Trojan : Win32:TratBHO [TRJ]
Résolu/Fermé
squeaky
Messages postés
12
Date d'inscription
lundi 11 février 2008
Statut
Membre
Dernière intervention
14 février 2008
-
11 févr. 2008 à 02:41
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 14 févr. 2008 à 15:57
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 14 févr. 2008 à 15:57
A voir également:
- Trojan : Win32:TratBHO [TRJ]
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Trojan b901 ✓ - Forum Virus
- Csrss.exe trojan ✓ - Forum Virus
- [Virus] Trojan ou virus dans csrss.exe et spo - Forum Virus
- Trojan wacatac ✓ - Forum Virus
17 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 févr. 2008 à 03:05
11 févr. 2008 à 03:05
Bonsoir,
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
et repost un nouveau hijack this également
@+
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
et repost un nouveau hijack this également
@+
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 févr. 2008 à 17:40
11 févr. 2008 à 17:40
Re,
c´est pas malin d´utiliser des cracks, tu voie ce qu´il arrive apres !
regarde ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instal l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan complet de ton pc a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport ici
@+
c´est pas malin d´utiliser des cracks, tu voie ce qu´il arrive apres !
regarde ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instal l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan complet de ton pc a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport ici
@+
squeaky
Messages postés
12
Date d'inscription
lundi 11 février 2008
Statut
Membre
Dernière intervention
14 février 2008
11 févr. 2008 à 16:00
11 févr. 2008 à 16:00
Desoler pour le retard , donc , j'ai lancer combofix et voila le rapport:
ComboFix 08-02-11.2 - HP_Propriétaire 2008-02-11 15:45:14.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.255 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\combogay.exe
* Création d'un nouveau point de restauration
.
[color=purple]The following files were disabled during the run:[/color]
C:\WINDOWS\system32\guard32.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\cbxvvts.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\cbxvvts.dll
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini2
F:\Autorun.inf
----- BITS: Possible sites infect‚s -----
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))
.
2008-02-11 14:00 . 2008-02-11 14:01 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-11 13:47 . 2008-02-11 14:20 <REP> d-------- C:\SDFix
2008-02-09 13:34 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-02-09 13:34 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-02-09 13:32 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-02-09 13:32 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-02-09 00:54 . 2008-02-09 00:54 <REP> d-------- C:\WINDOWS\Sun
2008-02-07 23:47 . 2008-02-07 23:47 824 --a------ C:\WINDOWS\QT$INST$.~32
2008-02-07 23:47 . 2008-02-07 23:47 30 --a------ C:\WINDOWS\RESULT.QTW
2008-02-07 15:23 . 2008-02-07 15:23 <REP> d-------- C:\Program Files\AngelSmile
2008-02-06 23:19 . 2008-02-07 23:08 <REP> d-------- C:\Program Files\Video Strip Poker Supreme
2008-02-06 23:19 . 2008-02-08 00:47 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-06 20:06 . 2008-02-06 20:06 <REP> d-------- C:\Program Files\Pokai Software
2008-02-06 20:05 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2008-02-06 19:49 . 1997-02-14 18:58 313,344 --a------ C:\WINDOWS\IsUn0407.exe
2008-02-06 19:26 . 2008-02-06 19:26 30,544 --a------ C:\WINDOWS\dirdib.drv
2008-02-06 19:19 . 2008-02-06 19:19 242,176 --a------ C:\WINDOWS\~INSX362.EXE
2008-02-06 19:19 . 2008-02-06 19:19 7,680 --a------ C:\WINDOWS\~INSX462.EXE
2008-02-06 19:19 . 2008-02-06 19:19 2,789 --a------ C:\WINDOWS\INSTALL.INS
2008-02-06 19:17 . 2008-02-07 18:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-06 19:17 . 2008-02-06 19:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 19:30 . 2008-02-04 19:32 <REP> d-------- C:\Program Files\Fichiers communs\3DO Shared
2008-02-04 19:30 . 2008-02-04 19:30 <REP> d-------- C:\Program Files\3DO
2008-02-04 16:39 . 2008-02-09 15:17 495 --a------ C:\WINDOWS\vsp.ini
2008-02-04 16:38 . 2008-02-09 15:17 <REP> d-------- C:\Program Files\Video Strip Poker
2008-02-04 16:35 . 2008-02-04 16:35 <REP> d-------- C:\Program Files\Alcohol Soft
2008-02-04 16:32 . 2008-02-04 16:32 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-04 16:03 . 2008-02-04 16:04 <REP> d-------- C:\Program Files\ISOpen
2008-02-04 12:50 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2008-02-04 12:50 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd101b.dll
2008-02-01 19:03 . 2008-02-01 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-01 13:25 . 2008-02-01 13:25 715 --a------ C:\WINDOWS\ST4UNST.000
2008-01-31 23:22 . 2008-01-31 23:25 <REP> d-------- C:\Program Files\Windows Live
2008-01-29 11:02 . 2008-01-29 11:02 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2008-01-29 10:49 . 2008-01-29 10:49 <REP> d-------- C:\Program Files\Codemasters
2008-01-25 22:46 . 2008-01-25 22:46 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-25 22:29 . 2008-01-25 22:29 <REP> d-------- C:\Program Files\LucasArts
2008-01-25 15:07 . 2008-01-25 15:07 268 --ah----- C:\sqmdata00.sqm
2008-01-25 15:07 . 2008-01-25 15:07 244 --ah----- C:\sqmnoopt00.sqm
2008-01-25 14:18 . 2008-01-25 14:18 <REP> d-------- C:\Program Files\Firaxis Games
2008-01-25 14:17 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-23 13:55 . 2008-01-23 15:02 <REP> d-------- C:\Program Files\Bullfrog
2008-01-23 12:44 . 2008-01-23 12:44 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-23 08:28 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-23 08:28 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-23 08:28 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-23 00:28 . 2008-01-23 00:28 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-23 00:22 . 2008-01-23 00:27 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-23 00:21 . 2008-01-31 23:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-21 18:58 . 2008-01-21 18:58 379 --a------ C:\WINDOWS\ODBC.INI
2008-01-21 18:56 . 2008-01-21 18:56 <REP> d-------- C:\WINDOWS\ShellNew
2008-01-21 15:30 . 2008-01-21 15:30 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-01-21 01:46 . 2008-01-20 18:23 <REP> d-------- C:\WINDOWS\I386
2008-01-21 01:01 . 2004-08-05 04:00 2,178,131 --a------ C:\WINDOWS\system32\dllcache\shvlres.dll
2008-01-21 01:00 . 2004-08-05 04:00 4,399,505 --a------ C:\WINDOWS\system32\dllcache\nls302en.lex
2008-01-21 00:59 . 2006-11-01 20:18 927,504 --a------ C:\WINDOWS\system32\mfc40u.dll
2008-01-21 00:57 . 2004-08-05 04:00 3,440,660 --a------ C:\WINDOWS\system32\drivers\gm.dls
2008-01-21 00:55 . 2004-08-05 04:00 10,496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys
2008-01-21 00:55 . 2004-08-05 04:00 10,496 --a------ C:\WINDOWS\system32\dllcache\dxapi.sys
2008-01-21 00:55 . 2004-08-05 04:00 3,328 --a------ C:\WINDOWS\system32\drivers\dxgthk.sys
2008-01-21 00:55 . 2004-08-05 04:00 3,328 --a------ C:\WINDOWS\system32\dllcache\dxgthk.sys
2008-01-21 00:53 . 2004-08-05 04:00 1,817,687 --a------ C:\WINDOWS\system32\dllcache\bckgres.dll
2008-01-21 00:30 . 2004-08-05 04:00 352,256 --a------ C:\WINDOWS\system32\drivers\atmuni.sys
2008-01-20 21:58 . 2008-01-20 21:58 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-20 21:38 . 2008-02-09 16:03 1,289 --a------ C:\WINDOWS\mozver.dat
2008-01-20 20:44 . 2008-01-20 20:45 <REP> d-------- C:\Program Files\Freeplayer
2008-01-20 20:15 . 2008-01-21 12:57 1,681 --a------ C:\WINDOWS\0
2008-01-20 20:15 . 2008-01-21 12:57 220 --a------ C:\WINDOWS\False
2008-01-20 20:15 . 2008-01-21 12:57 102 --a------ C:\WINDOWS\Times New Roman
2008-01-20 20:10 . 2008-01-20 20:10 <REP> d-------- C:\Program Files\Micro Application
2008-01-20 20:08 . 2008-01-20 20:08 71 --a------ C:\WINDOWS\NAVIGMA.INI
2008-01-20 20:06 . 2008-02-01 15:12 <REP> d-------- C:\Program Files\Mindscape
2008-01-20 19:59 . 2008-02-11 14:46 <REP> d-------- C:\Program Files\eMule
2008-01-20 19:59 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-20 19:28 . 2008-01-20 19:28 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-20 19:07 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-20 18:44 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-20 18:44 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-20 18:44 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-20 18:44 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-20 18:44 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-20 18:44 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-20 18:43 . 2008-01-20 18:43 <REP> d-------- C:\Program Files\Alwil Software
2008-01-20 18:43 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-20 18:43 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-20 18:33 . 2008-01-20 18:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-20 18:26 . 2008-01-20 18:26 <REP> d-------- C:\Program Files\COMODO
2008-01-20 18:26 . 2008-01-20 18:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-01-20 18:26 . 2008-01-20 18:26 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2008-01-20 18:26 . 2008-01-20 18:26 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-01-20 18:26 . 2008-01-20 18:26 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-01-20 18:23 . 2004-08-05 04:00 263,488 -r-hs---- C:\cmldr
2008-01-20 18:14 . 2004-08-05 19:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-20 18:13 . 2008-01-20 18:13 1,847 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EC659AA-ABF w5129.fr_YC_0Pavi_QCZB530_E53FRheBLU2_47_IAMETHYST-M_SMSI_V1.0_B3.20_T050708_WXH2_L40C_M511_J120_7AMD_8Athlon 64_91.99_#080120_N10EC8139_Z_G10DE0161_OLITE-ON DVDRW SOHW-1633S_DGRE0000.MRK
2008-01-20 18:12 . 2005-01-02 06:10 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-01-20 18:12 . 2005-01-02 06:28 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-01-20 18:12 . 2005-01-02 06:20 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-01-20 18:12 . 2005-01-02 06:07 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intervideo
2008-01-20 18:12 . 2005-01-02 06:10 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer
2008-01-20 18:11 . 2005-01-02 06:10 <REP> d-------- C:\Documents and Settings\Default User\WINDOWS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 18:19 7,680 ----a-w C:\WINDOWS\~INSX462.EXE
2008-02-06 18:19 242,176 ----a-w C:\WINDOWS\~INSX362.EXE
2008-02-05 22:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-01 14:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 18:59 --------- d-----w C:\Program Files\Java
2008-01-20 17:24 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-20 17:23 --------- d-----w C:\Program Files\Easy Internet signup
2008-01-20 17:22 --------- d-----w C:\Program Files\Symantec
2008-01-20 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-20 17:13 1,847 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_EC659AA-ABF w5129.fr_YC_0Pavi_QCZB530_E53FRheBLU2_47_IAMETHYST-M_SMSI_V1.0_B3.20_T050708_WXH2_L40C_M511_J120_7AMD_8Athlon 64_91.99_#080120_N10EC8139_Z_G10DE0161_OLITE-ON DVDRW SOHW-1633S_DGRE0000.MRK
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:20 222080]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 15:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 15:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 23:44 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-01-20 18:26 1481472]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 23:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 2004-06-07 19:43 659456 C:\WINDOWS\system32\hphmon06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 19:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-01-20 18:26]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-01-20 18:26]
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-10-27 21:40]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-10-24 16:35]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-20 17:23:32 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
ComboFix 08-02-11.2 - HP_Propriétaire 2008-02-11 15:45:14.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.255 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\combogay.exe
* Création d'un nouveau point de restauration
.
[color=purple]The following files were disabled during the run:[/color]
C:\WINDOWS\system32\guard32.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\cbxvvts.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\awvtu.dll
C:\WINDOWS\system32\cbxvvts.dll
C:\WINDOWS\system32\utvwa.ini
C:\WINDOWS\system32\utvwa.ini2
F:\Autorun.inf
----- BITS: Possible sites infect‚s -----
hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))
.
2008-02-11 14:00 . 2008-02-11 14:01 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-11 13:47 . 2008-02-11 14:20 <REP> d-------- C:\SDFix
2008-02-09 13:34 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-02-09 13:34 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-02-09 13:32 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-02-09 13:32 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-02-09 00:54 . 2008-02-09 00:54 <REP> d-------- C:\WINDOWS\Sun
2008-02-07 23:47 . 2008-02-07 23:47 824 --a------ C:\WINDOWS\QT$INST$.~32
2008-02-07 23:47 . 2008-02-07 23:47 30 --a------ C:\WINDOWS\RESULT.QTW
2008-02-07 15:23 . 2008-02-07 15:23 <REP> d-------- C:\Program Files\AngelSmile
2008-02-06 23:19 . 2008-02-07 23:08 <REP> d-------- C:\Program Files\Video Strip Poker Supreme
2008-02-06 23:19 . 2008-02-08 00:47 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-06 20:06 . 2008-02-06 20:06 <REP> d-------- C:\Program Files\Pokai Software
2008-02-06 20:05 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
2008-02-06 19:49 . 1997-02-14 18:58 313,344 --a------ C:\WINDOWS\IsUn0407.exe
2008-02-06 19:26 . 2008-02-06 19:26 30,544 --a------ C:\WINDOWS\dirdib.drv
2008-02-06 19:19 . 2008-02-06 19:19 242,176 --a------ C:\WINDOWS\~INSX362.EXE
2008-02-06 19:19 . 2008-02-06 19:19 7,680 --a------ C:\WINDOWS\~INSX462.EXE
2008-02-06 19:19 . 2008-02-06 19:19 2,789 --a------ C:\WINDOWS\INSTALL.INS
2008-02-06 19:17 . 2008-02-07 18:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-06 19:17 . 2008-02-06 19:17 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 19:30 . 2008-02-04 19:32 <REP> d-------- C:\Program Files\Fichiers communs\3DO Shared
2008-02-04 19:30 . 2008-02-04 19:30 <REP> d-------- C:\Program Files\3DO
2008-02-04 16:39 . 2008-02-09 15:17 495 --a------ C:\WINDOWS\vsp.ini
2008-02-04 16:38 . 2008-02-09 15:17 <REP> d-------- C:\Program Files\Video Strip Poker
2008-02-04 16:35 . 2008-02-04 16:35 <REP> d-------- C:\Program Files\Alcohol Soft
2008-02-04 16:32 . 2008-02-04 16:32 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-02-04 16:03 . 2008-02-04 16:04 <REP> d-------- C:\Program Files\ISOpen
2008-02-04 12:50 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2008-02-04 12:50 . 2001-08-17 22:55 6,144 --a------ C:\WINDOWS\system32\dllcache\kbd101b.dll
2008-02-01 19:03 . 2008-02-01 19:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-01 13:25 . 2008-02-01 13:25 715 --a------ C:\WINDOWS\ST4UNST.000
2008-01-31 23:22 . 2008-01-31 23:25 <REP> d-------- C:\Program Files\Windows Live
2008-01-29 11:02 . 2008-01-29 11:02 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2008-01-29 10:49 . 2008-01-29 10:49 <REP> d-------- C:\Program Files\Codemasters
2008-01-25 22:46 . 2008-01-25 22:46 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-25 22:29 . 2008-01-25 22:29 <REP> d-------- C:\Program Files\LucasArts
2008-01-25 15:07 . 2008-01-25 15:07 268 --ah----- C:\sqmdata00.sqm
2008-01-25 15:07 . 2008-01-25 15:07 244 --ah----- C:\sqmnoopt00.sqm
2008-01-25 14:18 . 2008-01-25 14:18 <REP> d-------- C:\Program Files\Firaxis Games
2008-01-25 14:17 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-23 13:55 . 2008-01-23 15:02 <REP> d-------- C:\Program Files\Bullfrog
2008-01-23 12:44 . 2008-01-23 12:44 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-23 08:28 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-23 08:28 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-23 08:28 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-23 00:28 . 2008-01-23 00:28 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-01-23 00:22 . 2008-01-23 00:27 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-23 00:21 . 2008-01-31 23:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-21 18:58 . 2008-01-21 18:58 379 --a------ C:\WINDOWS\ODBC.INI
2008-01-21 18:56 . 2008-01-21 18:56 <REP> d-------- C:\WINDOWS\ShellNew
2008-01-21 15:30 . 2008-01-21 15:30 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-01-21 01:46 . 2008-01-20 18:23 <REP> d-------- C:\WINDOWS\I386
2008-01-21 01:01 . 2004-08-05 04:00 2,178,131 --a------ C:\WINDOWS\system32\dllcache\shvlres.dll
2008-01-21 01:00 . 2004-08-05 04:00 4,399,505 --a------ C:\WINDOWS\system32\dllcache\nls302en.lex
2008-01-21 00:59 . 2006-11-01 20:18 927,504 --a------ C:\WINDOWS\system32\mfc40u.dll
2008-01-21 00:57 . 2004-08-05 04:00 3,440,660 --a------ C:\WINDOWS\system32\drivers\gm.dls
2008-01-21 00:55 . 2004-08-05 04:00 10,496 --a------ C:\WINDOWS\system32\drivers\dxapi.sys
2008-01-21 00:55 . 2004-08-05 04:00 10,496 --a------ C:\WINDOWS\system32\dllcache\dxapi.sys
2008-01-21 00:55 . 2004-08-05 04:00 3,328 --a------ C:\WINDOWS\system32\drivers\dxgthk.sys
2008-01-21 00:55 . 2004-08-05 04:00 3,328 --a------ C:\WINDOWS\system32\dllcache\dxgthk.sys
2008-01-21 00:53 . 2004-08-05 04:00 1,817,687 --a------ C:\WINDOWS\system32\dllcache\bckgres.dll
2008-01-21 00:30 . 2004-08-05 04:00 352,256 --a------ C:\WINDOWS\system32\drivers\atmuni.sys
2008-01-20 21:58 . 2008-01-20 21:58 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-20 21:38 . 2008-02-09 16:03 1,289 --a------ C:\WINDOWS\mozver.dat
2008-01-20 20:44 . 2008-01-20 20:45 <REP> d-------- C:\Program Files\Freeplayer
2008-01-20 20:15 . 2008-01-21 12:57 1,681 --a------ C:\WINDOWS\0
2008-01-20 20:15 . 2008-01-21 12:57 220 --a------ C:\WINDOWS\False
2008-01-20 20:15 . 2008-01-21 12:57 102 --a------ C:\WINDOWS\Times New Roman
2008-01-20 20:10 . 2008-01-20 20:10 <REP> d-------- C:\Program Files\Micro Application
2008-01-20 20:08 . 2008-01-20 20:08 71 --a------ C:\WINDOWS\NAVIGMA.INI
2008-01-20 20:06 . 2008-02-01 15:12 <REP> d-------- C:\Program Files\Mindscape
2008-01-20 19:59 . 2008-02-11 14:46 <REP> d-------- C:\Program Files\eMule
2008-01-20 19:59 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-01-20 19:28 . 2008-01-20 19:28 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-20 19:07 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-20 18:44 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-20 18:44 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-20 18:44 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-20 18:44 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-20 18:44 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-20 18:44 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-20 18:43 . 2008-01-20 18:43 <REP> d-------- C:\Program Files\Alwil Software
2008-01-20 18:43 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-20 18:43 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-20 18:33 . 2008-01-20 18:33 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-20 18:26 . 2008-01-20 18:26 <REP> d-------- C:\Program Files\COMODO
2008-01-20 18:26 . 2008-01-20 18:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-01-20 18:26 . 2008-01-20 18:26 139,008 --a------ C:\WINDOWS\system32\guard32.dll.vir
2008-01-20 18:26 . 2008-01-20 18:26 81,272 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-01-20 18:26 . 2008-01-20 18:26 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-01-20 18:23 . 2004-08-05 04:00 263,488 -r-hs---- C:\cmldr
2008-01-20 18:14 . 2004-08-05 19:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-20 18:13 . 2008-01-20 18:13 1,847 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_CPC_EC659AA-ABF w5129.fr_YC_0Pavi_QCZB530_E53FRheBLU2_47_IAMETHYST-M_SMSI_V1.0_B3.20_T050708_WXH2_L40C_M511_J120_7AMD_8Athlon 64_91.99_#080120_N10EC8139_Z_G10DE0161_OLITE-ON DVDRW SOHW-1633S_DGRE0000.MRK
2008-01-20 18:12 . 2005-01-02 06:10 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\WINDOWS
2008-01-20 18:12 . 2005-01-02 06:28 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec
2008-01-20 18:12 . 2005-01-02 06:20 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\SampleView
2008-01-20 18:12 . 2005-01-02 06:07 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Intervideo
2008-01-20 18:12 . 2005-01-02 06:10 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer
2008-01-20 18:11 . 2005-01-02 06:10 <REP> d-------- C:\Documents and Settings\Default User\WINDOWS
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-06 18:19 7,680 ----a-w C:\WINDOWS\~INSX462.EXE
2008-02-06 18:19 242,176 ----a-w C:\WINDOWS\~INSX362.EXE
2008-02-05 22:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-02-01 14:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 18:59 --------- d-----w C:\Program Files\Java
2008-01-20 17:24 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-01-20 17:23 --------- d-----w C:\Program Files\Easy Internet signup
2008-01-20 17:22 --------- d-----w C:\Program Files\Symantec
2008-01-20 17:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-20 17:13 1,847 --sha-r C:\WINDOWS\system32\drivers\103C_HP_CPC_EC659AA-ABF w5129.fr_YC_0Pavi_QCZB530_E53FRheBLU2_47_IAMETHYST-M_SMSI_V1.0_B3.20_T050708_WXH2_L40C_M511_J120_7AMD_8Athlon 64_91.99_#080120_N10EC8139_Z_G10DE0161_OLITE-ON DVDRW SOHW-1633S_DGRE0000.MRK
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:20 222080]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 15:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 15:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 15:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 23:44 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 22:17 90112]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-01-20 18:26 1481472]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 23:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 23:50 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 2004-06-07 19:43 659456 C:\WINDOWS\system32\hphmon06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-06-07 19:53 49152 c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 21:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINREMOTE]
C:\Program Files\InterVideo\Common\Bin\WinRemote.exe
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-01-20 18:26]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-01-20 18:26]
R3 Cap7134;ASUS TV7134 WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2004-10-27 21:40]
R3 PhTVTune;ASUS WDM TV Tuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2004-10-24 16:35]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-20 17:23:32 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
squeaky
Messages postés
12
Date d'inscription
lundi 11 février 2008
Statut
Membre
Dernière intervention
14 février 2008
11 févr. 2008 à 16:03
11 févr. 2008 à 16:03
Pardon j'ai oublier hijackthis , voila le deuxieme rapport de highjackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01, on 2008-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:01, on 2008-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 févr. 2008 à 16:03
11 févr. 2008 à 16:03
Salut,
tu as passé sdfix?
tu as le rapport?
peux tu poste un nouveau hijack this
@+
tu as passé sdfix?
tu as le rapport?
peux tu poste un nouveau hijack this
@+
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 févr. 2008 à 16:16
11 févr. 2008 à 16:16
Re,
tu as passé sdfix?
tu as le rapport?
C´est quoi ces programme, tu les a cracké?
C:\Program Files\AngelSmile
C:\Program Files\Video Strip Poker Supreme
C:\Program Files\Video Strip Poker
@+
tu as passé sdfix?
tu as le rapport?
C´est quoi ces programme, tu les a cracké?
C:\Program Files\AngelSmile
C:\Program Files\Video Strip Poker Supreme
C:\Program Files\Video Strip Poker
@+
squeaky
Messages postés
12
Date d'inscription
lundi 11 février 2008
Statut
Membre
Dernière intervention
14 février 2008
11 févr. 2008 à 17:20
11 févr. 2008 à 17:20
j'ai passer sdfix avant de lancer combofix et une deuxième fois après voila le deuxième rapport sdfix :
SDFix: Version 1.141
Run by HP_Propriétaire on 2008-02-11 at 16:57
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 17:08:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:ef,ca,c0,71,69,4c,b6,d4,a3,11,df,51,d1,b6,65,cc,6f,85,d2,c2,c6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:ef,ca,c0,71,69,4c,b6,d4,a3,11,df,51,d1,b6,65,cc,6f,85,d2,c2,c6,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Sun 20 Jan 2008 216 A.SHR --- "C:\BOOT.BAK"
Sat 1 Oct 2005 32 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Wed 23 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Finished!
les trois programmes :
C:\Program Files\AngelSmile
C:\Program Files\Video Strip Poker Supreme
C:\Program Files\Video Strip Poker
sont des jeux cracke , mais j'ai passer les crack au site de verification avant d'installler
SDFix: Version 1.141
Run by HP_Propriétaire on 2008-02-11 at 16:57
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 17:08:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:ef,ca,c0,71,69,4c,b6,d4,a3,11,df,51,d1,b6,65,cc,6f,85,d2,c2,c6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000000
"ujdew"=hex:ef,ca,c0,71,69,4c,b6,d4,a3,11,df,51,d1,b6,65,cc,6f,85,d2,c2,c6,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Sun 20 Jan 2008 216 A.SHR --- "C:\BOOT.BAK"
Sat 1 Oct 2005 32 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Wed 23 Jan 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Finished!
les trois programmes :
C:\Program Files\AngelSmile
C:\Program Files\Video Strip Poker Supreme
C:\Program Files\Video Strip Poker
sont des jeux cracke , mais j'ai passer les crack au site de verification avant d'installler
squeaky
Messages postés
12
Date d'inscription
lundi 11 février 2008
Statut
Membre
Dernière intervention
14 février 2008
11 févr. 2008 à 20:25
11 févr. 2008 à 20:25
Voila j'ai installer antivir est j'ai fait un scan .Est-ce que ce programme est payant ? La raison pour laquelle j'utilise avast est que c'est gratuit. Voila le raport de antivir :
AntiVir PersonalEdition Classic
Report file date: 2008-02-11 18:45
Scanning for 1099264 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: NOM-EB85C523610
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 17:40:51
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 17:40:51
ANTIVIR3.VDF : 7.0.2.120 38912 Bytes 2008-02-11 17:40:51
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2008-02-11 17:40:52
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-11 17:40:52
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: 2008-02-11 18:45
Starting search for hidden objects.
'41475' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'KBD.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Propriétaire\Bureau\backups\backup-20080211-022132-545.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\87CH6MH8\tr[1]
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was deleted!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\hctp[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\Program Files\eMule\Temp\001.part
[0] Archive type: RAR
--> Video Strip Poker\NoCD\main.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was deleted!
C:\QooBox\Quarantine\catchme2008-02-11_155533.32.zip
[0] Archive type: ZIP
--> 4fdw.dll
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> cbxvvts.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\cbxvvts.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010746.exe
[DETECTION] Is the Trojan horse TR/PSW.Sinowal.GJ.13
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010747.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010748.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010749.exe
[DETECTION] Contains detection pattern of the dropper DR/Dldr.Small.ieg
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010750.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.DDT.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013379.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014212.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'E:\' <my documents>
E:\My Documents\icon\msn smiley\animals\bear\Tatty%20Bear%207.jpg
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[INFO] The file was deleted!
E:\System Volume Information\_restore{ECD68DB3-A6B0-4315-A563-B3341DD985E6}\RP40\A0015452.exe
[DETECTION] Contains detection pattern of the dropper DR/Aureate.A.15
[INFO] The file was deleted!
Begin scan in 'F:\' <HP_RECOVERY>
End of the scan: 2008-02-11 20:20
Used time: 1:35:19 min
The scan has been done completely.
7204 Scanning directories
417363 Files were scanned
16 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
16 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
417347 Files not concerned
16640 Archives were scanned
3 Warnings
46 Notes
41475 Objects were scanned with rootkit scan
0 Hidden objects were found
AntiVir PersonalEdition Classic
Report file date: 2008-02-11 18:45
Scanning for 1099264 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: NOM-EB85C523610
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 17:40:51
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 17:40:51
ANTIVIR3.VDF : 7.0.2.120 38912 Bytes 2008-02-11 17:40:51
AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2008-02-11 17:40:52
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-11 17:40:52
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: 2008-02-11 18:45
Starting search for hidden objects.
'41475' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'KBD.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Propriétaire\Bureau\backups\backup-20080211-022132-545.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\87CH6MH8\tr[1]
[DETECTION] Is the Trojan horse TR/Vundo.DWB
[INFO] The file was deleted!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\YL8NKZMV\hctp[1]
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\Program Files\eMule\Temp\001.part
[0] Archive type: RAR
--> Video Strip Poker\NoCD\main.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was deleted!
C:\QooBox\Quarantine\catchme2008-02-11_155533.32.zip
[0] Archive type: ZIP
--> 4fdw.dll
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> cbxvvts.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\awvtu.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\cbxvvts.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010746.exe
[DETECTION] Is the Trojan horse TR/PSW.Sinowal.GJ.13
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010747.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010748.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010749.exe
[DETECTION] Contains detection pattern of the dropper DR/Dldr.Small.ieg
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010750.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.DDT.1
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013379.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014212.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'E:\' <my documents>
E:\My Documents\icon\msn smiley\animals\bear\Tatty%20Bear%207.jpg
[DETECTION] Is the Trojan horse TR/Spy.Banker.vk.1
[INFO] The file was deleted!
E:\System Volume Information\_restore{ECD68DB3-A6B0-4315-A563-B3341DD985E6}\RP40\A0015452.exe
[DETECTION] Contains detection pattern of the dropper DR/Aureate.A.15
[INFO] The file was deleted!
Begin scan in 'F:\' <HP_RECOVERY>
End of the scan: 2008-02-11 20:20
Used time: 1:35:19 min
The scan has been done completely.
7204 Scanning directories
417363 Files were scanned
16 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
16 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
417347 Files not concerned
16640 Archives were scanned
3 Warnings
46 Notes
41475 Objects were scanned with rootkit scan
0 Hidden objects were found
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 févr. 2008 à 20:33
11 févr. 2008 à 20:33
Ok.
Oui antivir est gratuit.
tu voie comme je t´avais dis :
C:\Program Files\eMule\Temp\001.part
[0] Archive type: RAR
--> Video Strip Poker\NoCD\main.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was deleted!
Vide tes fichiers temporaires avec ceci:
->Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
->aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
click sur option et décoche la case devant : delete prefect files
vide le manuellement :
:: Le contenu du dossier prefetch ::
* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini
* Ne pas oublier de vider la corbeille !
redemarre le pc
repost un hijack this stp
@+
Oui antivir est gratuit.
tu voie comme je t´avais dis :
C:\Program Files\eMule\Temp\001.part
[0] Archive type: RAR
--> Video Strip Poker\NoCD\main.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was deleted!
Vide tes fichiers temporaires avec ceci:
->Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
->aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm
click sur option et décoche la case devant : delete prefect files
vide le manuellement :
:: Le contenu du dossier prefetch ::
* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini
* Ne pas oublier de vider la corbeille !
redemarre le pc
repost un hijack this stp
@+
squeaky
Messages postés
12
Date d'inscription
lundi 11 février 2008
Statut
Membre
Dernière intervention
14 février 2008
11 févr. 2008 à 20:51
11 févr. 2008 à 20:51
Voila le log highjackthis que tu m'as demander :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50, on 2008-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50, on 2008-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
squeaky
Messages postés
12
Date d'inscription
lundi 11 février 2008
Statut
Membre
Dernière intervention
14 février 2008
11 févr. 2008 à 20:51
11 févr. 2008 à 20:51
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:50, on 2008-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
Scan saved at 20:50, on 2008-02-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\COMODO\Firewall\cfp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Propriétaire\Bureau\scanner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
11 févr. 2008 à 21:09
11 févr. 2008 à 21:09
Re,
Le mieux serait de faire un scan en ligne pour verifier que tout est rentré dans l´ordre.
Scan en ligne bitdefender :
https://www.bitdefender.com/toolbox/
Clicker sur " I agree " et suivre les indications
A faire imperativement sous internet explorer, en acceptant l´activ x
tutoriel en image en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
Post le rapport ici stp
@´+
Le mieux serait de faire un scan en ligne pour verifier que tout est rentré dans l´ordre.
Scan en ligne bitdefender :
https://www.bitdefender.com/toolbox/
Clicker sur " I agree " et suivre les indications
A faire imperativement sous internet explorer, en acceptant l´activ x
tutoriel en image en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
Post le rapport ici stp
@´+
squeaky
Messages postés
12
Date d'inscription
lundi 11 février 2008
Statut
Membre
Dernière intervention
14 février 2008
13 févr. 2008 à 17:41
13 févr. 2008 à 17:41
Sa a pris un certain temps mais voila le résultat du scan que tu m'as demander :
BitDefender Online Scanner
Scan report generated at: Tue, Feb 12, 2008 - 12:49:57
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;
Statistics
Time
01:41:40
Files
385083
Folders
7377
Boot Sectors
6
Archives
17588
Packed Files
21029
Results
Identified Viruses
2
Infected Files
7
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
7
Engines Info
Virus Definitions
980430
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)=>zlib_nsis0076
Detected with: Application.Vsp.Poker.A
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)=>zlib_nsis0076
Disinfection failed
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)=>zlib_nsis0076
Deleted
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)
Update failed
C:\Program Files\Video Strip Poker\update.exe
Detected with: Application.Vsp.Poker.A
C:\Program Files\Video Strip Poker\update.exe
Disinfection failed
C:\Program Files\Video Strip Poker\update.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP38\A0010585.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP38\A0010585.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP38\A0010585.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010767.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010767.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010767.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP40\A0011512.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP40\A0011512.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP40\A0011512.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013378.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013378.dll
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013378.dll
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014525.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014525.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014525.exe
Deleted
BitDefender Online Scanner
Scan report generated at: Tue, Feb 12, 2008 - 12:49:57
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;
Statistics
Time
01:41:40
Files
385083
Folders
7377
Boot Sectors
6
Archives
17588
Packed Files
21029
Results
Identified Viruses
2
Infected Files
7
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
7
Engines Info
Virus Definitions
980430
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)=>zlib_nsis0076
Detected with: Application.Vsp.Poker.A
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)=>zlib_nsis0076
Disinfection failed
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)=>zlib_nsis0076
Deleted
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)
Update failed
C:\Program Files\Video Strip Poker\update.exe
Detected with: Application.Vsp.Poker.A
C:\Program Files\Video Strip Poker\update.exe
Disinfection failed
C:\Program Files\Video Strip Poker\update.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP38\A0010585.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP38\A0010585.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP38\A0010585.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010767.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010767.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010767.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP40\A0011512.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP40\A0011512.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP40\A0011512.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013378.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013378.dll
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013378.dll
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014525.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014525.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014525.exe
Deleted
squeaky
Messages postés
12
Date d'inscription
lundi 11 février 2008
Statut
Membre
Dernière intervention
14 février 2008
13 févr. 2008 à 17:42
13 févr. 2008 à 17:42
Sa a pris un certain temps mais voila le résultat du scan que tu m'as demandé
BitDefender Online Scanner
Scan report generated at: Tue, Feb 12, 2008 - 12:49:57
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;
Statistics
Time
01:41:40
Files
385083
Folders
7377
Boot Sectors
6
Archives
17588
Packed Files
21029
Results
Identified Viruses
2
Infected Files
7
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
7
Engines Info
Virus Definitions
980430
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)=>zlib_nsis0076
Detected with: Application.Vsp.Poker.A
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)=>zlib_nsis0076
Disinfection failed
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)=>zlib_nsis0076
Deleted
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)
Update failed
C:\Program Files\Video Strip Poker\update.exe
Detected with: Application.Vsp.Poker.A
C:\Program Files\Video Strip Poker\update.exe
Disinfection failed
C:\Program Files\Video Strip Poker\update.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP38\A0010585.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP38\A0010585.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP38\A0010585.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010767.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010767.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010767.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP40\A0011512.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP40\A0011512.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP40\A0011512.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013378.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013378.dll
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013378.dll
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014525.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014525.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014525.exe
Deleted
BitDefender Online Scanner
Scan report generated at: Tue, Feb 12, 2008 - 12:49:57
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;L:\;
Statistics
Time
01:41:40
Files
385083
Folders
7377
Boot Sectors
6
Archives
17588
Packed Files
21029
Results
Identified Viruses
2
Infected Files
7
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
7
Engines Info
Virus Definitions
980430
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
16
Archive plugins
41
Unpack plugins
7
E-mail plugins
6
System plugins
5
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)=>zlib_nsis0076
Detected with: Application.Vsp.Poker.A
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)=>zlib_nsis0076
Disinfection failed
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)=>zlib_nsis0076
Deleted
C:\Program Files\eMule\Incoming\Video.Strip.Poker.1.43.-.Upgrade.+.Cura.zip=>vsp_upgrade_143.exe=>(NSIS o)
Update failed
C:\Program Files\Video Strip Poker\update.exe
Detected with: Application.Vsp.Poker.A
C:\Program Files\Video Strip Poker\update.exe
Disinfection failed
C:\Program Files\Video Strip Poker\update.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP38\A0010585.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP38\A0010585.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP38\A0010585.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010767.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010767.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP39\A0010767.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP40\A0011512.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP40\A0011512.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP40\A0011512.exe
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013378.dll
Infected with: Trojan.Vundo.Gen.2
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013378.dll
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP44\A0013378.dll
Deleted
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014525.exe
Detected with: Application.Vsp.Poker.A
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014525.exe
Disinfection failed
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP46\A0014525.exe
Deleted
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
13 févr. 2008 à 21:47
13 févr. 2008 à 21:47
salut squeaky,
supprime ces programmes :
C:\Program Files\AngelSmile
C:\Program Files\Video Strip Poker Supreme
C:\Program Files\Video Strip Poker
suppime les dossiers temporaires d´emule les concernant et les fichiers zippés egalement dans ton dossier incomming
refais un scan a l´aide d´antivir et post le resultat ici
@+
supprime ces programmes :
C:\Program Files\AngelSmile
C:\Program Files\Video Strip Poker Supreme
C:\Program Files\Video Strip Poker
suppime les dossiers temporaires d´emule les concernant et les fichiers zippés egalement dans ton dossier incomming
refais un scan a l´aide d´antivir et post le resultat ici
@+
squeaky
Messages postés
12
Date d'inscription
lundi 11 février 2008
Statut
Membre
Dernière intervention
14 février 2008
14 févr. 2008 à 12:06
14 févr. 2008 à 12:06
Je crois que c'est bon il est clean merci beaucoup pour ton aide , voila le dernier scan :
AntiVir PersonalEdition Classic
Report file date: 2008-02-13 21:59
Scanning for 1107929 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: NOM-EB85C523610
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 17:40:51
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 17:40:51
ANTIVIR3.VDF : 7.0.2.133 166400 Bytes 2008-02-13 17:41:17
AVEWIN32.DLL : 7.6.0.65 3240448 Bytes 2008-02-13 17:41:17
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-11 17:40:52
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: 2008-02-13 21:59
Starting search for hidden objects.
'40330' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'KBD.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'E:\' <my documents>
Begin scan in 'F:\' <HP_RECOVERY>
End of the scan: 2008-02-14 01:41
Used time: 3:41:52 min
The scan has been done completely.
7175 Scanning directories
413804 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
413804 Files not concerned
16575 Archives were scanned
3 Warnings
45 Notes
40330 Objects were scanned with rootkit scan
0 Hidden objects were found
AntiVir PersonalEdition Classic
Report file date: 2008-02-13 21:59
Scanning for 1107929 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: NOM-EB85C523610
Version information:
BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 17:40:51
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 2008-02-08 17:40:51
ANTIVIR3.VDF : 7.0.2.133 166400 Bytes 2008-02-13 17:41:17
AVEWIN32.DLL : 7.6.0.65 3240448 Bytes 2008-02-13 17:41:17
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-11 17:40:52
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: 2008-02-13 21:59
Starting search for hidden objects.
'40330' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'KBD.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
Master boot sector HD2
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD3
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD4
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Master boot sector HD5
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'E:\' <my documents>
Begin scan in 'F:\' <HP_RECOVERY>
End of the scan: 2008-02-14 01:41
Used time: 3:41:52 min
The scan has been done completely.
7175 Scanning directories
413804 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
413804 Files not concerned
16575 Archives were scanned
3 Warnings
45 Notes
40330 Objects were scanned with rootkit scan
0 Hidden objects were found
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
14 févr. 2008 à 15:57
14 févr. 2008 à 15:57
Salut squeaky,
Oui ca me parait bien ;-)
Je mets le probleme en reolu.
Bye`
Oui ca me parait bien ;-)
Je mets le probleme en reolu.
Bye`