Analyse rapport hijack
leyla1210
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
depuis quelque temps mon pc est très lent, je dois attendre parfois quelques minutes pour qu'une page s'ouvre!!!:(
je pense que c'est dû a des virus, je poste deja mon rapport hijack this.
merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:12, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\neslihan sen\Bureau\cureit.exe
C:\DOCUME~1\NESLIH~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\NESLIH~1\LOCALS~1\Temp\RarSFX0\setup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Asus Protocol Driver Control - Unknown owner - C:\WINDOWS\System32\dllcache\wingptd.exe (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
depuis quelque temps mon pc est très lent, je dois attendre parfois quelques minutes pour qu'une page s'ouvre!!!:(
je pense que c'est dû a des virus, je poste deja mon rapport hijack this.
merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:00:12, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\neslihan sen\Bureau\cureit.exe
C:\DOCUME~1\NESLIH~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\NESLIH~1\LOCALS~1\Temp\RarSFX0\setup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Asus Protocol Driver Control - Unknown owner - C:\WINDOWS\System32\dllcache\wingptd.exe (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:
- Analyse rapport hijack
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
- Un exemple de rapport de travail ✓ - Forum Word
- Analyse performance pc - Guide
- Plan rapport de stage - Guide
3 réponses
slt,
analyse sur virus total ces deux fichiers et colle les rapports: https://www.virustotal.com/gui/
C:\DOCUME~1\NESLIH~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\NESLIH~1\LOCALS~1\Temp\RarSFX0\setup.exe
_______
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois les erreurs/registre) sans installer la barre yahoo
https://www.01net.com/
_______
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_________
colle un rapport avec antivir que tu as
analyse sur virus total ces deux fichiers et colle les rapports: https://www.virustotal.com/gui/
C:\DOCUME~1\NESLIH~1\LOCALS~1\Temp\RarSFX0\_start.exe
C:\DOCUME~1\NESLIH~1\LOCALS~1\Temp\RarSFX0\setup.exe
_______
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois les erreurs/registre) sans installer la barre yahoo
https://www.01net.com/
_______
combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
_________
colle un rapport avec antivir que tu as
slt,
voici les rapports virus total:
Fichier _start.exe reçu le 2008.02.22 14:47:40 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 2.
L'heure estimée de démarrage est entre 41 et 59 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.22.0 2008.02.22 -
AntiVir 7.6.0.67 2008.02.22 -
Authentium 4.93.8 2008.02.22 -
Avast 4.7.1098.0 2008.02.21 -
AVG 7.5.0.516 2008.02.22 -
BitDefender 7.2 2008.02.22 -
CAT-QuickHeal 9.50 2008.02.21 -
ClamAV None 2008.02.22 -
DrWeb 4.44.0.09170 2008.02.22 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5555 2008.02.22 -
Ewido 4.0 2008.02.22 -
FileAdvisor 1 2008.02.22 -
Fortinet 3.14.0.0 2008.02.22 -
F-Prot 4.4.2.54 2008.02.22 -
F-Secure 6.70.13260.0 2008.02.22 -
Ikarus T3.1.1.20 2008.02.22 -
Kaspersky 7.0.0.125 2008.02.22 -
McAfee 5235 2008.02.21 -
Microsoft 1.3204 2008.02.22 -
NOD32v2 2895 2008.02.22 -
Norman 5.80.02 2008.02.22 -
Panda 9.0.0.4 2008.02.21 -
Prevx1 V2 2008.02.22 -
Rising 20.32.42.00 2008.02.22 -
Sophos 4.26.0 2008.02.22 -
Sunbelt 3.0.890.0 2008.02.22 -
Symantec 10 2008.02.22 -
TheHacker 6.2.9.226 2008.02.22 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.21 -
Webwasher-Gateway 6.6.2 2008.02.22 -
Information additionnelle
File size: 116024 bytes
MD5: 614b170243339f535035cfa766905178
SHA1: 4d945246e845a000a580724ff02b3b7785f32c3a
PEiD: Armadillo v1.71
____________________________________________________________________________________________
Fichier setup.exe reçu le 2008.01.30 15:37:06 (CET)
Situation actuelle: terminé
Résultat: 1/32 (3.12%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious Mailer
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 1133582092386f7c03997b60d0bc2b26
SHA1: cfacb62a5f64028c0dc730bb489d8f79daedace9
SHA256: 83194aa161588933b8bf269b976b1aec5423de1453a55422069c484ed9b578fa
SHA512: f0afb26a973c711e4f2b560ba0bc264eca09c8cb95705a91e7cdb35a47a0d365 649a14f5fe72d77fcbfe4f752542e7755f460a11cf5f8646601f7206990f3f37
____________________________________________________________________________________________
rapport combo fix:
ComboFix 08-02-22.2 - neslihan sen 2008-02-22 15:06:21.1 - NTFSx86
Endroit: C:\Documents and Settings\neslihan sen\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))))))))
.
2008-02-14 17:19 . 2004-02-16 20:48 323,584 --a------ C:\WINDOWS\system32\AcShlExt.dll
2008-02-14 17:19 . 2008-02-14 17:19 571 --a------ C:\WINDOWS\system32\FeMakro.ini
2008-02-14 17:19 . 2008-02-14 17:19 497 --a------ C:\WINDOWS\system32\FeAnim.ini
2008-02-14 17:09 . 2008-02-14 17:09 <REP> d-------- C:\Program Files\Micro Application
2008-02-14 17:08 . 2008-02-14 17:08 40 --a------ C:\WINDOWS\NAVIGMA.INI
2008-02-09 21:46 . 2008-02-09 21:46 <REP> d-------- C:\Program Files\BocekYazilim
2008-02-07 20:58 . 2008-02-07 20:58 <REP> d-------- C:\Program Files\Photo Reduss' 1.0
2008-02-03 09:03 . 2008-02-03 09:03 <REP> d-------- C:\Program Files\Veoh Networks
2008-01-31 17:30 . 2004-08-19 16:09 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-31 17:30 . 2004-08-19 16:09 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-01-31 17:20 . 2007-07-19 01:39 1,278,104 --a------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-01-31 17:20 . 2007-07-19 01:43 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-01-31 17:20 . 2007-07-19 01:44 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-01-31 17:20 . 2007-07-19 01:40 416,280 --a------ C:\WINDOWS\system32\lvcodec2.dll
2008-01-31 17:20 . 2007-07-19 01:40 195,096 --a------ C:\WINDOWS\system32\lvci1110.dll
2008-01-31 17:20 . 2007-07-19 00:54 58,163 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-01-31 17:20 . 2007-07-19 01:44 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-01-31 17:20 . 2007-07-19 00:55 19,344 --a------ C:\WINDOWS\system32\Repository.reg
2008-01-31 17:20 . 2007-07-19 01:39 13,848 --a------ C:\WINDOWS\system32\drivers\lv302af.sys
2008-01-31 17:12 . 2008-01-31 17:12 <REP> d-------- C:\Program Files\Logitech
2008-01-31 17:12 . 2008-01-31 17:30 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-01-31 17:12 . 2008-01-31 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-31 17:12 . 2008-01-31 17:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-31 17:08 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-31 17:08 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-26 23:26 . 2008-01-28 03:01 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-26 23:19 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-26 21:46 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-26 21:46 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-26 21:46 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-26 21:38 . 2008-01-26 21:38 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-26 11:32 . 2008-01-26 11:32 <REP> d-------- C:\Program Files\Lavasoft
2008-01-26 11:32 . 2008-01-26 11:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-26 11:31 . 2008-01-26 11:31 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-26 11:16 . 2007-10-25 17:43 8,516,608 -----c--- C:\WINDOWS\system32\dllcache\shell32.dll
2008-01-26 11:13 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-26 10:47 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-26 10:45 . 2008-01-26 10:45 <REP> d-------- C:\WINDOWS\provisioning
2008-01-26 10:42 . 2008-01-26 10:42 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-01-26 10:36 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0/u02460_.tmp
2008-01-26 10:33 . 2008-01-26 10:33 <REP> d-------- C:\WINDOWS\EHome
2008-01-25 23:06 . 2008-01-25 23:06 <REP> d-------- C:\WINDOWS\system32\bits
2008-01-25 23:06 . 2008-02-13 12:32 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 23:05 . 2004-08-19 16:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-01-25 23:05 . 2004-08-19 16:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-01-25 23:05 . 2004-08-19 16:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-01-25 23:05 . 2004-08-19 16:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-01-25 23:01 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-01-25 23:01 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-01-25 23:01 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-01-25 23:01 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-01-25 23:01 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-25 23:01 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-01-25 23:01 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-25 23:01 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-25 23:01 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-25 20:47 . 2008-02-22 10:52 <REP> d-------- C:\Documents and Settings\neslihan sen\DoctorWeb
2008-01-25 20:26 . 2008-02-22 10:59 <REP> d-------- C:\hijackthis
2008-01-25 20:02 . 2008-01-25 20:14 10,624 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-01-25 20:01 . 2008-01-25 20:14 <REP> d-------- C:\Documents and Settings\neslihan sen\Application Data\PrevxCSI
2008-01-25 20:01 . 2008-01-25 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 11:24 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\LimeWire
2008-02-22 09:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpeakyChat
2008-02-14 16:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 16:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-10 23:19 2,669,568 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-10 23:19 1,548,288 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-01-28 21:34 1,023,488 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-01-26 22:27 1,466,880 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-01-26 10:00 --------- d-----w C:\Program Files\MSN Messenger
2008-01-25 23:33 1,400,320 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-01-25 20:01 --------- d-----w C:\Program Files\Winamp
2008-01-25 19:57 144,896 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-25 19:02 2,496,512 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-01-18 20:10 --------- d-----w C:\Program Files\LimeWire
2008-01-18 20:10 --------- d-----w C:\Program Files\Java
2008-01-18 20:09 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\uTorrent
2008-01-18 20:07 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-01-18 15:22 --------- d-----w C:\Program Files\Lx_cats
2008-01-15 21:24 --------- d-----w C:\Program Files\CASIO
2008-01-11 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-11 15:15 1,273,344 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-01-11 15:00 13,312 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-01-11 15:00 1,423,872 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-01-11 14:59 2,678,272 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-11 14:59 1,426,432 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-11 14:57 1,423,360 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-11 14:35 1,419,776 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-10 18:41 --------- d-----w C:\Program Files\Lexmark Toolbar
2008-01-10 18:39 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\5400 Series
2008-01-10 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\5400 Series
2008-01-06 11:44 --------- d-----w C:\Program Files\CCleaner
2008-01-04 20:34 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-04 20:34 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-01-04 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-01-04 20:30 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-01-04 20:25 --------- d-----w C:\Program Files\Avanquest update
2008-01-04 20:21 --------- d-----w C:\Program Files\Fichiers communs\Motorola Shared
2008-01-04 20:21 --------- d-----w C:\Program Files\Common Files
2008-01-04 20:21 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\InstallShield
2007-12-31 18:36 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\Microsoft Web Folders
2007-12-31 18:35 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-30 10:01 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-29 22:16 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\DivX
2007-12-29 22:13 --------- d-----w C:\Program Files\DivX
2007-12-29 16:12 --------- d-----w C:\Program Files\EA GAMES
2007-12-29 10:38 --------- d-----w C:\Program Files\uTorrent
2007-12-29 10:23 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\Samsung
2007-12-29 10:00 --------- d-----w C:\Program Files\Samsung
2007-12-29 00:38 14,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 00:38 1,824 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 00:38 1,244 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 00:38 1,220 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 00:36 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 00:36 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-29 00:35 --------- d-----w C:\Program Files\Zone Labs
2007-12-29 00:24 --------- d-----w C:\Program Files\Avira
2007-12-29 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2007-12-28 23:32 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-12-28 23:24 --------- d-----w C:\Program Files\Windows Journal Viewer
2007-12-28 23:22 558,142 ----a-w C:\WINDOWS\java\Packages\JL7TV13X.ZIP
2007-12-28 23:22 155,995 ----a-w C:\WINDOWS\java\Packages\YVDZD7TZ.ZIP
2007-12-28 23:21 --------- d-----w C:\Program Files\Services en ligne
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-29 01:28 249896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 19:29 35328]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 09:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
S2 Asus Protocol Driver Control;Asus Protocol Driver Control;"C:\WINDOWS\System32\dllcache\wingptd.exe" []
S3 pxark;pxark;C:\WINDOWS\System32\drivers\pxark.sys [2008-01-25 20:14]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 15:10:05
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-22 15:12:26
.
2008-02-13 21:01:40 --- E O F ---
____________________________________________________________________________________________
rapport antivir
AntiVir PersonalEdition Classic
Report file date: vendredi 22 février 2008 15:22
Scanning for 1119284 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: SEN-FV2B4OXXMLX
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 18:42:52
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 00:28:04
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 18:16:17
ANTIVIR3.VDF : 7.0.2.175 319488 Bytes 21/02/2008 17:32:37
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 15/02/2008 18:19:18
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 18:23:48
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 22 février 2008 15:22
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: vendredi 22 février 2008 15:55
Used time: 32:42 min
The scan has been canceled!
2733 Scanning directories
167876 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
167876 Files not concerned
1325 Archives were scanned
1 Warnings
7 Notes
voici les rapports virus total:
Fichier _start.exe reçu le 2008.02.22 14:47:40 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 2.
L'heure estimée de démarrage est entre 41 et 59 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.2.22.0 2008.02.22 -
AntiVir 7.6.0.67 2008.02.22 -
Authentium 4.93.8 2008.02.22 -
Avast 4.7.1098.0 2008.02.21 -
AVG 7.5.0.516 2008.02.22 -
BitDefender 7.2 2008.02.22 -
CAT-QuickHeal 9.50 2008.02.21 -
ClamAV None 2008.02.22 -
DrWeb 4.44.0.09170 2008.02.22 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5555 2008.02.22 -
Ewido 4.0 2008.02.22 -
FileAdvisor 1 2008.02.22 -
Fortinet 3.14.0.0 2008.02.22 -
F-Prot 4.4.2.54 2008.02.22 -
F-Secure 6.70.13260.0 2008.02.22 -
Ikarus T3.1.1.20 2008.02.22 -
Kaspersky 7.0.0.125 2008.02.22 -
McAfee 5235 2008.02.21 -
Microsoft 1.3204 2008.02.22 -
NOD32v2 2895 2008.02.22 -
Norman 5.80.02 2008.02.22 -
Panda 9.0.0.4 2008.02.21 -
Prevx1 V2 2008.02.22 -
Rising 20.32.42.00 2008.02.22 -
Sophos 4.26.0 2008.02.22 -
Sunbelt 3.0.890.0 2008.02.22 -
Symantec 10 2008.02.22 -
TheHacker 6.2.9.226 2008.02.22 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.21 -
Webwasher-Gateway 6.6.2 2008.02.22 -
Information additionnelle
File size: 116024 bytes
MD5: 614b170243339f535035cfa766905178
SHA1: 4d945246e845a000a580724ff02b3b7785f32c3a
PEiD: Armadillo v1.71
____________________________________________________________________________________________
Fichier setup.exe reçu le 2008.01.30 15:37:06 (CET)
Situation actuelle: terminé
Résultat: 1/32 (3.12%)
Formaté Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - Heuristic: Suspicious Mailer
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -
Information additionnelle
MD5: 1133582092386f7c03997b60d0bc2b26
SHA1: cfacb62a5f64028c0dc730bb489d8f79daedace9
SHA256: 83194aa161588933b8bf269b976b1aec5423de1453a55422069c484ed9b578fa
SHA512: f0afb26a973c711e4f2b560ba0bc264eca09c8cb95705a91e7cdb35a47a0d365 649a14f5fe72d77fcbfe4f752542e7755f460a11cf5f8646601f7206990f3f37
____________________________________________________________________________________________
rapport combo fix:
ComboFix 08-02-22.2 - neslihan sen 2008-02-22 15:06:21.1 - NTFSx86
Endroit: C:\Documents and Settings\neslihan sen\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-22 to 2008-02-22 ))))))))))))))))))))))))))))))))))))
.
2008-02-14 17:19 . 2004-02-16 20:48 323,584 --a------ C:\WINDOWS\system32\AcShlExt.dll
2008-02-14 17:19 . 2008-02-14 17:19 571 --a------ C:\WINDOWS\system32\FeMakro.ini
2008-02-14 17:19 . 2008-02-14 17:19 497 --a------ C:\WINDOWS\system32\FeAnim.ini
2008-02-14 17:09 . 2008-02-14 17:09 <REP> d-------- C:\Program Files\Micro Application
2008-02-14 17:08 . 2008-02-14 17:08 40 --a------ C:\WINDOWS\NAVIGMA.INI
2008-02-09 21:46 . 2008-02-09 21:46 <REP> d-------- C:\Program Files\BocekYazilim
2008-02-07 20:58 . 2008-02-07 20:58 <REP> d-------- C:\Program Files\Photo Reduss' 1.0
2008-02-03 09:03 . 2008-02-03 09:03 <REP> d-------- C:\Program Files\Veoh Networks
2008-01-31 17:30 . 2004-08-19 16:09 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-01-31 17:30 . 2004-08-19 16:09 54,784 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-01-31 17:20 . 2007-07-19 01:39 1,278,104 --a------ C:\WINDOWS\system32\drivers\LV302V32.SYS
2008-01-31 17:20 . 2007-07-19 01:43 490,008 --a------ C:\WINDOWS\system32\LVUI2.dll
2008-01-31 17:20 . 2007-07-19 01:44 465,432 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-01-31 17:20 . 2007-07-19 01:40 416,280 --a------ C:\WINDOWS\system32\lvcodec2.dll
2008-01-31 17:20 . 2007-07-19 01:40 195,096 --a------ C:\WINDOWS\system32\lvci1110.dll
2008-01-31 17:20 . 2007-07-19 00:54 58,163 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-01-31 17:20 . 2007-07-19 01:44 41,752 --a------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-01-31 17:20 . 2007-07-19 00:55 19,344 --a------ C:\WINDOWS\system32\Repository.reg
2008-01-31 17:20 . 2007-07-19 01:39 13,848 --a------ C:\WINDOWS\system32\drivers\lv302af.sys
2008-01-31 17:12 . 2008-01-31 17:12 <REP> d-------- C:\Program Files\Logitech
2008-01-31 17:12 . 2008-01-31 17:30 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd
2008-01-31 17:12 . 2008-01-31 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-01-31 17:12 . 2008-01-31 17:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-31 17:08 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-01-31 17:08 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-01-26 23:26 . 2008-01-28 03:01 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-26 23:19 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-01-26 21:46 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-01-26 21:46 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-01-26 21:46 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-01-26 21:38 . 2008-01-26 21:38 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-26 11:32 . 2008-01-26 11:32 <REP> d-------- C:\Program Files\Lavasoft
2008-01-26 11:32 . 2008-01-26 11:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-26 11:31 . 2008-01-26 11:31 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-26 11:16 . 2007-10-25 17:43 8,516,608 -----c--- C:\WINDOWS\system32\dllcache\shell32.dll
2008-01-26 11:13 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-01-26 10:47 . 2004-08-19 16:09 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-26 10:45 . 2008-01-26 10:45 <REP> d-------- C:\WINDOWS\provisioning
2008-01-26 10:42 . 2008-01-26 10:42 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-01-26 10:36 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\[u]0/u02460_.tmp
2008-01-26 10:33 . 2008-01-26 10:33 <REP> d-------- C:\WINDOWS\EHome
2008-01-25 23:06 . 2008-01-25 23:06 <REP> d-------- C:\WINDOWS\system32\bits
2008-01-25 23:06 . 2008-02-13 12:32 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-01-25 23:05 . 2004-08-19 16:09 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-01-25 23:05 . 2004-08-19 16:09 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-01-25 23:05 . 2004-08-19 16:09 8,192 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-01-25 23:05 . 2004-08-19 16:09 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-01-25 23:01 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-01-25 23:01 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-01-25 23:01 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-01-25 23:01 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-01-25 23:01 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-25 23:01 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-01-25 23:01 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-25 23:01 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-25 23:01 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-25 20:47 . 2008-02-22 10:52 <REP> d-------- C:\Documents and Settings\neslihan sen\DoctorWeb
2008-01-25 20:26 . 2008-02-22 10:59 <REP> d-------- C:\hijackthis
2008-01-25 20:02 . 2008-01-25 20:14 10,624 --a------ C:\WINDOWS\system32\drivers\pxark.sys
2008-01-25 20:01 . 2008-01-25 20:14 <REP> d-------- C:\Documents and Settings\neslihan sen\Application Data\PrevxCSI
2008-01-25 20:01 . 2008-01-25 20:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 11:24 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\LimeWire
2008-02-22 09:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\SpeakyChat
2008-02-14 16:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-14 16:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-02-10 23:19 2,669,568 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-02-10 23:19 1,548,288 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-01-28 21:34 1,023,488 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-01-26 22:27 1,466,880 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-01-26 10:00 --------- d-----w C:\Program Files\MSN Messenger
2008-01-25 23:33 1,400,320 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-01-25 20:01 --------- d-----w C:\Program Files\Winamp
2008-01-25 19:57 144,896 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-25 19:02 2,496,512 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-01-18 20:10 --------- d-----w C:\Program Files\LimeWire
2008-01-18 20:10 --------- d-----w C:\Program Files\Java
2008-01-18 20:09 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\uTorrent
2008-01-18 20:07 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-01-18 15:22 --------- d-----w C:\Program Files\Lx_cats
2008-01-15 21:24 --------- d-----w C:\Program Files\CASIO
2008-01-11 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-01-11 15:15 1,273,344 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-01-11 15:00 13,312 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-01-11 15:00 1,423,872 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-01-11 14:59 2,678,272 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-01-11 14:59 1,426,432 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-01-11 14:57 1,423,360 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-01-11 14:35 1,419,776 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-10 18:41 --------- d-----w C:\Program Files\Lexmark Toolbar
2008-01-10 18:39 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\5400 Series
2008-01-10 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\5400 Series
2008-01-06 11:44 --------- d-----w C:\Program Files\CCleaner
2008-01-04 20:34 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-04 20:34 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-01-04 20:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-01-04 20:30 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-01-04 20:25 --------- d-----w C:\Program Files\Avanquest update
2008-01-04 20:21 --------- d-----w C:\Program Files\Fichiers communs\Motorola Shared
2008-01-04 20:21 --------- d-----w C:\Program Files\Common Files
2008-01-04 20:21 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\InstallShield
2007-12-31 18:36 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\Microsoft Web Folders
2007-12-31 18:35 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-30 10:01 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-12-29 22:16 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\DivX
2007-12-29 22:13 --------- d-----w C:\Program Files\DivX
2007-12-29 16:12 --------- d-----w C:\Program Files\EA GAMES
2007-12-29 10:38 --------- d-----w C:\Program Files\uTorrent
2007-12-29 10:23 --------- d-----w C:\Documents and Settings\neslihan sen\Application Data\Samsung
2007-12-29 10:00 --------- d-----w C:\Program Files\Samsung
2007-12-29 00:38 14,368 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-29 00:38 1,824 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-29 00:38 1,244 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-29 00:38 1,220 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-29 00:36 75,932 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2007-12-29 00:36 74,396 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2007-12-29 00:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-29 00:35 --------- d-----w C:\Program Files\Zone Labs
2007-12-29 00:24 --------- d-----w C:\Program Files\Avira
2007-12-29 00:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2007-12-28 23:32 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-12-28 23:24 --------- d-----w C:\Program Files\Windows Journal Viewer
2007-12-28 23:22 558,142 ----a-w C:\WINDOWS\java\Packages\JL7TV13X.ZIP
2007-12-28 23:22 155,995 ----a-w C:\WINDOWS\java\Packages\YVDZD7TZ.ZIP
2007-12-28 23:21 --------- d-----w C:\Program Files\Services en ligne
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37 2321600]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-01-30 13:11 3497984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-29 01:28 249896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54 919016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-12-05 01:41 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 09:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-07-25 16:02 563984]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 19:29 35328]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 09:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-07-25 16:06 2027792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 15:05:56 65588]
R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
S2 Asus Protocol Driver Control;Asus Protocol Driver Control;"C:\WINDOWS\System32\dllcache\wingptd.exe" []
S3 pxark;pxark;C:\WINDOWS\System32\drivers\pxark.sys [2008-01-25 20:14]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 15:10:05
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-22 15:12:26
.
2008-02-13 21:01:40 --- E O F ---
____________________________________________________________________________________________
rapport antivir
AntiVir PersonalEdition Classic
Report file date: vendredi 22 février 2008 15:22
Scanning for 1119284 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: SEN-FV2B4OXXMLX
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 18:42:52
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 00:28:04
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 18:16:17
ANTIVIR3.VDF : 7.0.2.175 319488 Bytes 21/02/2008 17:32:37
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 15/02/2008 18:19:18
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 18:23:48
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 22 février 2008 15:22
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '29' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: vendredi 22 février 2008 15:55
Used time: 32:42 min
The scan has been canceled!
2733 Scanning directories
167876 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
167876 Files not concerned
1325 Archives were scanned
1 Warnings
7 Notes
slt,
non rien
pour accelerer un peu:
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
________________
defragment ton ordinateur
si ca persiste tu dis
non rien
pour accelerer un peu:
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
________________
defragment ton ordinateur
si ca persiste tu dis
