Hldrrr.exe
Résolu/Fermé15 réponses
Utilisateur anonyme
18 mai 2008 à 19:38
18 mai 2008 à 19:38
salut
fais ca:
* Télécharger Combifix (by Subs) sur cette page :
* http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Enregistrez le sur le bureau
* Déconnectez vous d'internet et fermez toutes tes applications et programmes
* Double-cliquez sur combo-fix.exe
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée sous la racine: C:\Combofix.txt
Remarque : combo se charge de supprimer un certain nombre de fichiers infectés liés à bagle.
Il est impératif de télécharger combo par le lien donné précédemment ( version renommée ) ou alors de renommer vous même combo ( clic droit sur le fichier < renommer ), car sinon Combo sera totalement inefficace face à Bagle !
(vous pouver renomer combofix en n'importe quoi comme killer ou tuer etc...)
vous me poster le rapport
fais ca:
* Télécharger Combifix (by Subs) sur cette page :
* http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Enregistrez le sur le bureau
* Déconnectez vous d'internet et fermez toutes tes applications et programmes
* Double-cliquez sur combo-fix.exe
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée sous la racine: C:\Combofix.txt
Remarque : combo se charge de supprimer un certain nombre de fichiers infectés liés à bagle.
Il est impératif de télécharger combo par le lien donné précédemment ( version renommée ) ou alors de renommer vous même combo ( clic droit sur le fichier < renommer ), car sinon Combo sera totalement inefficace face à Bagle !
(vous pouver renomer combofix en n'importe quoi comme killer ou tuer etc...)
vous me poster le rapport
nico-81
Messages postés
1612
Date d'inscription
vendredi 18 avril 2008
Statut
Membre
Dernière intervention
27 février 2014
98
18 mai 2008 à 19:54
18 mai 2008 à 19:54
fixe xette ligne :
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
regarde :
http://www.castlecops.com/modules.php?name=StartupList&query=SOUNDMAN.EXE
mais je ne suis pas sûr, atta qu'une autre personne regarde
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
regarde :
http://www.castlecops.com/modules.php?name=StartupList&query=SOUNDMAN.EXE
mais je ne suis pas sûr, atta qu'une autre personne regarde
Utilisateur anonyme
18 mai 2008 à 19:55
18 mai 2008 à 19:55
ok reposte moi un log hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:24, on 18.05.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://whatevercc.livejournal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Demoxi WebBrowserEvents Class - {503FC3A4-DA2D-4DE5-AD2B-7AEDBE2BDFDD} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O2 - BHO: Demoxi ToolButton Class - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WebSite-Watcher.lnk = C:\Program Files\WebSite-Watcher\wswatch.exe
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Daz\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Demoxi - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{B051A34C-C932-4619-8C59-FDF70755A913}: NameServer = 192.168.1.1
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
Scan saved at 19:57:24, on 18.05.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://whatevercc.livejournal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Demoxi WebBrowserEvents Class - {503FC3A4-DA2D-4DE5-AD2B-7AEDBE2BDFDD} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O2 - BHO: Demoxi ToolButton Class - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WebSite-Watcher.lnk = C:\Program Files\WebSite-Watcher\wswatch.exe
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Daz\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Demoxi - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{B051A34C-C932-4619-8C59-FDF70755A913}: NameServer = 192.168.1.1
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:24, on 18.05.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://whatevercc.livejournal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Demoxi WebBrowserEvents Class - {503FC3A4-DA2D-4DE5-AD2B-7AEDBE2BDFDD} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O2 - BHO: Demoxi ToolButton Class - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WebSite-Watcher.lnk = C:\Program Files\WebSite-Watcher\wswatch.exe
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Daz\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Demoxi - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{B051A34C-C932-4619-8C59-FDF70755A913}: NameServer = 192.168.1.1
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
Scan saved at 19:57:24, on 18.05.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://whatevercc.livejournal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Demoxi WebBrowserEvents Class - {503FC3A4-DA2D-4DE5-AD2B-7AEDBE2BDFDD} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O2 - BHO: Demoxi ToolButton Class - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WebSite-Watcher.lnk = C:\Program Files\WebSite-Watcher\wswatch.exe
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Daz\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Demoxi - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{B051A34C-C932-4619-8C59-FDF70755A913}: NameServer = 192.168.1.1
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
Utilisateur anonyme
18 mai 2008 à 20:09
18 mai 2008 à 20:09
maintenant désinstalle avast et mes antivir mes le a jour puis fais un scan et supprime tous se qu'il trouve (delete)
puis poste moi le log d'antivir et un nouveau log d'hijackthis
puis poste moi le log d'antivir et un nouveau log d'hijackthis
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ça va prendre un peu plus de temps, le scan d'antivir n'en est pas à 2%, je te poste ça dans la soirée .. merci ;)
12h et beaucoup de fichiers plus tard ... AntiVir m'a trouvé quelques merdes qu'Avast m'avait laissé ... merci Avast ....
Avira AntiVir Personal
Report file date: dimanche, 18. mai 2008 20:37
Scanning for 1276115 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: AMN-ML87VDR00G3
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09.04.2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18.03.2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07.02.2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28.02.2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21.02.2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07.03.2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17.05.2008 18:36:20
ANTIVIR3.VDF : 7.0.4.54 2048 Bytes 17.05.2008 18:36:20
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25.02.2008 09:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 18.05.2008 18:36:33
AESCN.DLL : 8.1.0.18 119156 Bytes 18.05.2008 18:36:31
AERDL.DLL : 8.1.0.20 418165 Bytes 18.05.2008 18:36:31
AEPACK.DLL : 8.1.1.5 364918 Bytes 18.05.2008 18:36:30
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18.05.2008 18:36:28
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 18.05.2008 18:36:27
AEHELP.DLL : 8.1.0.14 115063 Bytes 18.05.2008 18:36:23
AEGEN.DLL : 8.1.0.21 303477 Bytes 18.05.2008 18:36:23
AEEMU.DLL : 8.1.0.6 430451 Bytes 18.05.2008 18:36:22
AECORE.DLL : 8.1.0.29 168311 Bytes 18.05.2008 18:36:21
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23.01.2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18.02.2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23.01.2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28.02.2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23.01.2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10.03.2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06.03.2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, G:, H:, I:, J:, K:, N:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche, 18. mai 2008 20:37
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'utorrent.exe' - '1' Module(s) have been scanned
Scan process 'wswatch.exe' - '1' Module(s) have been scanned
Scan process 'Printkey2000.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Boot sector 'J:\'
[INFO] No virus was found!
Boot sector 'K:\'
[INFO] No virus was found!
Boot sector 'N:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '37' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\Jeux\_install\Games N Gage (Pandemonium,Virtua Tennis, Fifa 2004 - 2005, Ssx, Sonic, Tomb Raider, Etc).zip
[0] Archive type: ZIP
--> N gage/Nokia N-Gage Games/Motoracer/keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.50696
--> N gage/Nokia N-Gage Games/Moto Racer/Moto Racer.rar
[1] Archive type: RAR
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.50696
[NOTE] The file was deleted!
D:\Jeux\_install\Jigsaw Puzzle Platinum.zip
[0] Archive type: ZIP
--> Keygen.exe
[DETECTION] Is the Trojan horse TR/Small.FIB
[NOTE] The file was deleted!
D:\__D\__inst\Trial-Reset_V3.0_Final.By.theboss.rar
[0] Archive type: RAR
--> Plugins\Empty Key.dll
[DETECTION] Is the Trojan horse TR/Agent.7184.1
[NOTE] The file was deleted!
Begin scan in 'G:\'
Begin scan in 'H:\'
H:\Documents and Settings\Daz\Mes documents\__D\_games\Games N Gage (Pandemonium,Virtua Tennis, Fifa 2004 - 2005, Ssx, Sonic, Tomb Raider, Etc).zip
[0] Archive type: ZIP
--> N gage/Nokia N-Gage Games/Motoracer/keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.50696
--> N gage/Nokia N-Gage Games/Moto Racer/Moto Racer.rar
[1] Archive type: RAR
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.50696
[NOTE] The file was deleted!
H:\Documents and Settings\Daz\Mes documents\__D\_games\Jigsaw Puzzle Platinum.zip
[0] Archive type: ZIP
--> Keygen.exe
[DETECTION] Is the Trojan horse TR/Small.FIB
[NOTE] The file was deleted!
H:\Documents and Settings\Daz\Mes documents\__D\__inst\Trial-Reset_V3.0_Final.By.theboss.rar
[0] Archive type: RAR
--> Plugins\Empty Key.dll
[DETECTION] Is the Trojan horse TR/Agent.7184.1
[NOTE] The file was deleted!
Begin scan in 'I:\'
I:\System Volume Information\_restore{32D4A648-C6AA-43FE-94B9-8056EADAB86E}\RP38\A0007195.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Kapucen.Gen
[NOTE] The file was moved to '4860b9af.qua'!
Begin scan in 'J:\'
Begin scan in 'K:\'
K:\Pics\A trier\The Sims - Spock skin.zip
[0] Archive type: ZIP
--> The Sims - Spock skin.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was deleted!
Begin scan in 'N:\' <My Book>
End of the scan: lundi, 19. mai 2008 08:48
Used time: 12:11:04 min
The scan has been done completely.
41101 Scanning directories
1843826 Files were scanned
10 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
7 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
1843816 Files not concerned
46529 Archives were scanned
2 Warnings
8 Notes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:55:41, on 19.05.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\WebSite-Watcher\wswatch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Semagic\LiveJournalU.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://whatevercc.livejournal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Demoxi WebBrowserEvents Class - {503FC3A4-DA2D-4DE5-AD2B-7AEDBE2BDFDD} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O2 - BHO: Demoxi ToolButton Class - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WebSite-Watcher.lnk = C:\Program Files\WebSite-Watcher\wswatch.exe
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Daz\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Demoxi - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{B051A34C-C932-4619-8C59-FDF70755A913}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
Avira AntiVir Personal
Report file date: dimanche, 18. mai 2008 20:37
Scanning for 1276115 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 1) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: AMN-ML87VDR00G3
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09.04.2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18.03.2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07.02.2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28.02.2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21.02.2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07.03.2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17.05.2008 18:36:20
ANTIVIR3.VDF : 7.0.4.54 2048 Bytes 17.05.2008 18:36:20
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 25.02.2008 09:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 18.05.2008 18:36:33
AESCN.DLL : 8.1.0.18 119156 Bytes 18.05.2008 18:36:31
AERDL.DLL : 8.1.0.20 418165 Bytes 18.05.2008 18:36:31
AEPACK.DLL : 8.1.1.5 364918 Bytes 18.05.2008 18:36:30
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 18.05.2008 18:36:28
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 18.05.2008 18:36:27
AEHELP.DLL : 8.1.0.14 115063 Bytes 18.05.2008 18:36:23
AEGEN.DLL : 8.1.0.21 303477 Bytes 18.05.2008 18:36:23
AEEMU.DLL : 8.1.0.6 430451 Bytes 18.05.2008 18:36:22
AECORE.DLL : 8.1.0.29 168311 Bytes 18.05.2008 18:36:21
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23.01.2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18.02.2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23.01.2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28.02.2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23.01.2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10.03.2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06.03.2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, G:, H:, I:, J:, K:, N:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche, 18. mai 2008 20:37
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'utorrent.exe' - '1' Module(s) have been scanned
Scan process 'wswatch.exe' - '1' Module(s) have been scanned
Scan process 'Printkey2000.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Boot sector 'J:\'
[INFO] No virus was found!
Boot sector 'K:\'
[INFO] No virus was found!
Boot sector 'N:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '37' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\Jeux\_install\Games N Gage (Pandemonium,Virtua Tennis, Fifa 2004 - 2005, Ssx, Sonic, Tomb Raider, Etc).zip
[0] Archive type: ZIP
--> N gage/Nokia N-Gage Games/Motoracer/keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.50696
--> N gage/Nokia N-Gage Games/Moto Racer/Moto Racer.rar
[1] Archive type: RAR
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.50696
[NOTE] The file was deleted!
D:\Jeux\_install\Jigsaw Puzzle Platinum.zip
[0] Archive type: ZIP
--> Keygen.exe
[DETECTION] Is the Trojan horse TR/Small.FIB
[NOTE] The file was deleted!
D:\__D\__inst\Trial-Reset_V3.0_Final.By.theboss.rar
[0] Archive type: RAR
--> Plugins\Empty Key.dll
[DETECTION] Is the Trojan horse TR/Agent.7184.1
[NOTE] The file was deleted!
Begin scan in 'G:\'
Begin scan in 'H:\'
H:\Documents and Settings\Daz\Mes documents\__D\_games\Games N Gage (Pandemonium,Virtua Tennis, Fifa 2004 - 2005, Ssx, Sonic, Tomb Raider, Etc).zip
[0] Archive type: ZIP
--> N gage/Nokia N-Gage Games/Motoracer/keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.50696
--> N gage/Nokia N-Gage Games/Moto Racer/Moto Racer.rar
[1] Archive type: RAR
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Agent.50696
[NOTE] The file was deleted!
H:\Documents and Settings\Daz\Mes documents\__D\_games\Jigsaw Puzzle Platinum.zip
[0] Archive type: ZIP
--> Keygen.exe
[DETECTION] Is the Trojan horse TR/Small.FIB
[NOTE] The file was deleted!
H:\Documents and Settings\Daz\Mes documents\__D\__inst\Trial-Reset_V3.0_Final.By.theboss.rar
[0] Archive type: RAR
--> Plugins\Empty Key.dll
[DETECTION] Is the Trojan horse TR/Agent.7184.1
[NOTE] The file was deleted!
Begin scan in 'I:\'
I:\System Volume Information\_restore{32D4A648-C6AA-43FE-94B9-8056EADAB86E}\RP38\A0007195.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Kapucen.Gen
[NOTE] The file was moved to '4860b9af.qua'!
Begin scan in 'J:\'
Begin scan in 'K:\'
K:\Pics\A trier\The Sims - Spock skin.zip
[0] Archive type: ZIP
--> The Sims - Spock skin.exe
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[NOTE] The file was deleted!
Begin scan in 'N:\' <My Book>
End of the scan: lundi, 19. mai 2008 08:48
Used time: 12:11:04 min
The scan has been done completely.
41101 Scanning directories
1843826 Files were scanned
10 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
7 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
1843816 Files not concerned
46529 Archives were scanned
2 Warnings
8 Notes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:55:41, on 19.05.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\WebSite-Watcher\wswatch.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Semagic\LiveJournalU.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://whatevercc.livejournal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Demoxi WebBrowserEvents Class - {503FC3A4-DA2D-4DE5-AD2B-7AEDBE2BDFDD} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O2 - BHO: Demoxi ToolButton Class - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [scheduler_monitor] C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: µTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Global Startup: WebSite-Watcher.lnk = C:\Program Files\WebSite-Watcher\wswatch.exe
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Documents and Settings\Daz\Application Data\aignes\WebSite-Watcher\config\settings\wswie.htm
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Demoxi - {93830054-C0EE-41a4-94FC-411CBEB9F076} - C:\Program Files\demoxi\identity\0.8.1.1169\bin\ie\identity.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{B051A34C-C932-4619-8C59-FDF70755A913}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ReaConverter scheduler service (rcp_service) - ReaSoft - C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
19 mai 2008 à 11:19
19 mai 2008 à 11:19
slt en passant
vire les crack trouvés par antivir!
et vide la quarantaine d'antivir!
______________
ton windows n'est pas a jour et tu n'as pas de parefeu?
mets a jour windows le SP2 et SP3
DEMARRER puis TOUS LES PROGRAMMES puis WINDOWS UPDATE
ensuite mets a jour internet explorer:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
_____________
tu n'as aucun antiespion:
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport (garde le par la suite)
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
je laisse
jessydu54, poursuivre
et te faire désativer ta restauration par la suite
vire les crack trouvés par antivir!
et vide la quarantaine d'antivir!
______________
ton windows n'est pas a jour et tu n'as pas de parefeu?
mets a jour windows le SP2 et SP3
DEMARRER puis TOUS LES PROGRAMMES puis WINDOWS UPDATE
ensuite mets a jour internet explorer:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
_____________
tu n'as aucun antiespion:
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport (garde le par la suite)
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
je laisse
jessydu54, poursuivre
et te faire désativer ta restauration par la suite
Non, mon pare feu a été viré par le virus et je verrai pour la mise à jour de XP ... j'attendrai qu'on me dire que la SP3 est stable et exempt de bugs et de failles (ce qui n'a pas l'air d'être encore tout à fait le cas).
Si si, j'ai un antispyware, je n'ai pas encore ressenti besoin de le passer sur cette installation de XP (Je l'ai installé il n'y a pas très longtemps sur un nouveau disque dur). Je le ferai certainement bientôt. Merci en tout cas ;)
Si si, j'ai un antispyware, je n'ai pas encore ressenti besoin de le passer sur cette installation de XP (Je l'ai installé il n'y a pas très longtemps sur un nouveau disque dur). Je le ferai certainement bientôt. Merci en tout cas ;)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
19 mai 2008 à 12:55
19 mai 2008 à 12:55
remets un parefeu en urgence et installe le sp2 au moins
Utilisateur anonyme
19 mai 2008 à 14:19
19 mai 2008 à 14:19
dsl j'ai du m'absenter merci jlpjlp de lui avoir répondue
comme par feu je te conseille zone alarm free
comme par feu je te conseille zone alarm free
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
19 mai 2008 à 15:31
19 mai 2008 à 15:31
il faut désactiver ta restauration car des virus sont dedans:
désactive la restauration système
puis redemarre ton ordi
puis réactive là : https://www.informatruc.com
______________
recolle un scan antivir pour verifer
désactive la restauration système
puis redemarre ton ordi
puis réactive là : https://www.informatruc.com
______________
recolle un scan antivir pour verifer
18 mai 2008 à 19:52
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.687 [GMT 2:00]
Endroit: D:\__D\__inst\___virus\tueur.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\174171.exe
C:\WINDOWS\system32\drivers\downld\17589015.exe
C:\WINDOWS\system32\drivers\downld\17624140.exe
C:\WINDOWS\system32\drivers\downld\17782593.exe
C:\WINDOWS\system32\drivers\downld\17819031.exe
C:\WINDOWS\system32\drivers\downld\17841687.exe
C:\WINDOWS\system32\drivers\downld\89296.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\t.txt
N:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-18 to 2008-05-18 ))))))))))))))))))))))))))))))))))))
.
2008-05-18 19:41 . 2008-05-18 19:41 <REP> d-------- C:\ComboFix
2008-05-18 19:24 . 2008-05-18 19:24 <REP> d-------- C:\Program Files\Trend Micro
2008-05-18 19:20 . 2008-05-18 19:20 <REP> d-------- C:\Muestras
2008-05-18 13:40 . 2008-05-18 13:41 <REP> d-------- C:\Program Files\ReaConverter 5.5 Pro
2008-05-18 13:40 . 2008-05-18 13:47 <REP> d-------- C:\Documents and Settings\Daz\Application Data\RCP 5
2008-05-18 13:38 . 2008-05-18 13:39 <REP> d-------- C:\Program Files\gs
2008-05-16 18:29 . 2008-05-16 18:30 <REP> d-------- C:\Program Files\4Musics Multiformat Converter
2008-05-16 18:29 . 2004-05-12 14:41 40,960 --a------ C:\WINDOWS\system32\amshellext.dll
2008-05-14 00:53 . 2008-05-14 01:02 <REP> d-------- C:\Documents and Settings\Daz\Wagaya no Oinarisama OP(320KMP3+BK)
2008-05-13 08:49 . 2008-05-13 08:50 <REP> d-------- C:\Program Files\CDex_150
2008-05-07 15:28 . 2008-05-13 12:08 1,259,574 --a------ C:\WINDOWS\ACD Wallpaper.bmp
2008-05-01 10:18 . 2008-05-01 10:18 <REP> d-------- C:\Documents and Settings\Daz\.thumbnails
2008-05-01 10:10 . 2008-05-01 11:12 <REP> d-------- C:\Documents and Settings\Daz\.gimp-2.2
2008-05-01 10:07 . 2008-05-01 10:09 <REP> d-------- C:\Program Files\GIMP-2.2
2008-05-01 10:07 . 2008-05-01 10:07 <REP> d-------- C:\Program Files\Fichiers communs\GTK
2008-04-29 20:24 . 2008-04-29 20:24 <REP> d-------- C:\Program Files\Unlocker
2008-04-28 17:52 . 2008-04-28 17:52 0 --ah----- C:\Documents and Settings\NetworkService\hpothb07.dat
2008-04-27 11:59 . 2008-04-27 11:59 <REP> d-------- C:\Program Files\CDCheck
2008-04-22 07:34 . 2008-04-22 07:34 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\PhotoParade
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 17:41 --------- d-----w C:\Documents and Settings\Daz\Application Data\uTorrent
2008-05-18 17:04 --------- d-----w C:\Program Files\eMule
2008-05-18 14:01 --------- d-----w C:\Program Files\Semagic
2008-05-14 19:55 --------- d-----w C:\Program Files\Winamp
2008-05-13 08:52 --------- d-----w C:\Program Files\uTorrent
2008-05-12 06:16 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-04 17:34 --------- d-----w C:\Documents and Settings\Daz\Application Data\Jasc
2008-04-04 17:32 --------- d-----w C:\Program Files\Jasc Software Inc
2008-04-04 14:23 --------- d-----w C:\Program Files\demoxi
2008-04-04 14:23 --------- d-----w C:\Documents and Settings\Daz\Application Data\demoxi
2008-04-01 18:29 --------- d-----w C:\Program Files\Fichiers communs\FotoNation
2008-03-31 16:09 --------- d-----w C:\Program Files\Google
2008-03-31 16:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-31 16:02 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-03-25 16:01 --------- d-----w C:\Documents and Settings\Daz\Application Data\AdobeUM
2008-03-23 22:23 --------- d-----w C:\Program Files\Opera
2008-03-23 13:25 313,040 ----a-w C:\Documents and Settings\Daz\Application Data\GDIPFONTCACHEV1.DAT
2008-03-21 22:24 --------- d-----w C:\Program Files\ModTheSims2.com
2008-03-21 21:43 --------- d-----w C:\Program Files\jwpce
2008-03-21 21:21 782 ----a-w C:\registre.reg
2008-03-19 08:48 --------- d-----w C:\Documents and Settings\Daz\Application Data\Media Player Classic
2008-03-18 12:30 --------- d-----w C:\Documents and Settings\Daz\Application Data\ACD Systems
2008-03-18 10:42 --------- d-----w C:\Program Files\FileZilla
2008-03-18 08:33 --------- d-----w C:\Program Files\MSN Messenger
2008-03-17 20:02 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2008-03-17 18:37 558,142 ----a-w C:\WINDOWS\java\Packages\X3PNJ7Z1.ZIP
2008-03-17 18:37 155,995 ----a-w C:\WINDOWS\java\Packages\A7DRJHN1.ZIP
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{503FC3A4-DA2D-4DE5-AD2B-7AEDBE2BDFDD}]
2008-03-17 19:00 118784 --a------ C:\Program Files\demoxi\identity\[u]0[/u].8.1.1169\bin\ie\identity.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{93830054-C0EE-41a4-94FC-411CBEB9F076}]
2008-03-17 19:00 118784 --a------ C:\Program Files\demoxi\identity\[u]0[/u].8.1.1169\bin\ie\identity.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 11:45 13312]
"scheduler_monitor"="C:\Program Files\ReaConverter 5.5 Pro\init_scheduler.exe" [2007-06-15 11:17 27136]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2007-05-13 16:57 5308416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2002-08-28 21:38 208953]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
"SoundMan"="SOUNDMAN.EXE" [2003-12-19 11:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-25 22:10 335872]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 20:05 2532576]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 19:19 15872]
"QuickTime Task"="C:\Program Files\Satsuki Decoder Pack\filtres\qt\QTSystem\qttask.exe" [2008-03-17 21:51 282624]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 11:45 13312]
C:\Documents and Settings\Daz\Menu D‚marrer\Programmes\D‚marrage\
æTorrent.lnk - C:\Program Files\uTorrent\uTorrent.exe [2008-05-03 19:27:22 265008]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Printkey2000.lnk - C:\Program Files\PrintKey2000\Printkey2000.exe [2008-03-17 21:50:43 869376]
WebSite-Watcher.lnk - C:\Program Files\WebSite-Watcher\wswatch.exe [2008-03-17 21:25:31 1700352]
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDREG~1\DVDShell.dll [2004-03-07 17:58 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hp psc 1000 series.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hp psc 1000 series.lnk
backup=C:\WINDOWS\pss\hp psc 1000 series.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\demoxi identity]
--a------ 2008-03-17 19:01 364630 C:\Program Files\demoxi\identity\[u]0[/u].8.1.1169\bin\demoxi.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\System32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 18:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [2008-03-29 19:31]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 02:32]
S3 rcp_service;ReaConverter scheduler service;C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [2007-11-30 12:27]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 02:48]
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-17 18:05:22 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1205780723.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-18 19:46:34
Windows 5.1.2600 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
C:\Documents and Settings\Daz\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 815 bytes hidden from API
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Temps d'accomplissement: 2008-05-18 19:48:26
ComboFix-quarantined-files.txt 2008-05-18 17:47:24
Pre-Run: 19,445,055,488 octets libres
Post-Run: 19,706,445,824 octets libres
162