TR/Dldr.PurityScan.FK
Résolu/Fermé
lankhmar
Messages postés
24
Date d'inscription
mercredi 2 avril 2008
Statut
Membre
Dernière intervention
21 décembre 2012
-
11 avril 2008 à 15:14
Lankhmar - 16 avril 2008 à 17:01
Lankhmar - 16 avril 2008 à 17:01
A voir également:
- TR/Dldr.PurityScan.FK
- Google tr - Télécharger - Traduction
- We tr - Télécharger - Téléchargement & Transfert
- Sennheiser tr 4200 problème - Forum TV & Vidéo
- Problème casque sennheiser 4200 - Forum Casque et écouteurs
- WeTransfer gratuit : envoyer des fichiers via Internet - Guide
11 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 avril 2008 à 16:29
11 avril 2008 à 16:29
slt,
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
_________
recolle un hijackthis et un rapport antivir
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
_________
recolle un hijackthis et un rapport antivir
bon voila
ComboFix 08-04-10.9 - princess 2008-04-11 16:53:23.1 - NTFSx86
Endroit: C:\Documents and Settings\princess\Bureau\Combo-Fix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\princess\Application Data\SKS~1
C:\Documents and Settings\princess\Application Data\SKS~1\??sks\
C:\Program Files\outerinfo
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\ppatch~1
C:\WINDOWS\ppatch~1\m?config.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dp1
C:\WINDOWS\system32\edqpvpti.ini
C:\WINDOWS\system32\euouxwij.dllbox
C:\WINDOWS\system32\feq9
C:\WINDOWS\system32\gtkfjybt.ini
C:\WINDOWS\system32\iuvgrugj.ini
C:\WINDOWS\system32\jhwmsete.ini
C:\WINDOWS\system32\lbgsmabj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nqrqr.ini
C:\WINDOWS\system32\nqrqr.ini2
C:\WINDOWS\system32\O13
C:\WINDOWS\system32\O13\CT\Icon.exe
C:\WINDOWS\system32\O13\CT\MXKEYBD.DLL
C:\WINDOWS\system32\O13\CT\Same.exe
C:\WINDOWS\system32\O13\CT\SETUP.exe
C:\WINDOWS\system32\O13\CT\STDSB.exe
C:\WINDOWS\system32\O13\CT\STDSB.inf
C:\WINDOWS\system32\O13\CT\STDSB.sys
C:\WINDOWS\system32\O13\CT\UN4SB.bat
C:\WINDOWS\system32\O13\CT\UNSTDSB.exe
C:\WINDOWS\system32\O13\CT\WinIo.dll
C:\WINDOWS\system32\O13\CT\WinIo.sys
C:\WINDOWS\system32\O13\CT\wireless.exe
C:\WINDOWS\system32\O13\CT\WL.exe
C:\WINDOWS\system32\O13\Pictures\CG13.ico
C:\WINDOWS\system32\O13\Pictures\CG13.jpg
C:\WINDOWS\system32\O13\Pictures\Oeminfo.ini
C:\WINDOWS\system32\O13\Pictures\oemlogo.bmp
C:\WINDOWS\system32\O13\Pictures\oemlogo.jpg
C:\WINDOWS\system32\O13\Pictures\wallpaper_O13.bmp
C:\WINDOWS\system32\olfgqcil.dllbox
C:\WINDOWS\system32\oveahiti.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\povufvgp.ini
C:\WINDOWS\system32\rrgfeqdp.ini
C:\WINDOWS\system32\ucdnprlk.ini
C:\WINDOWS\system32\vdjxlrim.ini
C:\WINDOWS\system32\whptafqs.dllbox
C:\WINDOWS\system32\winio.dll
C:\WINDOWS\system32\wl.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))))))
.
2008-04-11 16:51 . 2008-04-11 16:51 <REP> d-------- C:\ComboFix
2008-04-11 15:05 . 2008-04-11 15:05 <REP> d-------- C:\Program Files\Trend Micro
2008-04-11 14:53 . 2008-04-11 14:53 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-10 18:46 . 2008-04-10 18:47 254 --a------ C:\WINDOWS\wininit.ini
2008-04-10 17:18 . 2008-04-10 17:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-10 17:18 . 2008-04-10 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 14:25 . 2008-04-09 14:25 268 --ah----- C:\sqmdata10.sqm
2008-04-09 14:25 . 2008-04-09 14:25 244 --ah----- C:\sqmnoopt10.sqm
2008-04-09 12:33 . 2008-04-09 12:33 268 --ah----- C:\sqmdata09.sqm
2008-04-09 12:33 . 2008-04-09 12:33 244 --ah----- C:\sqmnoopt09.sqm
2008-04-09 11:50 . 2008-04-09 11:50 <REP> d-------- C:\Program Files\CCleaner
2008-04-09 11:40 . 2008-04-09 11:40 268 --ah----- C:\sqmdata08.sqm
2008-04-09 11:40 . 2008-04-09 11:40 244 --ah----- C:\sqmnoopt08.sqm
2008-04-08 15:44 . 2008-04-08 15:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-08 15:36 . 2008-04-08 15:36 <REP> d-------- C:\Program Files\Avira
2008-04-08 15:36 . 2008-04-08 15:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 15:02 --------- d-----w C:\Program Files\Wanadoo
2008-04-11 11:22 --------- d-----w C:\Program Files\winvi
2008-04-08 13:50 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-04-08 13:49 --------- d-----w C:\Program Files\DivX
2008-04-08 13:49 --------- d-----w C:\Program Files\dbar
2008-04-08 13:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-29 21:08 --------- d-----w C:\Documents and Settings\princess\Application Data\Deskbar_{62BA27D2-410F-42cf-BA17-827DE2C001B8}
2008-02-25 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-18 08:05 --------- d-----w C:\Program Files\StarOffice7
2007-01-25 01:52 65,536 ----a-w C:\Program Files\Fichiers communs\NMSAccessU.exe
2005-07-29 15:24 472 -csha-r C:\WINDOWS\Q29uc2VpbCBH6W7pcmFsIGRlcyBCRFI\kZ6RwZpDvF1JdqeDwAIPK3l5wV1FlIK.vbs
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
2007-11-14 15:36 1486848 --a------ C:\Program Files\dbar\Deskbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"Lavxnezd"="C:\WINDOWS\??pPatch\m?config.exe" [ ]
"WebSUpdater"="C:\Program Files\winvi\wupda.exe" [2008-02-28 01:55 198185]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STDSB"="C:\WINDOWS\system32\STDSB.exe" [2002-02-27 19:30 28672]
"SoundMan"="SOUNDMAN.EXE" [2003-01-07 17:09 46592 C:\WINDOWS\soundman.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-25 17:21 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-25 17:20 561152]
"icon"="C:\WINDOWS\system32\icon.exe" [2003-08-18 15:56 204800]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 14:08 98304]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-17 16:02 180269]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-08 19:35 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxust]
byxxust.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\olfgqcil]
olfgqcil.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-06-27 13:01 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-18 14:08 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WL]
C:\WINDOWS\system32\WL.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\STDSB.sys [2002-07-12 13:41]
R2 NMSAccessU;NMSAccessU;C:\Program Files\Fichiers communs\NMSAccessU.exe [2007-01-25 03:52]
R3 ENE;ENE;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2002-12-23 09:47]
R3 wlags48d;Agere Wireless PCCard Service;C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-07-07 06:24]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S3 SNDM360;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndm360.sys [2003-12-08 19:35]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
*Newly Created Service* - ZDPNDIS5
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 17:00:43
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-11 17:06:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-11 15:05:54
Pre-Run: 25,474,080,768 octets libres
Post-Run: 25,389,268,992 octets libres
.
2008-04-09 17:32:39 --- E O F ---
ComboFix 08-04-10.9 - princess 2008-04-11 16:53:23.1 - NTFSx86
Endroit: C:\Documents and Settings\princess\Bureau\Combo-Fix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\princess\Application Data\SKS~1
C:\Documents and Settings\princess\Application Data\SKS~1\??sks\
C:\Program Files\outerinfo
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\isgTi19
C:\Temp\isgTi19\lPig.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\ppatch~1
C:\WINDOWS\ppatch~1\m?config.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\dp1
C:\WINDOWS\system32\edqpvpti.ini
C:\WINDOWS\system32\euouxwij.dllbox
C:\WINDOWS\system32\feq9
C:\WINDOWS\system32\gtkfjybt.ini
C:\WINDOWS\system32\iuvgrugj.ini
C:\WINDOWS\system32\jhwmsete.ini
C:\WINDOWS\system32\lbgsmabj.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nGpxx01
C:\WINDOWS\system32\nqrqr.ini
C:\WINDOWS\system32\nqrqr.ini2
C:\WINDOWS\system32\O13
C:\WINDOWS\system32\O13\CT\Icon.exe
C:\WINDOWS\system32\O13\CT\MXKEYBD.DLL
C:\WINDOWS\system32\O13\CT\Same.exe
C:\WINDOWS\system32\O13\CT\SETUP.exe
C:\WINDOWS\system32\O13\CT\STDSB.exe
C:\WINDOWS\system32\O13\CT\STDSB.inf
C:\WINDOWS\system32\O13\CT\STDSB.sys
C:\WINDOWS\system32\O13\CT\UN4SB.bat
C:\WINDOWS\system32\O13\CT\UNSTDSB.exe
C:\WINDOWS\system32\O13\CT\WinIo.dll
C:\WINDOWS\system32\O13\CT\WinIo.sys
C:\WINDOWS\system32\O13\CT\wireless.exe
C:\WINDOWS\system32\O13\CT\WL.exe
C:\WINDOWS\system32\O13\Pictures\CG13.ico
C:\WINDOWS\system32\O13\Pictures\CG13.jpg
C:\WINDOWS\system32\O13\Pictures\Oeminfo.ini
C:\WINDOWS\system32\O13\Pictures\oemlogo.bmp
C:\WINDOWS\system32\O13\Pictures\oemlogo.jpg
C:\WINDOWS\system32\O13\Pictures\wallpaper_O13.bmp
C:\WINDOWS\system32\olfgqcil.dllbox
C:\WINDOWS\system32\oveahiti.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\povufvgp.ini
C:\WINDOWS\system32\rrgfeqdp.ini
C:\WINDOWS\system32\ucdnprlk.ini
C:\WINDOWS\system32\vdjxlrim.ini
C:\WINDOWS\system32\whptafqs.dllbox
C:\WINDOWS\system32\winio.dll
C:\WINDOWS\system32\wl.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))))))))
.
2008-04-11 16:51 . 2008-04-11 16:51 <REP> d-------- C:\ComboFix
2008-04-11 15:05 . 2008-04-11 15:05 <REP> d-------- C:\Program Files\Trend Micro
2008-04-11 14:53 . 2008-04-11 14:53 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-10 18:46 . 2008-04-10 18:47 254 --a------ C:\WINDOWS\wininit.ini
2008-04-10 17:18 . 2008-04-10 17:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-10 17:18 . 2008-04-10 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 14:25 . 2008-04-09 14:25 268 --ah----- C:\sqmdata10.sqm
2008-04-09 14:25 . 2008-04-09 14:25 244 --ah----- C:\sqmnoopt10.sqm
2008-04-09 12:33 . 2008-04-09 12:33 268 --ah----- C:\sqmdata09.sqm
2008-04-09 12:33 . 2008-04-09 12:33 244 --ah----- C:\sqmnoopt09.sqm
2008-04-09 11:50 . 2008-04-09 11:50 <REP> d-------- C:\Program Files\CCleaner
2008-04-09 11:40 . 2008-04-09 11:40 268 --ah----- C:\sqmdata08.sqm
2008-04-09 11:40 . 2008-04-09 11:40 244 --ah----- C:\sqmnoopt08.sqm
2008-04-08 15:44 . 2008-04-08 15:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-08 15:36 . 2008-04-08 15:36 <REP> d-------- C:\Program Files\Avira
2008-04-08 15:36 . 2008-04-08 15:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-11 15:02 --------- d-----w C:\Program Files\Wanadoo
2008-04-11 11:22 --------- d-----w C:\Program Files\winvi
2008-04-08 13:50 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-04-08 13:49 --------- d-----w C:\Program Files\DivX
2008-04-08 13:49 --------- d-----w C:\Program Files\dbar
2008-04-08 13:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-29 21:08 --------- d-----w C:\Documents and Settings\princess\Application Data\Deskbar_{62BA27D2-410F-42cf-BA17-827DE2C001B8}
2008-02-25 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-18 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-18 08:05 --------- d-----w C:\Program Files\StarOffice7
2007-01-25 01:52 65,536 ----a-w C:\Program Files\Fichiers communs\NMSAccessU.exe
2005-07-29 15:24 472 -csha-r C:\WINDOWS\Q29uc2VpbCBH6W7pcmFsIGRlcyBCRFI\kZ6RwZpDvF1JdqeDwAIPK3l5wV1FlIK.vbs
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
2007-11-14 15:36 1486848 --a------ C:\Program Files\dbar\Deskbar.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"Lavxnezd"="C:\WINDOWS\??pPatch\m?config.exe" [ ]
"WebSUpdater"="C:\Program Files\winvi\wupda.exe" [2008-02-28 01:55 198185]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STDSB"="C:\WINDOWS\system32\STDSB.exe" [2002-02-27 19:30 28672]
"SoundMan"="SOUNDMAN.EXE" [2003-01-07 17:09 46592 C:\WINDOWS\soundman.exe]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-25 17:21 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-25 17:20 561152]
"icon"="C:\WINDOWS\system32\icon.exe" [2003-08-18 15:56 204800]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 14:08 98304]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-17 16:02 180269]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-08 19:35 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxust]
byxxust.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\olfgqcil]
olfgqcil.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-06-27 13:01 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-18 14:08 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WL]
C:\WINDOWS\system32\WL.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\STDSB.sys [2002-07-12 13:41]
R2 NMSAccessU;NMSAccessU;C:\Program Files\Fichiers communs\NMSAccessU.exe [2007-01-25 03:52]
R3 ENE;ENE;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2002-12-23 09:47]
R3 wlags48d;Agere Wireless PCCard Service;C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-07-07 06:24]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S3 SNDM360;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndm360.sys [2003-12-08 19:35]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
*Newly Created Service* - ZDPNDIS5
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-11 17:00:43
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-11 17:06:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-11 15:05:54
Pre-Run: 25,474,080,768 octets libres
Post-Run: 25,389,268,992 octets libres
.
2008-04-09 17:32:39 --- E O F ---
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
11 avril 2008 à 17:36
11 avril 2008 à 17:36
recolle un hijackthis et un antivir
a plus
a plus
bonjour
bn apres combo fix j ai eu un autre virus detecter par antivir qui n ai plus revenu apres le scan
sinon maintenant j ai un message d erreur concernant icon.exe qui dit qu il ne retrouve pas winio.dll, je crois que ca viens du port parrallele j ai trouver un site ou je peut la telecharger apres je doit la placer dans c/windows:system32?
voila mon rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\STDSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: byxxust - byxxust.dll (file missing)
O20 - Winlogon Notify: olfgqcil - olfgqcil.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
bn apres combo fix j ai eu un autre virus detecter par antivir qui n ai plus revenu apres le scan
sinon maintenant j ai un message d erreur concernant icon.exe qui dit qu il ne retrouve pas winio.dll, je crois que ca viens du port parrallele j ai trouver un site ou je peut la telecharger apres je doit la placer dans c/windows:system32?
voila mon rapport hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10, on 2008-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\STDSB.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: byxxust - byxxust.dll (file missing)
O20 - Winlogon Notify: olfgqcil - olfgqcil.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 avril 2008 à 16:24
12 avril 2008 à 16:24
ok
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O20 - Winlogon Notify: byxxust - byxxust.dll (file missing)
O20 - Winlogon Notify: olfgqcil - olfgqcil.dll (file missing)
__________________
pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_____________________
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Program Files\dbar\Deskbar.dll
C:\WINDOWS\??pPatch\m?config.exe
C:\Program Files\winvi\wupda.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxust]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\olfgqcil]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lavxnezd"=-
"WebSUpdater"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________________
colle un rapport antivir
_________________
si ton pb winio.dll persiste, telecharge et mets le dans sytem 32
http://www.dlldll.com/winio.dll_download.html
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.whynotsearchhere.com/start.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: DbarBHO - {CC11617C-259E-429c-9063-7D70B8355EBD} - C:\Program Files\dbar\Deskbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [WebSUpdater] "C:\Program Files\winvi\wupda.exe" /background
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O20 - Winlogon Notify: byxxust - byxxust.dll (file missing)
O20 - Winlogon Notify: olfgqcil - olfgqcil.dll (file missing)
__________________
pour fusionner:
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
_____________________
Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Program Files\dbar\Deskbar.dll
C:\WINDOWS\??pPatch\m?config.exe
C:\Program Files\winvi\wupda.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxust]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\olfgqcil]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC11617C-259E-429c-9063-7D70B8355EBD}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lavxnezd"=-
"WebSUpdater"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
_________________
colle un rapport antivir
_________________
si ton pb winio.dll persiste, telecharge et mets le dans sytem 32
http://www.dlldll.com/winio.dll_download.html
re
rapport combofix
ComboFix 08-04-10.9 - princess 2008-04-12 18:16:10.4 - NTFSx86
Endroit: C:\Documents and Settings\princess\Bureau\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\princess\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Program Files\dbar\deskbar.dll
C:\Program Files\dbar\Deskbar.dll
C:\Program Files\winvi\wupda.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\dbar\deskbar.dll
C:\Program Files\winvi\wupda.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
.
2008-04-11 16:51 . 2008-04-11 16:51 <REP> d-------- C:\ComboFix
2008-04-11 15:05 . 2008-04-11 15:05 <REP> d-------- C:\Program Files\Trend Micro
2008-04-11 14:53 . 2008-04-11 14:53 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-10 18:46 . 2008-04-10 18:47 254 --a------ C:\WINDOWS\wininit.ini
2008-04-10 17:18 . 2008-04-10 17:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-10 17:18 . 2008-04-10 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 14:25 . 2008-04-09 14:25 268 --ah----- C:\sqmdata10.sqm
2008-04-09 14:25 . 2008-04-09 14:25 244 --ah----- C:\sqmnoopt10.sqm
2008-04-09 12:33 . 2008-04-09 12:33 268 --ah----- C:\sqmdata09.sqm
2008-04-09 12:33 . 2008-04-09 12:33 244 --ah----- C:\sqmnoopt09.sqm
2008-04-09 11:50 . 2008-04-09 11:50 <REP> d-------- C:\Program Files\CCleaner
2008-04-09 11:40 . 2008-04-09 11:40 268 --ah----- C:\sqmdata08.sqm
2008-04-09 11:40 . 2008-04-09 11:40 244 --ah----- C:\sqmnoopt08.sqm
2008-04-08 15:44 . 2008-04-08 15:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-08 15:36 . 2008-04-08 15:36 <REP> d-------- C:\Program Files\Avira
2008-04-08 15:36 . 2008-04-08 15:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 16:16 --------- d-----w C:\Program Files\winvi
2008-04-12 16:16 --------- d-----w C:\Program Files\dbar
2008-04-12 12:11 --------- d-----w C:\Program Files\Wanadoo
2008-04-08 13:50 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-04-08 13:49 --------- d-----w C:\Program Files\DivX
2008-04-08 13:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 21:08 --------- d-----w C:\Documents and Settings\princess\Application Data\Deskbar_{62BA27D2-410F-42cf-BA17-827DE2C001B8}
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-25 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-18 08:05 --------- d-----w C:\Program Files\StarOffice7
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-01-25 01:52 65,536 ----a-w C:\Program Files\Fichiers communs\NMSAccessU.exe
2005-07-29 15:24 472 -csha-r C:\WINDOWS\Q29uc2VpbCBH6W7pcmFsIGRlcyBCRFI\kZ6RwZpDvF1JdqeDwAIPK3l5wV1FlIK.vbs
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STDSB"="C:\WINDOWS\system32\STDSB.exe" [2002-02-27 19:30 28672]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-25 17:21 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-25 17:20 561152]
"icon"="C:\WINDOWS\system32\icon.exe" [2003-08-18 15:56 204800]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 14:08 98304]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-17 16:02 180269]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-08 19:35 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-06-02 13:16:53 835584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxust]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\olfgqcil]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-06-27 13:01 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-18 14:08 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WL]
C:\WINDOWS\system32\WL.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\STDSB.sys [2002-07-12 13:41]
R2 NMSAccessU;NMSAccessU;C:\Program Files\Fichiers communs\NMSAccessU.exe [2007-01-25 03:52]
R3 ENE;ENE;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2002-12-23 09:47]
R3 wlags48d;Agere Wireless PCCard Service;C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-07-07 06:24]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S3 SNDM360;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndm360.sys [2003-12-08 19:35]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 18:18:55
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-12 18:20:16
ComboFix-quarantined-files.txt 2008-04-12 16:19:45
ComboFix2.txt 2008-04-11 15:06:14
Pre-Run: 25,377,763,328 octets libres
Post-Run: 25,361,240,064 octets libres
.
2008-04-09 17:32:39 --- E O F ---
et hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\STDSB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: byxxust - C:\WINDOWS\
O20 - Winlogon Notify: olfgqcil - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
rapport combofix
ComboFix 08-04-10.9 - princess 2008-04-12 18:16:10.4 - NTFSx86
Endroit: C:\Documents and Settings\princess\Bureau\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\princess\Bureau\CFscript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Program Files\dbar\deskbar.dll
C:\Program Files\dbar\Deskbar.dll
C:\Program Files\winvi\wupda.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\dbar\deskbar.dll
C:\Program Files\winvi\wupda.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-12 to 2008-04-12 ))))))))))))))))))))))))))))))))))))
.
2008-04-11 16:51 . 2008-04-11 16:51 <REP> d-------- C:\ComboFix
2008-04-11 15:05 . 2008-04-11 15:05 <REP> d-------- C:\Program Files\Trend Micro
2008-04-11 14:53 . 2008-04-11 14:53 1,160 --a------ C:\WINDOWS\mozver.dat
2008-04-10 18:46 . 2008-04-10 18:47 254 --a------ C:\WINDOWS\wininit.ini
2008-04-10 17:18 . 2008-04-10 17:19 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-10 17:18 . 2008-04-10 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-09 14:25 . 2008-04-09 14:25 268 --ah----- C:\sqmdata10.sqm
2008-04-09 14:25 . 2008-04-09 14:25 244 --ah----- C:\sqmnoopt10.sqm
2008-04-09 12:33 . 2008-04-09 12:33 268 --ah----- C:\sqmdata09.sqm
2008-04-09 12:33 . 2008-04-09 12:33 244 --ah----- C:\sqmnoopt09.sqm
2008-04-09 11:50 . 2008-04-09 11:50 <REP> d-------- C:\Program Files\CCleaner
2008-04-09 11:40 . 2008-04-09 11:40 268 --ah----- C:\sqmdata08.sqm
2008-04-09 11:40 . 2008-04-09 11:40 244 --ah----- C:\sqmnoopt08.sqm
2008-04-08 15:44 . 2008-04-08 15:44 0 --a------ C:\WINDOWS\nsreg.dat
2008-04-08 15:36 . 2008-04-08 15:36 <REP> d-------- C:\Program Files\Avira
2008-04-08 15:36 . 2008-04-08 15:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 16:16 --------- d-----w C:\Program Files\winvi
2008-04-12 16:16 --------- d-----w C:\Program Files\dbar
2008-04-12 12:11 --------- d-----w C:\Program Files\Wanadoo
2008-04-08 13:50 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-04-08 13:49 --------- d-----w C:\Program Files\DivX
2008-04-08 13:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 21:08 --------- d-----w C:\Documents and Settings\princess\Application Data\Deskbar_{62BA27D2-410F-42cf-BA17-827DE2C001B8}
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-25 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-18 08:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-18 08:05 --------- d-----w C:\Program Files\StarOffice7
2008-02-15 05:44 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-01-25 01:52 65,536 ----a-w C:\Program Files\Fichiers communs\NMSAccessU.exe
2005-07-29 15:24 472 -csha-r C:\WINDOWS\Q29uc2VpbCBH6W7pcmFsIGRlcyBCRFI\kZ6RwZpDvF1JdqeDwAIPK3l5wV1FlIK.vbs
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STDSB"="C:\WINDOWS\system32\STDSB.exe" [2002-02-27 19:30 28672]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2002-10-25 17:21 126976]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2002-10-25 17:20 561152]
"icon"="C:\WINDOWS\system32\icon.exe" [2003-08-18 15:56 204800]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 14:08 98304]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 01:10 110592 C:\WINDOWS\system32\bthprops.cpl]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-05-17 16:02 180269]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-08 19:35 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2007-06-02 13:16:53 835584]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxxust]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\olfgqcil]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-06-27 13:01 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-05-18 14:08 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WL]
C:\WINDOWS\system32\WL.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 MTC0003_STDSB;Scroll Bar Driver;C:\WINDOWS\system32\STDSB.sys [2002-07-12 13:41]
R2 NMSAccessU;NMSAccessU;C:\Program Files\Fichiers communs\NMSAccessU.exe [2007-01-25 03:52]
R3 ENE;ENE;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys [2002-12-23 09:47]
R3 wlags48d;Agere Wireless PCCard Service;C:\WINDOWS\system32\DRIVERS\wlags48d.sys [2003-07-07 06:24]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S3 SNDM360;Philips FunCam;C:\WINDOWS\system32\DRIVERS\sndm360.sys [2003-12-08 19:35]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
.
**************************************************************************
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 18:18:55
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-04-12 18:20:16
ComboFix-quarantined-files.txt 2008-04-12 16:19:45
ComboFix2.txt 2008-04-11 15:06:14
Pre-Run: 25,377,763,328 octets libres
Post-Run: 25,361,240,064 octets libres
.
2008-04-09 17:32:39 --- E O F ---
et hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\NMSAccessU.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\STDSB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\system32\STDSB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - Winlogon Notify: byxxust - C:\WINDOWS\
O20 - Winlogon Notify: olfgqcil - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Fichiers communs\NMSAccessU.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 avril 2008 à 18:35
12 avril 2008 à 18:35
analyse ce fichier sur virus total et colle le rapport:
https://www.virustotal.com/gui/
C:\WINDOWS\system32\icon.exe
encore des soucis????????,
https://www.virustotal.com/gui/
C:\WINDOWS\system32\icon.exe
encore des soucis????????,
bonjour
rapport pour icon .exe
Fichier Icon.exe reçu le 2008.04.14 14:53:23 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 38 et 55 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.12.0 2008.04.14 -
AntiVir 7.6.0.85 2008.04.14 -
Authentium 4.93.8 2008.04.13 -
Avast 4.8.1169.0 2008.04.14 -
AVG 7.5.0.516 2008.04.14 -
BitDefender 7.2 2008.04.14 -
CAT-QuickHeal 9.50 2008.04.12 -
ClamAV 0.92.1 2008.04.14 -
DrWeb 4.44.0.09170 2008.04.14 -
eSafe 7.0.15.0 2008.04.09 -
eTrust-Vet 31.3.5697 2008.04.14 -
Ewido 4.0 2008.04.14 -
F-Prot 4.4.2.54 2008.04.14 -
F-Secure 6.70.13260.0 2008.04.14 -
FileAdvisor 1 2008.04.14 -
Fortinet 3.14.0.0 2008.04.14 -
Ikarus T3.1.1.26 2008.04.14 -
Kaspersky 7.0.0.125 2008.04.14 -
McAfee 5272 2008.04.11 -
Microsoft 1.3408 2008.04.14 -
NOD32v2 3024 2008.04.14 -
Norman 5.80.02 2008.04.12 -
Panda 9.0.0.4 2008.04.13 -
Prevx1 V2 2008.04.14 -
Rising 20.39.62.00 2008.04.13 -
Sophos 4.28.0 2008.04.14 -
Sunbelt 3.0.1041.0 2008.04.12 -
Symantec 10 2008.04.14 -
TheHacker 6.2.92.276 2008.04.12 -
VBA32 3.12.6.4 2008.04.14 -
VirusBuster 4.3.26:9 2008.04.13 -
Webwasher-Gateway 6.6.2 2008.04.14 -
Information additionnelle
File size: 204800 bytes
MD5...: 5db3adb2396042588d1df8bb01fad85a
SHA1..: f4d6b410a9e3402e13c1f4b6ae9437a90a0edc32
SHA256: ec29167e9fb58f548bc185faa8747594e96c188cf763134ef7b1b62960b6a37d
SHA512: dfbe95af5ac37c0e55a775442ff021815da47136a5e4481600b86847b671b7c4
5b11921e350002d05552fffaf8ad155d526d92eb0ab271b83964496de1476768
PEiD..: Armadillo v1.71
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x409dd7
timedatestamp.....: 0x3f40a2d8 (Mon Aug 18 09:56:40 2003)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2178b 0x22000 6.55 1b464187a58643051045351d0bf9317a
.rdata 0x23000 0x8986 0x9000 4.65 11035bfd9694b983e359485a4fc2cbb6
.data 0x2c000 0x63c8 0x3000 3.17 18856ae8a38f377e00cf3257385e7aa5
.rsrc 0x33000 0x29b8 0x3000 4.28 da29f7a7f37db0d7a7274624b4a3fa1d
( 13 imports )
> WINIO.dll: ShutdownWinIo, InitializeWinIo, GetPortVal, SetPortVal
> KERNEL32.dll: RtlUnwind, ExitProcess, GetStartupInfoA, TerminateProcess, RaiseException, HeapAlloc, GetCommandLineA, GetTickCount, FormatMessageA, SetStdHandle, GetFileType, HeapFree, HeapReAlloc, GetACP, GetTimeZoneInformation, UnhandledExceptionFilter, FreeEnvironmentStringsA, HeapSize, SetHandleCount, GetStdHandle, HeapDestroy, HeapCreate, VirtualFree, SetUnhandledExceptionFilter, GetCurrentProcess, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, FileTimeToLocalFileTime, CompareStringA, CompareStringW, SetEnvironmentVariableA, FileTimeToSystemTime, SetErrorMode, GetFileTime, GetFileSize, GetFileAttributesA, GetThreadLocale, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetEnvironmentStringsW, DuplicateHandle, FindResourceA, LoadResource, LockResource, GetVersion, lstrcatA, GetCurrentThreadId, GlobalGetAtomNameA, lstrcmpiA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcpyA, GetModuleHandleA, GetProcAddress, WinExec, SizeofResource, WritePrivateProfileStringA, GetOEMCP, GetCPInfo, GetProcessVersion, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalFree, LocalAlloc, lstrcpynA, GetLastError, MulDiv, SetLastError, MultiByteToWideChar, WideCharToMultiByte, InterlockedDecrement, InterlockedIncrement, lstrlenA, GlobalUnlock, GlobalFree, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, lstrcmpA, GetCurrentThread, LoadLibraryA, FreeLibrary, VirtualAlloc, IsBadWritePtr, FreeEnvironmentStringsW, GetEnvironmentStrings, GetProfileStringA
> USER32.dll: CharUpperA, CharNextA, CopyAcceleratorTableA, SetRect, GetNextDlgGroupItem, MessageBeep, InvalidateRect, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, GetDesktopWindow, PtInRect, GetClassNameA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, DestroyMenu, LoadStringA, MapDialogRect, SetWindowContextHelpId, EndDialog, CreateDialogIndirectParamA, GetMessageA, TranslateMessage, GetActiveWindow, ValidateRect, GetCursorPos, SetCursor, PostQuitMessage, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetNextDlgTabItem, IsWindowEnabled, ShowWindow, IsDialogMessageA, PostMessageA, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, LoadCursorA, DispatchMessageA, SetActiveWindow, IsWindow, SetFocus, AdjustWindowRectEx, ScreenToClient, CopyRect, IsWindowVisible, GetTopWindow, MessageBoxA, IsChild, GetParent, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, DestroyWindow, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetSysColorBrush, SetWindowTextA, MoveWindow, PeekMessageA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetWindow, GetWindowLongA, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SetTimer, GetSystemMenu, AppendMenuA, SendMessageA, LoadIconA, EnableWindow, RegisterHotKey, UnregisterHotKey, GetFocus, GetMenuCheckMarkDimensions, HideCaret, ShowCaret, ExcludeUpdateRgn, DrawFocusRect, DefDlgProcA, IsWindowUnicode, UnregisterClassA
> GDI32.dll: BitBlt, GetTextExtentPointA, CreateCompatibleDC, CreateDIBitmap, DeleteObject, GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextColor, GetBkColor, DPtoLP, LPtoDP, GetMapMode, PatBlt, IntersectClipRect, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetBkMode, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, CreateBitmap, GetObjectA, SetBkColor, SetTextColor, GetClipBox
> comdlg32.dll: GetFileTitleA
> WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter
> ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA
> SHELL32.dll: Shell_NotifyIconA
> COMCTL32.dll: -
> oledlg.dll: -
> ole32.dll: CoFreeUnusedLibraries, OleInitialize, OleUninitialize, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, StgCreateDocfileOnILockBytes, CoRegisterMessageFilter, StgOpenStorageOnILockBytes, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard, CoTaskMemAlloc, CoTaskMemFree, CreateILockBytesOnHGlobal
> OLEPRO32.DLL: -
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -
( 0 exports )
rapport pour icon .exe
Fichier Icon.exe reçu le 2008.04.14 14:53:23 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 0/32 (0%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 38 et 55 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.12.0 2008.04.14 -
AntiVir 7.6.0.85 2008.04.14 -
Authentium 4.93.8 2008.04.13 -
Avast 4.8.1169.0 2008.04.14 -
AVG 7.5.0.516 2008.04.14 -
BitDefender 7.2 2008.04.14 -
CAT-QuickHeal 9.50 2008.04.12 -
ClamAV 0.92.1 2008.04.14 -
DrWeb 4.44.0.09170 2008.04.14 -
eSafe 7.0.15.0 2008.04.09 -
eTrust-Vet 31.3.5697 2008.04.14 -
Ewido 4.0 2008.04.14 -
F-Prot 4.4.2.54 2008.04.14 -
F-Secure 6.70.13260.0 2008.04.14 -
FileAdvisor 1 2008.04.14 -
Fortinet 3.14.0.0 2008.04.14 -
Ikarus T3.1.1.26 2008.04.14 -
Kaspersky 7.0.0.125 2008.04.14 -
McAfee 5272 2008.04.11 -
Microsoft 1.3408 2008.04.14 -
NOD32v2 3024 2008.04.14 -
Norman 5.80.02 2008.04.12 -
Panda 9.0.0.4 2008.04.13 -
Prevx1 V2 2008.04.14 -
Rising 20.39.62.00 2008.04.13 -
Sophos 4.28.0 2008.04.14 -
Sunbelt 3.0.1041.0 2008.04.12 -
Symantec 10 2008.04.14 -
TheHacker 6.2.92.276 2008.04.12 -
VBA32 3.12.6.4 2008.04.14 -
VirusBuster 4.3.26:9 2008.04.13 -
Webwasher-Gateway 6.6.2 2008.04.14 -
Information additionnelle
File size: 204800 bytes
MD5...: 5db3adb2396042588d1df8bb01fad85a
SHA1..: f4d6b410a9e3402e13c1f4b6ae9437a90a0edc32
SHA256: ec29167e9fb58f548bc185faa8747594e96c188cf763134ef7b1b62960b6a37d
SHA512: dfbe95af5ac37c0e55a775442ff021815da47136a5e4481600b86847b671b7c4
5b11921e350002d05552fffaf8ad155d526d92eb0ab271b83964496de1476768
PEiD..: Armadillo v1.71
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x409dd7
timedatestamp.....: 0x3f40a2d8 (Mon Aug 18 09:56:40 2003)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2178b 0x22000 6.55 1b464187a58643051045351d0bf9317a
.rdata 0x23000 0x8986 0x9000 4.65 11035bfd9694b983e359485a4fc2cbb6
.data 0x2c000 0x63c8 0x3000 3.17 18856ae8a38f377e00cf3257385e7aa5
.rsrc 0x33000 0x29b8 0x3000 4.28 da29f7a7f37db0d7a7274624b4a3fa1d
( 13 imports )
> WINIO.dll: ShutdownWinIo, InitializeWinIo, GetPortVal, SetPortVal
> KERNEL32.dll: RtlUnwind, ExitProcess, GetStartupInfoA, TerminateProcess, RaiseException, HeapAlloc, GetCommandLineA, GetTickCount, FormatMessageA, SetStdHandle, GetFileType, HeapFree, HeapReAlloc, GetACP, GetTimeZoneInformation, UnhandledExceptionFilter, FreeEnvironmentStringsA, HeapSize, SetHandleCount, GetStdHandle, HeapDestroy, HeapCreate, VirtualFree, SetUnhandledExceptionFilter, GetCurrentProcess, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, IsBadReadPtr, IsBadCodePtr, FileTimeToLocalFileTime, CompareStringA, CompareStringW, SetEnvironmentVariableA, FileTimeToSystemTime, SetErrorMode, GetFileTime, GetFileSize, GetFileAttributesA, GetThreadLocale, GetFullPathNameA, GetVolumeInformationA, FindFirstFileA, FindClose, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, CreateFileA, GetEnvironmentStringsW, DuplicateHandle, FindResourceA, LoadResource, LockResource, GetVersion, lstrcatA, GetCurrentThreadId, GlobalGetAtomNameA, lstrcmpiA, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, lstrcpyA, GetModuleHandleA, GetProcAddress, WinExec, SizeofResource, WritePrivateProfileStringA, GetOEMCP, GetCPInfo, GetProcessVersion, GlobalFlags, TlsGetValue, LocalReAlloc, TlsSetValue, EnterCriticalSection, GlobalReAlloc, LeaveCriticalSection, TlsFree, GlobalHandle, DeleteCriticalSection, TlsAlloc, InitializeCriticalSection, LocalFree, LocalAlloc, lstrcpynA, GetLastError, MulDiv, SetLastError, MultiByteToWideChar, WideCharToMultiByte, InterlockedDecrement, InterlockedIncrement, lstrlenA, GlobalUnlock, GlobalFree, CloseHandle, GetModuleFileNameA, GlobalLock, GlobalAlloc, lstrcmpA, GetCurrentThread, LoadLibraryA, FreeLibrary, VirtualAlloc, IsBadWritePtr, FreeEnvironmentStringsW, GetEnvironmentStrings, GetProfileStringA
> USER32.dll: CharUpperA, CharNextA, CopyAcceleratorTableA, SetRect, GetNextDlgGroupItem, MessageBeep, InvalidateRect, InflateRect, RegisterClipboardFormatA, PostThreadMessageA, GetDesktopWindow, PtInRect, GetClassNameA, GrayStringA, DrawTextA, TabbedTextOutA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, DestroyMenu, LoadStringA, MapDialogRect, SetWindowContextHelpId, EndDialog, CreateDialogIndirectParamA, GetMessageA, TranslateMessage, GetActiveWindow, ValidateRect, GetCursorPos, SetCursor, PostQuitMessage, LoadBitmapA, GetMenuState, ModifyMenuA, SetMenuItemBitmaps, CheckMenuItem, EnableMenuItem, GetNextDlgTabItem, IsWindowEnabled, ShowWindow, IsDialogMessageA, PostMessageA, UpdateWindow, SendDlgItemMessageA, MapWindowPoints, GetSysColor, LoadCursorA, DispatchMessageA, SetActiveWindow, IsWindow, SetFocus, AdjustWindowRectEx, ScreenToClient, CopyRect, IsWindowVisible, GetTopWindow, MessageBoxA, IsChild, GetParent, GetCapture, WinHelpA, wsprintfA, GetClassInfoA, RegisterClassA, GetMenu, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetDlgItem, GetWindowTextLengthA, GetWindowTextA, GetDlgCtrlID, GetKeyState, DefWindowProcA, DestroyWindow, CreateWindowExA, SetWindowsHookExA, CallNextHookEx, GetClassLongA, SetPropA, UnhookWindowsHookEx, GetSysColorBrush, SetWindowTextA, MoveWindow, PeekMessageA, GetPropA, CallWindowProcA, RemovePropA, GetMessageTime, GetMessagePos, GetLastActivePopup, GetForegroundWindow, SetForegroundWindow, GetWindow, GetWindowLongA, SetWindowLongA, SetWindowPos, RegisterWindowMessageA, OffsetRect, IntersectRect, SystemParametersInfoA, GetWindowPlacement, GetWindowRect, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, SetTimer, GetSystemMenu, AppendMenuA, SendMessageA, LoadIconA, EnableWindow, RegisterHotKey, UnregisterHotKey, GetFocus, GetMenuCheckMarkDimensions, HideCaret, ShowCaret, ExcludeUpdateRgn, DrawFocusRect, DefDlgProcA, IsWindowUnicode, UnregisterClassA
> GDI32.dll: BitBlt, GetTextExtentPointA, CreateCompatibleDC, CreateDIBitmap, DeleteObject, GetDeviceCaps, GetViewportExtEx, GetWindowExtEx, CreateSolidBrush, PtVisible, RectVisible, TextOutA, ExtTextOutA, Escape, GetTextColor, GetBkColor, DPtoLP, LPtoDP, GetMapMode, PatBlt, IntersectClipRect, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, SetBkMode, GetStockObject, SelectObject, RestoreDC, SaveDC, DeleteDC, CreateBitmap, GetObjectA, SetBkColor, SetTextColor, GetClipBox
> comdlg32.dll: GetFileTitleA
> WINSPOOL.DRV: OpenPrinterA, DocumentPropertiesA, ClosePrinter
> ADVAPI32.dll: RegSetValueExA, RegCloseKey, RegCreateKeyExA, RegOpenKeyExA
> SHELL32.dll: Shell_NotifyIconA
> COMCTL32.dll: -
> oledlg.dll: -
> ole32.dll: CoFreeUnusedLibraries, OleInitialize, OleUninitialize, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, StgCreateDocfileOnILockBytes, CoRegisterMessageFilter, StgOpenStorageOnILockBytes, CoRevokeClassObject, OleIsCurrentClipboard, OleFlushClipboard, CoTaskMemAlloc, CoTaskMemFree, CreateILockBytesOnHGlobal
> OLEPRO32.DLL: -
> OLEAUT32.dll: -, -, -, -, -, -, -, -, -
( 0 exports )
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
14 avril 2008 à 15:29
14 avril 2008 à 15:29
ok rin
encore des soucis
encore des soucis
encore des soucis rapport a icon.exe ?
te colle un rapport antivir il ne detecte plus aucun virus
AntiVir PersonalEdition Classic
Report file date: lundi 14 avril 2008 18:31
Scanning for 1200071 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PC-000000000
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:35:07
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 12:16:42
ANTIVIR3.VDF : 7.0.3.161 79360 Bytes 14/04/2008 12:36:16
AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 12/04/2008 12:16:43
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 08/04/2008 17:35:09
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: lundi 14 avril 2008 18:31
Starting search for hidden objects.
'46413' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'Icon.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'STDSB.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '25' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
End of the scan: lundi 14 avril 2008 19:18
Used time: 47:36 min
The scan has been done completely.
3309 Scanning directories
189385 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
189385 Files not concerned
7210 Archives were scanned
2 Warnings
0 Notes
46413 Objects were scanned with rootkit scan
0 Hidden objects were found
te colle un rapport antivir il ne detecte plus aucun virus
AntiVir PersonalEdition Classic
Report file date: lundi 14 avril 2008 18:31
Scanning for 1200071 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PC-000000000
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:35:07
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 12:16:42
ANTIVIR3.VDF : 7.0.3.161 79360 Bytes 14/04/2008 12:36:16
AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 12/04/2008 12:16:43
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 08/04/2008 17:35:09
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: lundi 14 avril 2008 18:31
Starting search for hidden objects.
'46413' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'Icon.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'STDSB.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
[WARNING] The boot sector file could not be read!
[WARNING] Error code: 0x0015
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '25' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
End of the scan: lundi 14 avril 2008 19:18
Used time: 47:36 min
The scan has been done completely.
3309 Scanning directories
189385 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
189385 Files not concerned
7210 Archives were scanned
2 Warnings
0 Notes
46413 Objects were scanned with rootkit scan
0 Hidden objects were found
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 avril 2008 à 12:37
16 avril 2008 à 12:37
oui as tu encore le moindre probleme sur l'ordi
si il n'y en a pas c'est bon!
si il n'y en a pas c'est bon!