A l'aide antivir détecte intrusions

Résolu

aless2706 Messages postés 19 Statut Membre -
g!rly Messages postés 18462 Statut Contributeur - 5 avr. 2008 à 14:08

Bonjour,

Bonjour,

antivir me détecte plusieurs intrusions et mon pc est lent . Merci de m'aider ;)

Voici les rapports :

Antivir

AntiVir PersonalEdition Classic
Report file date: dimanche 24 février 2008 20:02

Scanning for 1120425 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: DISTRITOP

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 14:50:28
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 21:08:55
ANTIVIR3.VDF : 7.0.2.180 334848 Bytes 22/02/2008 21:13:22
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 16/02/2008 21:14:59
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 21:08:44
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 24 février 2008 20:02

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'CursorXP.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'Keyhook.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'libusbd-nt.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '27' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\composite.cab
[0] Archive type: CAB (Microsoft)
--> EnableDisable Internet Explorer Cookies.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '482ecd98.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\script.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4833cd8e.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\View\4\SupportAction.cab
[0] Archive type: CAB (Microsoft)
--> EnableDisable Internet Explorer Cookies.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4831cda2.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\4898ff18-15a1-49e8-a94d-5e3f9e45cf7b.4\composite.cab
[0] Archive type: CAB (Microsoft)
--> Schakel de cookies in Internet Explorer in of uit.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '482ecda1.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\4898ff18-15a1-49e8-a94d-5e3f9e45cf7b.4\script.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4833cd99.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\4898ff18-15a1-49e8-a94d-5e3f9e45cf7b.4\View\4\SupportAction.cab
[0] Archive type: CAB (Microsoft)
--> Schakel de cookies in Internet Explorer in of uit.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4831cdae.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\composite.cab
[0] Archive type: CAB (Microsoft)
--> Désactivez or activez les cookies dans Internet Explorer.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '482ecdaa.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\script.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4833cda0.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\View\4\SupportAction.cab
[0] Archive type: CAB (Microsoft)
--> Désactivez or activez les cookies dans Internet Explorer.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4831cdb4.qua'!
C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP861\A0279595.exe
[DETECTION] Contains detection pattern of the dropper DR/OneStep.C.90
[INFO] The file was moved to '47f3d7ac.qua'!
C:\WINDOWS\system32\ActiveScan\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '482cdd4b.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>

End of the scan: dimanche 24 février 2008 22:32
Used time: 2:30:45 min

The scan has been done completely.

6606 Scanning directories
461578 Files were scanned
2 viruses and/or unwanted programs were found
9 Files were classified as suspicious:
0 files were deleted
0 files were repaired
11 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
461576 Files not concerned
16196 Archives were scanned
2 Warnings
0 Notes

-----------------------------------------------------------------------------------------------------------------------

Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:48:34, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\aideonline.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.proximus.be/pickx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Rechercher avec google - C:\Windows\Web\ContextGoo.htm.
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Documents and Settings\HP_Propriétaire\Mes documents\Star Downloader\sdie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {4E7BD74F-2B8D-469E-85B1-A42BE89AAE29} - https://www.proximus.be/pickx
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://selfcare.belgacom.net/static/pc/dlbridgesy/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - https://sourceforge.net/p/libusb-win32/wiki/Home/ - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

End of file - 10296 bytes

Afficher la suite

A voir également:

A l'aide antivir détecte intrusions
Clé usb non detecté - Guide
Un changement de réseau a été détecté - Forum Réseau
Aucun pilote de périphérique n'a été détecté windows 10 - Forum Windows 10
Mon pc charge mon téléphone mais ne le détecte pas - Forum PC portable
Le logiciel amd a détecté un dépassement de délai du pilote ✓ - Forum Carte graphique

66 réponses

Réponse 21 / 66

g!rly Messages postés 18462 Statut Contributeur 406

Aless2706,

il y a quelques fichiers qui on ete programmés pour etre supprimés au redemarage...

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Application Data\Symantec scheduled.

Sinon vire les en mode sans echec...

bon, apres tout ca; comment ca va?

@+

Réponse 22 / 66

aless2706 Messages postés 19 Statut Membre 5

Ok je les effacerai en mode sans échec

mais ici je suis en train d'effectuer un nouveau scan avec antivir mais les memes fichiers reviennent a chaque fois alors que j'ai supprimé . Je laisse l'analyse finir et puis je pose le rapport

Réponse 23 / 66

aless2706

voila le rapport , il détecte tjrs les mêmes fichiers alors que je les avais supprimé auparavant

AntiVir PersonalEdition Classic
Report file date: jeudi 28 février 2008 19:30

Scanning for 1127639 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: DISTRITOP

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 14:50:28
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 21:30:51
ANTIVIR3.VDF : 7.0.2.206 98816 Bytes 28/02/2008 12:12:29
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 16/02/2008 21:14:59
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 21:08:44
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: low

Start of the scan: jeudi 28 février 2008 19:30

Starting search for hidden objects.
'56070' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CursorXP.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'Keyhook.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'libusbd-nt.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '25' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\composite.cab
[0] Archive type: CAB (Microsoft)
--> EnableDisable Internet Explorer Cookies.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '48340141.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\script.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '48390138.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\View\4\SupportAction.cab
[0] Archive type: CAB (Microsoft)
--> EnableDisable Internet Explorer Cookies.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4837014c.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\4898ff18-15a1-49e8-a94d-5e3f9e45cf7b.4\composite.cab
[0] Archive type: CAB (Microsoft)
--> Schakel de cookies in Internet Explorer in of uit.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '48340148.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\4898ff18-15a1-49e8-a94d-5e3f9e45cf7b.4\script.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4839013f.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\4898ff18-15a1-49e8-a94d-5e3f9e45cf7b.4\View\4\SupportAction.cab
[0] Archive type: CAB (Microsoft)
--> Schakel de cookies in Internet Explorer in of uit.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '48370153.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\composite.cab
[0] Archive type: CAB (Microsoft)
--> Désactivez or activez les cookies dans Internet Explorer.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4834014f.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\script.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '48390145.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\View\4\SupportAction.cab
[0] Archive type: CAB (Microsoft)
--> Désactivez or activez les cookies dans Internet Explorer.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '48370159.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>

End of the scan: jeudi 28 février 2008 20:45
Used time: 1:15:17 min

The scan has been done completely.

6313 Scanning directories
452800 Files were scanned
0 viruses and/or unwanted programs were found
9 Files were classified as suspicious:
0 files were deleted
0 files were repaired
9 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
452800 Files not concerned
16187 Archives were scanned
2 Warnings
0 Notes
56070 Objects were scanned with rootkit scan
0 Hidden objects were found

Réponse 24 / 66

g!rly Messages postés 18462 Statut Contributeur 406

aless2706.

oui c´est plus qu´etrange ?!

peux tu faire un scan avec a2square et poster le resultat ici, j´espere que cette fois tu pourras le poster...

http://www.commentcamarche.net/telecharger/telecharger 224 a squared

@+

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 66

aless2706

Ok désolé du retard je vais faire le scan tout de suite

Réponse 26 / 66

g!rly Messages postés 18462 Statut Contributeur 406

ok aless2706,

@+

Réponse 27 / 66

aless2706

voila le rapport ;)

Version - a-squared Free 3.1
Dernière mise à jour: 1/03/2008 14:47:34

Réglages Scan:

Objets: Mémoire, Traces, Cookies
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche

Début du scan: 2/03/2008 9:52:27

c:\documents and settings\hp_propriétaire\bureau\ares.lnk Détecter: Trace.File.Ares
c:\program files\ares\ares.exe Détecter: Trace.File.Ares
c:\program files\ares\data\anonproxies.txt.sample Détecter: Trace.File.Ares
c:\program files\ares\data\blocked.txt.sample Détecter: Trace.File.Ares
c:\program files\ares\data\blocked_keywords.txt.sample Détecter: Trace.File.Ares
c:\program files\ares\data\chanlistfilter.txt Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\chat.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\emotic.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\libbig.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\logo.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\mimesmall.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\mshareset.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\player.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\playlistbtns.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\prefs.txt Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\searchpnl.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\searchstars.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\tabsbig.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\tabssmall.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\transfer.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\gui\general\webanim.bmp Détecter: Trace.File.Ares
c:\program files\ares\data\homepage.dat Détecter: Trace.File.Ares
c:\program files\ares\data\p2pfilter.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\arabic.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\chinese_cn.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\chinese_tw.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\czech.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\dutch.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\finland.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\french.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\german.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\italian.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\japanese.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\kurdish.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\kyrgyz.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\polish.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\portugues.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\slovak.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\spanish.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\spanishla.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\swedish.txt Détecter: Trace.File.Ares
c:\program files\ares\lang\turkish.txt Détecter: Trace.File.Ares
c:\program files\ares\tcpip_patcher.sys Détecter: Trace.File.Ares
c:\program files\ares\tcpippatcherdll.dll Détecter: Trace.File.Ares
c:\documents and settings\hp_propriétaire\menu démarrer\programmes\ares\ares.lnk Détecter: Trace.File.Ares
Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares\bounds --> Main.Maximized Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares\Columns\Transfers --> Download Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares\Columns\Transfers --> Queue Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares\Columns\Transfers --> Upload Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares\Data --> AresNet1 Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares\Data --> JI.AresNet1 Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares\Positions\Transfers --> Download Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares\Positions\Transfers --> Queue Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares\Positions\Transfers --> Upload Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> ChatRoom.ServerPort Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> ChatRoom.ShowJP Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Extra.ShowActiveCaption Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> General.AutoConnect Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> General.AutoStartUp Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> General.LastLibraryMode Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> GUI.LastChatRoomBrowse Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> GUI.LastLibrary Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> GUI.LastPMBrowse Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> GUI.LastSearch Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Network.DHTID Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Personal.GUID Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Privacy.SendRegularPath Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> PrivateMessage.AllowBrowse Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> PrivateMessage.AwayMessage Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Start Menu Folder Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Stats.CAvgTime Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Stats.CDnSpeed Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Stats.CFRTime Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Stats.CTtUptime Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Stats.CUpSpeed Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Stats.HasLQCa Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Stats.LstCaQuery Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Stats.LstCaQueryInt Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Transfer.MaximizeUpBandOnIdle Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Transfer.ServerPort Détecter: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayName Détecter: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> DisplayVersion Détecter: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> Publisher Détecter: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> UninstallString Détecter: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLInfoAbout Détecter: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ares --> URLUpdateInfo Détecter: Trace.Registry.Ares
Key: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\software\kazaa Détecter: Trace.Registry.KaZaA
c:\program files\ares Détecter: Trace.Directory.Ares
c:\program files\ares\data Détecter: Trace.Directory.Ares
c:\program files\ares\data\gui Détecter: Trace.Directory.Ares
c:\program files\ares\data\gui\general Détecter: Trace.Directory.Ares
c:\program files\ares\lang Détecter: Trace.Directory.Ares
c:\documents and settings\hp_propriétaire\menu démarrer\programmes\ares Détecter: Trace.Directory.Ares
c:\documents and settings\hp_propriétaire\application data\shareaza Détecter: Trace.Directory.Shareaza Lite
c:\program files\ares\asyncex.ax Détecter: Trace.File.Ares
Value: HKEY_CLASSES_ROOT\CLSID\{3E0FA044-926C-42D9-BA12-EF16E980913B}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> ChatRoom.AutoAddToFavorites Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> General.HookBitTorrentExt Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> General.Language Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Playlist.PreviousM3UApp Détecter: Trace.Registry.Ares
Value: HKEY_USERS\S-1-5-21-2546207929-2116143017-4249160241-1007\Software\Ares --> Torrents.PreviousApp Détecter: Trace.Registry.Ares
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E0FA044-926C-42D9-BA12-EF16E980913B}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Ares
Value: HKEY_CLASSES_ROOT\CLSID\{1339B54C-3453-11D2-93B9-000000000000}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Internet Cleanup 5.0
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1339B54C-3453-11D2-93B9-000000000000}\InprocServer32 --> ThreadingModel Détecter: Trace.Registry.Internet Cleanup 5.0
Value: HKEY_CLASSES_ROOT\arlnk --> URL Protocol Détecter: Trace.Registry.Ares Galaxy P2P Plus
Value: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\arlnk --> URL Protocol Détecter: Trace.Registry.Ares Galaxy P2P Plus
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@2o7[2].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@bs.serving-sys[2].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@doubleclick[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@metriweb[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@serving-sys[2].txt Détecter: Trace.TrackingCookie

Scanné

Fichiers: 1620
Traces: 375688

Réponse 28 / 66

g!rly Messages postés 18462 Statut Contributeur 406

Salut aless2706.

on dirait que a2 square n´aime pas ares...

tu as deja installé kazaa?

qu´as tu fais tout supprimé ou?

@+

Réponse 29 / 66

aless2706

Oui je l'avais mais je l'ai désinstallé il y a très très longtemps...plus de 1an a mon avis

Réponse 30 / 66

aless2706

Et sinon pour a2square j'ai mis tous en quarantaine

merci de ton aide ;)

Réponse 31 / 66

g!rly Messages postés 18462 Statut Contributeur 406

ok aless2706,

nous voila toujours avec le meme probleme...

j´ai vu que tu avais d´autres topik sur d´autre forum egalement et la aussi, ca ne va pas plus loin ;-(

Moi je seche un peu a vrai dire...

dis moi quoi

@+

Réponse 32 / 66

aless2706

je vais refaire une analyse antivir et je posterai le rapport apres , pour le moment je n'ai plus eu de détection appart html/zone.gen qui revient chaque jour

Réponse 33 / 66

g!rly Messages postés 18462 Statut Contributeur 406

ok aless2706,

@+

Réponse 34 / 66

aless2706

voila le rapport , je suis vrmt désolé pour le retard :s mais je suis fort pris ces temps ci..

Il détecte encore les fichiers..tjrs les memes ^^

Ca ne viendrait pas des cookies internet explorer par hazard ? car ma mère avait du les autorisés une fois pour accèder a une fonction sur le site de sa banque..

AntiVir PersonalEdition Classic
Report file date: jeudi 6 mars 2008 21:43

Scanning for 1136109 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HP_Propriétaire
Computer name: DISTRITOP

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 14:50:28
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 21:30:51
ANTIVIR3.VDF : 7.0.2.245 216576 Bytes 06/03/2008 19:53:43
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 01/03/2008 17:19:54
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 21:08:44
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: low

Start of the scan: jeudi 6 mars 2008 21:43

Starting search for hidden objects.
'47680' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'CursorXP.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'Keyhook.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'libusbd-nt.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\composite.cab
[0] Archive type: CAB (Microsoft)
--> EnableDisable Internet Explorer Cookies.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '483d5c85.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\script.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '48425c7b.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\View\4\SupportAction.cab
[0] Archive type: CAB (Microsoft)
--> EnableDisable Internet Explorer Cookies.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '48405c90.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\4898ff18-15a1-49e8-a94d-5e3f9e45cf7b.4\composite.cab
[0] Archive type: CAB (Microsoft)
--> Schakel de cookies in Internet Explorer in of uit.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '483d5c8c.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\4898ff18-15a1-49e8-a94d-5e3f9e45cf7b.4\View\4\SupportAction.cab
[0] Archive type: CAB (Microsoft)
--> Schakel de cookies in Internet Explorer in of uit.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '48405c94.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\composite.cab
[0] Archive type: CAB (Microsoft)
--> Désactivez or activez les cookies dans Internet Explorer.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '483d5c90.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\script.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '48425c86.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\View\4\SupportAction.cab
[0] Archive type: CAB (Microsoft)
--> Désactivez or activez les cookies dans Internet Explorer.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '48405c9a.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

End of the scan: jeudi 6 mars 2008 22:53
Used time: 1:09:49 min

The scan has been done completely.

6155 Scanning directories
345532 Files were scanned
0 viruses and/or unwanted programs were found
8 Files were classified as suspicious:
0 files were deleted
0 files were repaired
8 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
345532 Files not concerned
10167 Archives were scanned
2 Warnings
0 Notes
47680 Objects were scanned with rootkit scan
0 Hidden objects were found

Réponse 35 / 66

g!rly Messages postés 18462 Statut Contributeur 406

salut aless2706,

oui ca vient effectivement des cookies qui sont autorisés...

remonte le niveau de securité concernant les cookies...

puis on va tenté ceci :

Copie le texte ci-dessous :

File::
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\composite.cab
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\script.htm
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\View\4\SupportAction.cab
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\4898ff18-15a1-49e8-a94d-5e3f9e45cf7b.4\composite.cab
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\4898ff18-15a1-49e8-a94d-5e3f9e45cf7b.4\View\4\SupportAction.cab
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\composite.cab
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\script.htm
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\View\4\SupportAction.cab

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt

S'il n'y a pas de rédémarrage, poste quand même le rapport.

@+

Réponse 36 / 66

aless2706

Voila le rapport , j'ai fait glisser le fichier dedans mais apres il ne ma pas demandé de taper 1 ou 2 , il a commencé directement le scan , je ne sais pas si ca a de l'importance mais bon..

ComboFix 08-03-07.4 - HP_Propriétaire 2008-03-08 13:39:50.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.32 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_PropriÚtaire\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))))))
.

2008-03-08 13:34 . 2008-03-08 13:35 <REP> d-------- C:\ComboFix[1]
2008-03-01 14:44 . 2008-03-02 09:54 <REP> d-------- C:\Program Files\a-squared Free
2008-02-28 14:53 . 2008-02-28 14:53 37,376 --a------ C:\avendavid.doc
2008-02-26 19:21 . 2008-02-26 19:21 <REP> d-------- C:\Program Files\CleanUp!
2008-02-26 12:36 . 2008-02-26 12:36 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-26 11:59 . 2008-02-26 11:59 <REP> d-------- C:\_OTMoveIt
2008-02-25 21:20 . 2008-02-25 21:20 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Grisoft
2008-02-25 21:19 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-24 17:47 . 2008-02-24 17:47 <REP> d-------- C:\Program Files\Lavasoft
2008-02-24 17:47 . 2008-02-24 17:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 17:46 . 2008-02-24 17:46 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-23 16:38 . 2007-09-02 20:37 4,096 --a------ C:\WINDOWS\system32\drivers\KProcCheck.sys
2008-02-23 11:03 . 2008-02-23 11:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-23 08:22 . 2008-02-23 08:22 <REP> d-------- C:\Program Files\Trend Micro
2008-02-23 08:10 . 2008-02-23 08:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-23 08:10 . 2008-02-23 08:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-14 08:15 . 2008-02-14 08:15 39,936 --a------ C:\ventedavid.doc
2008-02-10 10:46 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-02-10 10:46 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-02-10 10:46 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2008-02-10 10:46 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-02-10 10:46 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2008-02-10 10:46 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 22:12 --------- d-----w C:\Program Files\EuroPoker
2008-02-27 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-26 18:22 --------- d-----w C:\Program Files\MSN Messenger
2008-02-26 18:22 --------- d-----w C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-02-26 18:22 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Vso
2008-02-26 18:22 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Desktop Sidebar
2008-02-26 11:03 --------- d-----w C:\Program Files\Makro
2008-02-25 23:17 --------- d-----w C:\Program Files\Microsoft Works
2008-02-25 23:17 --------- d-----w C:\Program Files\Easy Internet signup
2008-02-25 23:17 --------- d-----w C:\Program Files\DivX
2008-02-23 13:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-23 13:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-23 13:00 --------- d-----w C:\Program Files\QuickTime
2008-02-23 12:51 --------- d-----w C:\Program Files\Google
2008-02-23 12:49 --------- d-----w C:\Program Files\CursorXP
2008-02-13 16:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-05 19:01 --------- d-----w C:\Program Files\Project64 1.6
2008-02-04 21:55 --------- d-----w C:\Program Files\WinLemm
2008-02-04 09:22 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
2008-01-27 10:24 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\uTorrent
2008-01-26 08:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-10-14 09:34 30,832 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2005-04-20 19:18 56 --sh--r C:\WINDOWS\system32\2565851E8D.sys
2005-04-21 05:20 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34 128000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 18:51 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-01-29 17:34 598920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 15:07 32881]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" []
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 09:47 249856]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-31 10:48 249896]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 08:34 192512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-01-01 17:45 98304]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)
"rightsTest"= 1 (0x1)
"DisallowRun"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"2"= firefox.exe
"3"= Opera.exe
"4"= netscape.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15001:TCP"= 15001:TCP:Utor1

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 12:53]
S3 cdiskdun;cdiskdun;C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\cdiskdun.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 V0010bVd;Creative WebCam Vista #2;C:\WINDOWS\system32\DRIVERS\V0010bVd.sys [2003-04-21 08:19]
S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccad4655-7fb8-11da-8968-00112fbf7215}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6c701a4-37b0-11dc-8c14-00112fbf7215}]
\Shell\AutoRun\command - F:\Exe\Autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-23 20:47:19 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-03-08 12:43:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 13:46:48
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-08 13:50:10
ComboFix-quarantined-files.txt 2008-03-08 12:49:59
ComboFix2.txt 2008-02-26 08:49:57
.
2008-02-13 16:20:16 --- E O F ---

Réponse 37 / 66

g!rly Messages postés 18462 Statut Contributeur 406

bonsoir aless2706,

je viens de reperer un genre de rootkit dans le rapport :

fais ceci :

Copie le texte ci-dessous :

File::
C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\cdiskdun.sys

Driver::
cdiskdun

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

puis repasses le scan d´antivir pour voir si il detecte encore les memes fichiers qu´au paravant.

@+

Réponse 38 / 66

aless2706

slt , je vais lancer combofix ajd mais je posterai demain tous les rapports , manque de temps ajd :s

en tout cas merci de ton aide ;)

Réponse 39 / 66

g!rly Messages postés 18462 Statut Contributeur 406

Ok

@+

Réponse 40 / 66

aless2706

Voici les rapports

Combofix

ComboFix 08-03-07.4 - HP_Propriétaire 2008-03-10 21:18:40.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.43 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_PropriÚtaire\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.

2008-03-08 13:34 . 2008-03-08 13:35 <REP> d-------- C:\ComboFix[1]
2008-03-01 14:44 . 2008-03-02 09:54 <REP> d-------- C:\Program Files\a-squared Free
2008-02-28 14:53 . 2008-02-28 14:53 37,376 --a------ C:\avendavid.doc
2008-02-26 19:21 . 2008-02-26 19:21 <REP> d-------- C:\Program Files\CleanUp!
2008-02-26 12:36 . 2008-02-26 12:36 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-26 11:59 . 2008-02-26 11:59 <REP> d-------- C:\_OTMoveIt
2008-02-25 21:20 . 2008-02-25 21:20 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Grisoft
2008-02-25 21:19 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-24 17:47 . 2008-02-24 17:47 <REP> d-------- C:\Program Files\Lavasoft
2008-02-24 17:47 . 2008-02-24 17:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 17:46 . 2008-02-24 17:46 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-23 16:38 . 2007-09-02 20:37 4,096 --a------ C:\WINDOWS\system32\drivers\KProcCheck.sys
2008-02-23 11:03 . 2008-02-23 11:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-23 08:22 . 2008-02-23 08:22 <REP> d-------- C:\Program Files\Trend Micro
2008-02-23 08:10 . 2008-02-23 08:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-23 08:10 . 2008-02-23 08:10 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-14 08:15 . 2008-02-14 08:15 39,936 --a------ C:\ventedavid.doc
2008-02-10 10:46 . 2004-03-08 23:00 224,016 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-02-10 10:46 . 1998-07-12 23:00 141,312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL
2008-02-10 10:46 . 1998-07-12 23:00 59,904 --a------ C:\WINDOWS\system32\Mscc2fr.dll
2008-02-10 10:46 . 1998-07-12 19:00 32,768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL
2008-02-10 10:46 . 1998-07-12 23:00 21,504 --a------ C:\WINDOWS\system32\TABCTFR.DLL
2008-02-10 10:46 . 1998-07-12 23:00 15,360 --a------ C:\WINDOWS\system32\inetfr.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 21:01 --------- d-----w C:\Program Files\EuroPoker
2008-02-27 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-26 18:22 --------- d-----w C:\Program Files\MSN Messenger
2008-02-26 18:22 --------- d-----w C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-02-26 18:22 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Vso
2008-02-26 18:22 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\Desktop Sidebar
2008-02-26 11:03 --------- d-----w C:\Program Files\Makro
2008-02-25 23:17 --------- d-----w C:\Program Files\Microsoft Works
2008-02-25 23:17 --------- d-----w C:\Program Files\Easy Internet signup
2008-02-25 23:17 --------- d-----w C:\Program Files\DivX
2008-02-23 13:01 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-23 13:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-23 13:00 --------- d-----w C:\Program Files\QuickTime
2008-02-23 12:51 --------- d-----w C:\Program Files\Google
2008-02-23 12:49 --------- d-----w C:\Program Files\CursorXP
2008-02-13 16:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-05 19:01 --------- d-----w C:\Program Files\Project64 1.6
2008-02-04 21:55 --------- d-----w C:\Program Files\WinLemm
2008-02-04 09:22 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
2008-01-27 10:24 --------- d-----w C:\Documents and Settings\HP_Propriétaire\Application Data\uTorrent
2008-01-26 08:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-10-14 09:34 30,832 ----a-w C:\Documents and Settings\HP_Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2005-04-20 19:18 56 --sh--r C:\WINDOWS\system32\2565851E8D.sys
2005-04-21 05:20 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 16:34 128000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-18 18:51 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 11:00 15360]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2007-01-29 17:34 598920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-01-01 15:07 32881]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 20:43 233472]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"VTTimer"="VTTimer.exe" []
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2004-05-20 09:47 249856]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 88209 C:\WINDOWS\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-31 10:48 249896]
"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 08:34 192512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-01-01 17:45 98304]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)
"rightsTest"= 1 (0x1)
"DisallowRun"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"2"= firefox.exe
"3"= Opera.exe
"4"= netscape.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15001:TCP"= 15001:TCP:Utor1

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
S3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2003-12-08 12:53]
S3 cdiskdun;cdiskdun;C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\cdiskdun.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 V0010bVd;Creative WebCam Vista #2;C:\WINDOWS\system32\DRIVERS\V0010bVd.sys [2003-04-21 08:19]
S3 XPADFL02;XPAD Filter Service 02;C:\WINDOWS\system32\DRIVERS\xpadfl02.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ccad4655-7fb8-11da-8968-00112fbf7215}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6c701a4-37b0-11dc-8c14-00112fbf7215}]
\Shell\AutoRun\command - F:\Exe\Autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-23 20:47:19 C:\WINDOWS\Tasks\Connexion facile à Internet.job"
- C:\Program Files\Easy Internet signup\HPSdpApp.exe
"2008-03-10 19:43:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 21:25:28
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-10 21:28:30
ComboFix-quarantined-files.txt 2008-03-10 20:28:18
ComboFix2.txt 2008-03-08 12:50:13
ComboFix3.txt 2008-02-26 08:49:57
.
2008-02-13 16:20:16 --- E O F ---

--------------------------------------------------------------------------------------------------------------------------------------------

Rapport Antivir

AntiVir PersonalEdition Classic
Report file date: mardi 11 mars 2008 14:58

Scanning for 1141684 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HP_Propriétaire
Computer name: DISTRITOP

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:57:16
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 19:57:16
ANTIVIR3.VDF : 7.0.3.12 65536 Bytes 10/03/2008 19:54:15
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 01/03/2008 17:19:54
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 16/01/2008 21:08:44
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: low

Start of the scan: mardi 11 mars 2008 14:58

Starting search for hidden objects.
'47041' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'CursorXP.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'sprtcmd.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'Keyhook.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'libusbd-nt.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'BTNtService.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
41 processes with 41 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\composite.cab
[0] Archive type: CAB (Microsoft)
--> EnableDisable Internet Explorer Cookies.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '48439799.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\script.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '48489791.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\094add81-fd34-47b3-86ce-4e6dd4b3b05a.7\View\4\SupportAction.cab
[0] Archive type: CAB (Microsoft)
--> EnableDisable Internet Explorer Cookies.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '484697a7.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\4898ff18-15a1-49e8-a94d-5e3f9e45cf7b.4\composite.cab
[0] Archive type: CAB (Microsoft)
--> Schakel de cookies in Internet Explorer in of uit.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '484397a6.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\4898ff18-15a1-49e8-a94d-5e3f9e45cf7b.4\script.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '4848979d.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\4898ff18-15a1-49e8-a94d-5e3f9e45cf7b.4\View\4\SupportAction.cab
[0] Archive type: CAB (Microsoft)
--> Schakel de cookies in Internet Explorer in of uit.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '484697b4.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\composite.cab
[0] Archive type: CAB (Microsoft)
--> Désactivez or activez les cookies dans Internet Explorer.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '484397b3.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\script.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '484897ab.qua'!
C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\SupportSoft\Belgacom\HP_Propriétaire\data\sprt_actionlight\6042dfc5-c19b-4119-80be-e58067de1e02.7\View\4\SupportAction.cab
[0] Archive type: CAB (Microsoft)
--> Désactivez or activez les cookies dans Internet Explorer.saf
[DETECTION] Contains detection pattern of the HTML script virus HTML/Zones.Gen
[INFO] The file was moved to '484697c0.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!

End of the scan: mardi 11 mars 2008 16:17
Used time: 1:19:50 min

The scan has been done completely.

6170 Scanning directories
344958 Files were scanned
0 viruses and/or unwanted programs were found
9 Files were classified as suspicious:
0 files were deleted
0 files were repaired
9 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
344958 Files not concerned
10187 Archives were scanned
2 Warnings
0 Notes
47041 Objects were scanned with rootkit scan
0 Hidden objects were found

---------------------------------------------------------------------------------------------------------------------------------------------------

Log hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:50, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\libusbd-nt.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Belgacom\bin\sprtcmd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\aideonline.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.proximus.be/pickx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Rechercher avec google - C:\Windows\Web\ContextGoo.htm.
O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Documents and Settings\HP_Propriétaire\Mes documents\Star Downloader\sdie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} - http://sib1.od2.com/common/Member/ClientInstall/10.20.0002/OCI/setup.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://selfcare.belgacom.net/static/pc/dlbridgesy/SymDlBrg.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - https://sourceforge.net/p/libusb-win32/wiki/Home/ - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Discussions similaires

Livebox 4 Réseau Orange non détecté

Livebox s'allume mais marque pas de réseau orange

"AMD a détecté un dépassement de délai du pilote"

un hyperviseur a été détecté. les fonctionnalités nécessaire

Crash AMD dépassement délai du pilote

A l'aide antivir détecte intrusions

66 réponses

Votre réponse

Discussions similaires

Newsletters