:\System Volume Information\_restore{B0C4DFB3-3129-4ED6-977A-D8522A68C11B}\RP6\A0000279.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.32
[INFO] The file was deleted!
Mais grâce à la réactivité de Antivir, cette merde est restée dans le dossier "temp". Et a été isolée et détruite par Antivir .
1 viruses and/or unwanted programs were found
1 files were deleted
--
-------------------------------------------------
Mais ,ce topic est celui de : KOBE et de jlpjlp.
Alors pour terminer mon aide, on devra poursuivre comme on a fais préalablement .
Mais je sais que tu m'a contacté, mais j'en ai eu tellement plein les bras que celà m'a été impossible de continuer.
Donc nous devrons reprendre pour finaliser 'quelques explications' surtout concernant le P2P.
@+ Jal
Et salut kobe & jlpjlp.;-)
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)
ton rapport précédent indiquait : 0 viruses and/or unwanted programs were found
Donc excellent.
Mais là. tu as joué de la "Mule" il me semble ???
C:\Program Files\eMule.de 0.48a v18\Temp\006.part
[0] Archive type: ACE
--> Jah Shaka meets Aswad - 6 - Behold HIM.mp3
[WARNING] An exception has been identified!
[WARNING] An exception has been identified!
C:\System Volume Information\_restore{B0C4DFB3-3129-4ED6-977A-D8522A68C11B}\RP6\A0000279.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.32
[INFO] The file was deleted!
Mais grâce à la réactivité de Antivir, cette merde est restée dans le dossier "temp". Et a été isolée et détruite par Antivir .
1 viruses and/or unwanted programs were found
1 files were deleted
--
-------------------------------------------------
Mais ,ce topic est celui de : KOBE et de jlpjlp.
Alors pour terminer mon aide, on devra poursuivre comme on a fais préalablement .
Mais je sais que tu m'a contacté, mais j'en ai eu tellement plein les bras que celà m'a été impossible de continuer.
Donc nous devrons reprendre pour finaliser 'quelques explications' surtout concernant le P2P.
@+ Jal
Et salut kobe & jlpjlp.;-)
S"V"P. ((Veuillez lire attentivement les recommandations.))
((Cela évite de répéter)). (Firefox) = ((Navigations + Sécuritaires!!!)) (GMT-5h: Québec, CA)
leon95
Messages postés
1213
Date d'inscription
mardi 21 août 2007
Statut
Membre
Dernière intervention
3 octobre 2014
22
11 févr. 2008 à 17:10
11 févr. 2008 à 17:10
bonsoir..t es la jal?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 févr. 2008 à 21:20
11 févr. 2008 à 21:20
et evidemment un petit coucou à jalobservateur
7 févr. 2008 à 16:10
J'ai désactivé/rebooter/réactiver la restauration système, voila le log d'Hijack This :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:04:57, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
F:\BOINC\boincmgr.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
F:\BOINC\boinc.exe
F:\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_5.18_windows_intelx86
F:\BOINC\projects\www.worldcommunitygrid.org\wcg_hpf2_rosetta_5.18_windows_intelx86
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\BOINC\projects\www.worldcommunitygrid.org\wcg_faah_autodock_5.42_windows_intelx86
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: TribalWeb.lnk = C:\Program Files\TribalWeb\tribalweb.exe
O4 - Startup: World Community Grid - BOINC Manager.lnk = F:\BOINC\boincmgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe