Besoin d'aide pour désinstaler un antivirus
Résolu/Fermé
jerry84
Messages postés
96
Date d'inscription
dimanche 27 avril 2008
Statut
Membre
Dernière intervention
11 janvier 2014
-
28 août 2008 à 11:38
jerry84 Messages postés 96 Date d'inscription dimanche 27 avril 2008 Statut Membre Dernière intervention 11 janvier 2014 - 31 août 2008 à 10:07
jerry84 Messages postés 96 Date d'inscription dimanche 27 avril 2008 Statut Membre Dernière intervention 11 janvier 2014 - 31 août 2008 à 10:07
A voir également:
- Besoin d'aide pour désinstaler un antivirus
- Comodo antivirus - Télécharger - Sécurité
- Panda antivirus - Télécharger - Antivirus & Antimalwares
- Avast antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Desactiver antivirus windows 10 - Guide
- Bitdefender antivirus free - Télécharger - Antivirus & Antimalwares
19 réponses
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
28 août 2008 à 11:40
28 août 2008 à 11:40
Bonjour, Jerry84
Je te conseille de noter ou d'imprimer ce texte car la désinfection va se faire en mode sans échec.
Autre astuce : Copie/colle le texte dans un fichier .txt que tu enregistres sur ton bureau.
Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’exécuter .
Ne choisis que la mise à jour. Le logiciel sera lancé en mode sans échec.
Tu relances l'ordinateur en mode sans échec ( touche F8 après redémarrage ).
Tu choisis ton compte utilisateur.
Pour lancer MalwareBytes, double-clique sur le raccourci du bureau.
Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.
A la fin de la recherche, Comme il est demandé, clique sur afficher les résultats de la recherche.
Choisis alors Supprimer la selection pour nettoyer les infections.
Tu postes le rapport dans ton prochain message.
Si tu ne le retrouves pas, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est.
Clique dessus et choisir ouvrir.
Le scan dure environ 50 mn.
A+
Je te conseille de noter ou d'imprimer ce texte car la désinfection va se faire en mode sans échec.
Autre astuce : Copie/colle le texte dans un fichier .txt que tu enregistres sur ton bureau.
Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’exécuter .
Ne choisis que la mise à jour. Le logiciel sera lancé en mode sans échec.
Tu relances l'ordinateur en mode sans échec ( touche F8 après redémarrage ).
Tu choisis ton compte utilisateur.
Pour lancer MalwareBytes, double-clique sur le raccourci du bureau.
Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.
A la fin de la recherche, Comme il est demandé, clique sur afficher les résultats de la recherche.
Choisis alors Supprimer la selection pour nettoyer les infections.
Tu postes le rapport dans ton prochain message.
Si tu ne le retrouves pas, ouvre MalwareBytes et regarde dans l’onglet Rapport/logs. Il y est.
Clique dessus et choisir ouvrir.
Le scan dure environ 50 mn.
A+
jerry84
Messages postés
96
Date d'inscription
dimanche 27 avril 2008
Statut
Membre
Dernière intervention
11 janvier 2014
8
29 août 2008 à 15:55
29 août 2008 à 15:55
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1094
Windows 5.1.2600 Service Pack 2
13:08:18 29/08/2008
mbam-log-08-29-2008 (13-08-18).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 80111
Temps écoulé: 48 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 23
Elément(s) de données du Registre infecté(s): 13
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 36
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\msvbcr40.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\kcekz.dll (Trojan.Zlob) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{8dc71747-ace0-40c1-8947-54f107d0639b} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\burstwriting.burstwriting (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\burstwriting.burstwriting.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvbcr40.msvbcr40 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvbcr40.msvbcr40.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\x123.x123mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\x123.x123mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{176d799e-6c8c-4d1a-8024-044d96a035e2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0bd44ab1-76a7-4e05-92f4-4b065fe72bd6} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bd44ab1-76a7-4e05-92f4-4b065fe72bd6} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3bebf2fe-7248-40e2-9752-8163eb6c4038} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{176d799e-6c8c-4d1a-8024-044d96a035e2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{8dc71747-ace0-40c1-8947-54f107d0639b} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3bebf2fe-7248-40e2-9752-8163eb6c4038} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3bebf2fe-7248-40e2-9752-8163eb6c4038} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\AV9 (Rogue.Antivirus2009) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\120237 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Menu Démarrer\Antivirus 2009 (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\kcekz.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvbcr40.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP283\A0014729.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\eChanblard\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AV9\av2009.exe (Rogue.Antivirus2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\BASE\vbase.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080827175243199.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080827180641417.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080827203649703.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080828112244703.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Bureau\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Local Settings\Temp\aet1.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Local Settings\Temp\aet3.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Favoris\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
Version de la base de données: 1094
Windows 5.1.2600 Service Pack 2
13:08:18 29/08/2008
mbam-log-08-29-2008 (13-08-18).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 80111
Temps écoulé: 48 minute(s), 29 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 28
Valeur(s) du Registre infectée(s): 23
Elément(s) de données du Registre infecté(s): 13
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 36
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\msvbcr40.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\kcekz.dll (Trojan.Zlob) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{8dc71747-ace0-40c1-8947-54f107d0639b} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\burstwriting.burstwriting (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\burstwriting.burstwriting.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvbcr40.msvbcr40 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\msvbcr40.msvbcr40.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\x123.x123mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\x123.x123mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{176d799e-6c8c-4d1a-8024-044d96a035e2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0bd44ab1-76a7-4e05-92f4-4b065fe72bd6} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0bd44ab1-76a7-4e05-92f4-4b065fe72bd6} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3bebf2fe-7248-40e2-9752-8163eb6c4038} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{176d799e-6c8c-4d1a-8024-044d96a035e2} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\e405.e405mgr (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEBrowse Tool (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IExplorer Bar (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Warning Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\multimediaControls.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{8dc71747-ace0-40c1-8947-54f107d0639b} (Trojan.Zlob.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{2756bad7-2f9f-47ef-ae6d-8d39cceb396f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3bebf2fe-7248-40e2-9752-8163eb6c4038} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3bebf2fe-7248-40e2-9752-8163eb6c4038} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\start (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\smile (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\default_search_url (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search page (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\search bar (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wblogon (Trojan.Zlob) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.Search) -> Bad: (http://internetsearchservice.com/ie6.html) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (https://internetsearchservice.com/606/search-engine-optimization-seo-specialist-in-phoenix-az/?q{searchTerms}) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\AV9 (Rogue.Antivirus2009) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\120237 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Menu Démarrer\Antivirus 2009 (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\BASE (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\DELETED (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\SAVED (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\kcekz.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\services\services.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvbcr40.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\Applications\iebt.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebr.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP283\A0014729.exe (Adware.Agent) -> Quarantined and deleted successfully.
D:\eChanblard\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AV9\av2009.exe (Rogue.Antivirus2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\as2008xp.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\BASE\vbase.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080827175243199.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080827180641417.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080827203649703.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080828112244703.log (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\scui.cpl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtmm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebtu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\iebu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcm.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcs.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Program Files\Applications\wcu.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Bureau\Antivirus 2009.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Online Spyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Local Settings\Temp\aet1.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Local Settings\Temp\aet3.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\Documents and Settings\jean\Favoris\Antivirus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
29 août 2008 à 16:44
29 août 2008 à 16:44
1) POste moi un nouveau rapport Hijackthis.
2) Tu vas télécharger ComBoFix sur le bureau ( IMPORTANT )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Redémarre l'ordinateur en mode sans échec ( touche F8 ) et choisis ton compte.
Double sur Combofix.exe et suis les invites.
Une fois le scan fini, un rapport va apparaitre.
Copie/colle ce rapport dans ta prochaine réponse.
Si tu ne le trouves pas, il est à C:\ComboFix.txt.
A+
2) Tu vas télécharger ComBoFix sur le bureau ( IMPORTANT )
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Redémarre l'ordinateur en mode sans échec ( touche F8 ) et choisis ton compte.
Double sur Combofix.exe et suis les invites.
Une fois le scan fini, un rapport va apparaitre.
Copie/colle ce rapport dans ta prochaine réponse.
Si tu ne le trouves pas, il est à C:\ComboFix.txt.
A+
jerry84
Messages postés
96
Date d'inscription
dimanche 27 avril 2008
Statut
Membre
Dernière intervention
11 janvier 2014
8
29 août 2008 à 17:13
29 août 2008 à 17:13
Avira AntiVir Personal
Report file date: vendredi 29 août 2008 16:07
Scanning for 1581830 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: JEAN-5471DD82E2
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 09:27:02
ANTIVIR3.VDF : 7.0.6.90 182272 Bytes 29/08/2008 09:50:20
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 28/08/2008 09:27:12
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 28/08/2008 09:27:11
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 28/08/2008 09:27:09
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 28/08/2008 09:27:05
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 28/08/2008 09:27:04
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 29 août 2008 16:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SpybotSD.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ScsiAccess.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'KodakCCS.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
Scan process 'Kodak Software Updater.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'mssysmgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'opware32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'htpatch.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '54' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\jean\Local Settings\Temporary Internet Files\Content.IE5\8PQ78HUV\setup_100525_3_[2].exe
[DETECTION] Is the TR/Dldr.FraudLoad.vbfo.2 Trojan
[NOTE] The file was moved to '492c0671.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020744.exe
[DETECTION] Is the TR/Dldr.Zlob.xbe Trojan
[NOTE] The file was moved to '48e80b85.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020745.dll
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80b88.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020756.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80b8a.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020767.exe
[DETECTION] Is the TR/Dldr.Zlob.xay Trojan
[NOTE] The file was moved to '48e80b8d.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020770.exe
[DETECTION] Is the TR/Zlob.csv.1 Trojan
[NOTE] The file was moved to '48e80b8e.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0020806.exe
[DETECTION] Is the TR/Dldr.Zlob.xbe Trojan
[NOTE] The file was moved to '48e80b92.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0020807.dll
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80b94.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021803.dll
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80b96.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021804.exe
[DETECTION] Is the TR/Dldr.Zlob.xbe Trojan
[NOTE] The file was moved to '48e80b97.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021849.exe
[DETECTION] Is the TR/Dldr.Zlob.xbe Trojan
[NOTE] The file was moved to '48e80b9b.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021850.dll
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80b9c.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021882.dll
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80b9f.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021890.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80ba1.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021893.exe
[DETECTION] Is the TR/Dldr.Zlob.xay Trojan
[NOTE] The file was moved to '48e80ba2.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021900.exe
[DETECTION] Is the TR/Dldr.Zlob.xbe Trojan
[NOTE] The file was moved to '48e80ba4.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021901.exe
[DETECTION] Is the TR/Drop.Zlob.ret.2 Trojan
[NOTE] The file was moved to '48e80ba5.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP358\A0022072.exe
[0] Archive type: ZIP SFX (self extracting)
--> wav.exe
[DETECTION] Is the TR/Fake.UltimaAV.bh Trojan
[NOTE] The file was moved to '48e80bb3.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP358\A0022073.exe
[0] Archive type: ZIP SFX (self extracting)
--> aav.exe
[DETECTION] Is the TR/Fake.UltimaAV.bh Trojan
[NOTE] The file was moved to '48e80bb5.qua'!
Begin scan in 'D:\' <Nouveau nom>
j'ai fais un scab antivir je t'envoie le scan hijack dessuite
End of the scan: vendredi 29 août 2008 16:58
Used time: 51:05 Minute(s)
The scan has been done completely.
5173 Scanning directories
183376 Files were scanned
19 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
19 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
183355 Files not concerned
2521 Archives were scanned
2 Warnings
19 Notes
Report file date: vendredi 29 août 2008 16:07
Scanning for 1581830 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: JEAN-5471DD82E2
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 09:27:02
ANTIVIR3.VDF : 7.0.6.90 182272 Bytes 29/08/2008 09:50:20
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 28/08/2008 09:27:12
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 28/08/2008 09:27:11
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 28/08/2008 09:27:09
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 28/08/2008 09:27:05
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 28/08/2008 09:27:04
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 29 août 2008 16:07
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SpybotSD.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ScsiAccess.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'KodakCCS.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'EasyShare.exe' - '1' Module(s) have been scanned
Scan process 'Kodak Software Updater.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'mssysmgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'InCD.exe' - '1' Module(s) have been scanned
Scan process 'opware32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'htpatch.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '54' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\jean\Local Settings\Temporary Internet Files\Content.IE5\8PQ78HUV\setup_100525_3_[2].exe
[DETECTION] Is the TR/Dldr.FraudLoad.vbfo.2 Trojan
[NOTE] The file was moved to '492c0671.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020744.exe
[DETECTION] Is the TR/Dldr.Zlob.xbe Trojan
[NOTE] The file was moved to '48e80b85.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020745.dll
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80b88.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020756.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80b8a.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020767.exe
[DETECTION] Is the TR/Dldr.Zlob.xay Trojan
[NOTE] The file was moved to '48e80b8d.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020770.exe
[DETECTION] Is the TR/Zlob.csv.1 Trojan
[NOTE] The file was moved to '48e80b8e.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0020806.exe
[DETECTION] Is the TR/Dldr.Zlob.xbe Trojan
[NOTE] The file was moved to '48e80b92.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0020807.dll
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80b94.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021803.dll
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80b96.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021804.exe
[DETECTION] Is the TR/Dldr.Zlob.xbe Trojan
[NOTE] The file was moved to '48e80b97.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021849.exe
[DETECTION] Is the TR/Dldr.Zlob.xbe Trojan
[NOTE] The file was moved to '48e80b9b.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021850.dll
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80b9c.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021882.dll
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80b9f.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021890.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Dldr.Zlob.xaq Trojan
[NOTE] The file was moved to '48e80ba1.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021893.exe
[DETECTION] Is the TR/Dldr.Zlob.xay Trojan
[NOTE] The file was moved to '48e80ba2.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021900.exe
[DETECTION] Is the TR/Dldr.Zlob.xbe Trojan
[NOTE] The file was moved to '48e80ba4.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021901.exe
[DETECTION] Is the TR/Drop.Zlob.ret.2 Trojan
[NOTE] The file was moved to '48e80ba5.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP358\A0022072.exe
[0] Archive type: ZIP SFX (self extracting)
--> wav.exe
[DETECTION] Is the TR/Fake.UltimaAV.bh Trojan
[NOTE] The file was moved to '48e80bb3.qua'!
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP358\A0022073.exe
[0] Archive type: ZIP SFX (self extracting)
--> aav.exe
[DETECTION] Is the TR/Fake.UltimaAV.bh Trojan
[NOTE] The file was moved to '48e80bb5.qua'!
Begin scan in 'D:\' <Nouveau nom>
j'ai fais un scab antivir je t'envoie le scan hijack dessuite
End of the scan: vendredi 29 août 2008 16:58
Used time: 51:05 Minute(s)
The scan has been done completely.
5173 Scanning directories
183376 Files were scanned
19 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
19 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
183355 Files not concerned
2521 Archives were scanned
2 Warnings
19 Notes
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jerry84
Messages postés
96
Date d'inscription
dimanche 27 avril 2008
Statut
Membre
Dernière intervention
11 janvier 2014
8
29 août 2008 à 17:35
29 août 2008 à 17:35
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:43, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Spybot - Search & Destroy\Updates\sbsd160upd.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\DOCUME~1\jean\LOCALS~1\Temp\is-PJBS6.tmp\sbsd160upd.tmp
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C176541-7880-4538-A2C3-6565A22BFB8F}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
Scan saved at 17:12:43, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\ScsiAccess.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Spybot - Search & Destroy\Updates\sbsd160upd.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\DOCUME~1\jean\LOCALS~1\Temp\is-PJBS6.tmp\sbsd160upd.tmp
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C176541-7880-4538-A2C3-6565A22BFB8F}: NameServer = 194.117.200.10,194.117.200.15
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
jerry84
Messages postés
96
Date d'inscription
dimanche 27 avril 2008
Statut
Membre
Dernière intervention
11 janvier 2014
8
29 août 2008 à 17:37
29 août 2008 à 17:37
ComboFix 08-08-28.06 - jean 2008-08-29 17:29:41.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.85 [GMT 2:00]
Endroit: C:\Documents and Settings\jean\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\jean\Application Data\macromedia\Flash Player\#SharedObjects\REQFVESP\bin.clearspring.com
C:\Documents and Settings\jean\Application Data\macromedia\Flash Player\#SharedObjects\REQFVESP\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\jean\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\jean\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\jean\Mes documents\My Documents.url
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.
2008-08-29 16:02 . 2008-08-29 16:02 <REP> d--h----- C:\WINDOWS\PIF
2008-08-29 11:58 . 2008-08-29 11:58 <REP> d-------- C:\Documents and Settings\jean\Application Data\Malwarebytes
2008-08-29 11:58 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 11:58 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 11:57 . 2008-08-29 11:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 11:57 . 2008-08-29 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-27 17:52 . 2008-08-29 13:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-27 11:54 . 2008-08-27 11:54 <REP> d-------- C:\Program Files\Avira
2008-08-27 11:54 . 2008-08-27 11:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-27 00:51 . 2008-08-27 01:15 <REP> d-------- C:\Program Files\Applications
2008-08-23 17:55 . 2008-08-23 17:55 <REP> d-------- C:\Program Files\PhotoFiltre
2008-08-14 15:29 . 2008-08-14 15:29 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\agi
2008-08-14 15:29 . 2008-08-14 15:29 <REP> d-------- C:\Documents and Settings\jean\Application Data\agi
2008-08-14 15:29 . 2008-08-14 15:29 2,113,536 --a------ C:\WINDOWS\system32\python25.dll
2008-08-14 15:29 . 2008-08-14 15:29 327,680 --a------ C:\WINDOWS\system32\pythoncom25.dll
2008-08-14 15:29 . 2008-08-14 15:29 102,400 --a------ C:\WINDOWS\system32\pywintypes25.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 15:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 13:59 --------- d-----w C:\Program Files\MSN Messenger
2008-08-29 13:46 --------- d-----w C:\Documents and Settings\jean\Application Data\OpenOffice.org2
2008-08-22 09:24 --------- d-----w C:\Documents and Settings\jean\Application Data\Canon
2008-08-20 19:36 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-07-24 11:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-15 12:19 --------- d-----w C:\Documents and Settings\jean\Application Data\AdobeUM
2008-07-07 11:18 --------- d-----w C:\Program Files\Coktel
2008-06-11 16:09 538 -c--a-w C:\Documents and Settings\jean\Application Data\wklnhst.dat
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2001-11-23 10:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-26 02:28 212992]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 17:40 28672]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15 106496]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-04-06 17:54 1398272]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-21 17:55 98304]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]
C:\Documents and Settings\jean\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-11 16:58:16 16423]
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-04-27 02:04:44 635019]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Club-Internet\\Assistance\\UpdateHitachi\\MAJ_Hitachi.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4661:TCP"= 4661:TCP:emule2
"4661:UDP"= 4661:UDP:emule3
"4662:TCP"= 4662:TCP:eChanblardNext-TCP
"4662:UDP"= 4662:UDP:EchanblardNext-TCP
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 PAC207;PC Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 14:30]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-StandardInstall - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\n09cmmk9.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 17:32:37
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
c'est le pport combofix qui c'est fais al'instalation je vais redemarer et faire le scan
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run?t?HLP?/??[???????[???[???????????????????[???[8F?????[$??????[????????????S??[????????m??[???w????(???{??w???w???????w???w???[????????d???b6?[%??[???[????"??[A??[???[.??wZ??[?3?[?3?[????st.I?????? [????d???0=?[?K?[
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 17:34:05
ComboFix-quarantined-files.txt 2008-08-29 15:34:01
Pre-Run: 17,425,661,952 octets libres
Post-Run: 17,970,876,416 octets libres
137 --- E O F --- 2008-06-28 01:04:51
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.85 [GMT 2:00]
Endroit: C:\Documents and Settings\jean\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\jean\Application Data\macromedia\Flash Player\#SharedObjects\REQFVESP\bin.clearspring.com
C:\Documents and Settings\jean\Application Data\macromedia\Flash Player\#SharedObjects\REQFVESP\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\jean\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\jean\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\jean\Mes documents\My Documents.url
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.
2008-08-29 16:02 . 2008-08-29 16:02 <REP> d--h----- C:\WINDOWS\PIF
2008-08-29 11:58 . 2008-08-29 11:58 <REP> d-------- C:\Documents and Settings\jean\Application Data\Malwarebytes
2008-08-29 11:58 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 11:58 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 11:57 . 2008-08-29 11:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 11:57 . 2008-08-29 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-27 17:52 . 2008-08-29 13:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-27 11:54 . 2008-08-27 11:54 <REP> d-------- C:\Program Files\Avira
2008-08-27 11:54 . 2008-08-27 11:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-27 00:51 . 2008-08-27 01:15 <REP> d-------- C:\Program Files\Applications
2008-08-23 17:55 . 2008-08-23 17:55 <REP> d-------- C:\Program Files\PhotoFiltre
2008-08-14 15:29 . 2008-08-14 15:29 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\agi
2008-08-14 15:29 . 2008-08-14 15:29 <REP> d-------- C:\Documents and Settings\jean\Application Data\agi
2008-08-14 15:29 . 2008-08-14 15:29 2,113,536 --a------ C:\WINDOWS\system32\python25.dll
2008-08-14 15:29 . 2008-08-14 15:29 327,680 --a------ C:\WINDOWS\system32\pythoncom25.dll
2008-08-14 15:29 . 2008-08-14 15:29 102,400 --a------ C:\WINDOWS\system32\pywintypes25.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 15:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 13:59 --------- d-----w C:\Program Files\MSN Messenger
2008-08-29 13:46 --------- d-----w C:\Documents and Settings\jean\Application Data\OpenOffice.org2
2008-08-22 09:24 --------- d-----w C:\Documents and Settings\jean\Application Data\Canon
2008-08-20 19:36 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-07-24 11:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-15 12:19 --------- d-----w C:\Documents and Settings\jean\Application Data\AdobeUM
2008-07-07 11:18 --------- d-----w C:\Program Files\Coktel
2008-06-11 16:09 538 -c--a-w C:\Documents and Settings\jean\Application Data\wklnhst.dat
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2001-11-23 10:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-26 02:28 212992]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 17:40 28672]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15 106496]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-04-06 17:54 1398272]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-21 17:55 98304]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]
C:\Documents and Settings\jean\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-11 16:58:16 16423]
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-04-27 02:04:44 635019]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Club-Internet\\Assistance\\UpdateHitachi\\MAJ_Hitachi.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4661:TCP"= 4661:TCP:emule2
"4661:UDP"= 4661:UDP:emule3
"4662:TCP"= 4662:TCP:eChanblardNext-TCP
"4662:UDP"= 4662:UDP:EchanblardNext-TCP
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 PAC207;PC Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 14:30]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-StandardInstall - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\n09cmmk9.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 17:32:37
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
c'est le pport combofix qui c'est fais al'instalation je vais redemarer et faire le scan
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run?t?HLP?/??[???????[???[???????????????????[???[8F?????[$??????[????????????S??[????????m??[???w????(???{??w???w???????w???w???[????????d???b6?[%??[???[????"??[A??[???[.??wZ??[?3?[?3?[????st.I?????? [????d???0=?[?K?[
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 17:34:05
ComboFix-quarantined-files.txt 2008-08-29 15:34:01
Pre-Run: 17,425,661,952 octets libres
Post-Run: 17,970,876,416 octets libres
137 --- E O F --- 2008-06-28 01:04:51
jerry84
Messages postés
96
Date d'inscription
dimanche 27 avril 2008
Statut
Membre
Dernière intervention
11 janvier 2014
8
29 août 2008 à 17:49
29 août 2008 à 17:49
ComboFix 08-08-28.06 - jean 2008-08-29 17:40:49.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\jean\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.
2008-08-29 16:02 . 2008-08-29 16:02 <REP> d--h----- C:\WINDOWS\PIF
2008-08-29 11:58 . 2008-08-29 11:58 <REP> d-------- C:\Documents and Settings\jean\Application Data\Malwarebytes
2008-08-29 11:58 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 11:58 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 11:57 . 2008-08-29 11:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 11:57 . 2008-08-29 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-27 17:52 . 2008-08-29 13:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-27 11:54 . 2008-08-27 11:54 <REP> d-------- C:\Program Files\Avira
2008-08-27 11:54 . 2008-08-27 11:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-27 00:51 . 2008-08-27 01:15 <REP> d-------- C:\Program Files\Applications
2008-08-23 17:55 . 2008-08-23 17:55 <REP> d-------- C:\Program Files\PhotoFiltre
2008-08-14 15:29 . 2008-08-14 15:29 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\agi
2008-08-14 15:29 . 2008-08-14 15:29 <REP> d-------- C:\Documents and Settings\jean\Application Data\agi
2008-08-14 15:29 . 2008-08-14 15:29 2,113,536 --a------ C:\WINDOWS\system32\python25.dll
2008-08-14 15:29 . 2008-08-14 15:29 327,680 --a------ C:\WINDOWS\system32\pythoncom25.dll
2008-08-14 15:29 . 2008-08-14 15:29 102,400 --a------ C:\WINDOWS\system32\pywintypes25.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 15:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 13:59 --------- d-----w C:\Program Files\MSN Messenger
2008-08-29 13:46 --------- d-----w C:\Documents and Settings\jean\Application Data\OpenOffice.org2
2008-08-22 09:24 --------- d-----w C:\Documents and Settings\jean\Application Data\Canon
2008-08-20 19:36 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-07-24 11:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-15 12:19 --------- d-----w C:\Documents and Settings\jean\Application Data\AdobeUM
2008-07-07 11:18 --------- d-----w C:\Program Files\Coktel
2008-06-11 16:09 538 -c--a-w C:\Documents and Settings\jean\Application Data\wklnhst.dat
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2001-11-23 10:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-26 02:28 212992]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 17:40 28672]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15 106496]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-04-06 17:54 1398272]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-21 17:55 98304]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]
C:\Documents and Settings\jean\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-11 16:58:16 16423]
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-04-27 02:04:44 635019]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Club-Internet\\Assistance\\UpdateHitachi\\MAJ_Hitachi.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4661:TCP"= 4661:TCP:emule2
"4661:UDP"= 4661:UDP:emule3
"4662:TCP"= 4662:TCP:eChanblardNext-TCP
"4662:UDP"= 4662:UDP:EchanblardNext-TCP
S3 PAC207;PC Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 14:30]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - DCFS2K
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\n09cmmk9.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 17:42:37
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run?t?HLP?/??[???????[???[???????????????????[???[8F?????[$??????[????????????S??[????????m??[???w????(???{??w???w???????w???w???[????????d???b6?[%??[???[????"??[A??[???[.??wZ??[?3?[?3?[????st.I?????? [????d???0=?[?K?[
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 17:43:45
ComboFix-quarantined-files.txt 2008-08-29 15:43:34
ComboFix2.txt 2008-08-29 15:34:06
Pre-Run: 18,273,636,352 octets libres
Post-Run: 18,268,880,896 octets libres
124 --- E O F --- 2008-06-28 01:04:51
Endroit: C:\Documents and Settings\jean\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.
2008-08-29 16:02 . 2008-08-29 16:02 <REP> d--h----- C:\WINDOWS\PIF
2008-08-29 11:58 . 2008-08-29 11:58 <REP> d-------- C:\Documents and Settings\jean\Application Data\Malwarebytes
2008-08-29 11:58 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-29 11:58 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-29 11:57 . 2008-08-29 11:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-29 11:57 . 2008-08-29 11:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-27 17:52 . 2008-08-29 13:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services
2008-08-27 11:54 . 2008-08-27 11:54 <REP> d-------- C:\Program Files\Avira
2008-08-27 11:54 . 2008-08-27 11:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-27 00:51 . 2008-08-27 01:15 <REP> d-------- C:\Program Files\Applications
2008-08-23 17:55 . 2008-08-23 17:55 <REP> d-------- C:\Program Files\PhotoFiltre
2008-08-14 15:29 . 2008-08-14 15:29 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\agi
2008-08-14 15:29 . 2008-08-14 15:29 <REP> d-------- C:\Documents and Settings\jean\Application Data\agi
2008-08-14 15:29 . 2008-08-14 15:29 2,113,536 --a------ C:\WINDOWS\system32\python25.dll
2008-08-14 15:29 . 2008-08-14 15:29 327,680 --a------ C:\WINDOWS\system32\pythoncom25.dll
2008-08-14 15:29 . 2008-08-14 15:29 102,400 --a------ C:\WINDOWS\system32\pywintypes25.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 15:10 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-29 13:59 --------- d-----w C:\Program Files\MSN Messenger
2008-08-29 13:46 --------- d-----w C:\Documents and Settings\jean\Application Data\OpenOffice.org2
2008-08-22 09:24 --------- d-----w C:\Documents and Settings\jean\Application Data\Canon
2008-08-20 19:36 --------- d-----w C:\Program Files\TrackMania Nations ESWC
2008-07-24 11:45 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-15 12:19 --------- d-----w C:\Documents and Settings\jean\Application Data\AdobeUM
2008-07-07 11:18 --------- d-----w C:\Program Files\Coktel
2008-06-11 16:09 538 -c--a-w C:\Documents and Settings\jean\Application Data\wklnhst.dat
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2001-11-23 10:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:54 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\mssysmgr.exe" [2005-02-26 02:28 212992]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 19:19 57344]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 17:40 28672]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 18:15 106496]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 11:38 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-12 16:40 155648]
"InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2006-04-06 17:54 1398272]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 19:19 40960]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-21 17:55 98304]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 12:01 319488]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 02:38 34672]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 06:54 15360]
C:\Documents and Settings\jean\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-11 16:58:16 16423]
Logiciel Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2004-04-27 02:04:44 635019]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= pvmjpg21.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Club-Internet\\Assistance\\UpdateHitachi\\MAJ_Hitachi.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4661:TCP"= 4661:TCP:emule2
"4661:UDP"= 4661:UDP:emule3
"4662:TCP"= 4662:TCP:eChanblardNext-TCP
"4662:UDP"= 4662:UDP:EchanblardNext-TCP
S3 PAC207;PC Camera;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-29 14:30]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
*Newly Created Service* - DCFS2K
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\jean\Application Data\Mozilla\Firefox\Profiles\n09cmmk9.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 17:42:37
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = C:\WINDOWS\htpatch.exe?ows\CurrentVersion\Run?t?HLP?/??[???????[???[???????????????????[???[8F?????[$??????[????????????S??[????????m??[???w????(???{??w???w???????w???w???[????????d???b6?[%??[???[????"??[A??[???[.??wZ??[?3?[?3?[????st.I?????? [????d???0=?[?K?[
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 17:43:45
ComboFix-quarantined-files.txt 2008-08-29 15:43:34
ComboFix2.txt 2008-08-29 15:34:06
Pre-Run: 18,273,636,352 octets libres
Post-Run: 18,268,880,896 octets libres
124 --- E O F --- 2008-06-28 01:04:51
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
29 août 2008 à 18:06
29 août 2008 à 18:06
je vois que tu as lancé plusieurs scans. très bien, cela a éliminé pas mal de choses.
Vide la quarantaine d'antivir.
1) Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
Tu choisis l'option " Fixchecked" en bas de la page.
2) Tu vas sur le site de VirusTotal et tu vas pouvoir analyser le fichier.
https://www.virustotal.com/gui/
Copie le chemin en citation dans la zone à analyser ( à côté du bouton parcourir )
Tu cliques ensuite sur envoyer le fichier.
Tu postes le rapport de l'analyse ( pour cela, tu sélectionnes la zone de résultat --> click droit --> copier )
Chemin : C:\WINDOWS\htpatch.exe
3) Tu vas sur le site de Kaspersky:
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Clique sur Demarrer Online-scanner ( en bas de page à droite ) pour commencer l'analyse.
Il te sera demandé d'installer un logiciel de Kaspersky, accepte.
A la fin de cette analyse, clique sur enregistrer le rapport.
Poste le contenu de ce rapport dans ton prochain message.
A+
Vide la quarantaine d'antivir.
1) Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
Tu choisis l'option " Fixchecked" en bas de la page.
2) Tu vas sur le site de VirusTotal et tu vas pouvoir analyser le fichier.
https://www.virustotal.com/gui/
Copie le chemin en citation dans la zone à analyser ( à côté du bouton parcourir )
Tu cliques ensuite sur envoyer le fichier.
Tu postes le rapport de l'analyse ( pour cela, tu sélectionnes la zone de résultat --> click droit --> copier )
Chemin : C:\WINDOWS\htpatch.exe
3) Tu vas sur le site de Kaspersky:
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
Clique sur Demarrer Online-scanner ( en bas de page à droite ) pour commencer l'analyse.
Il te sera demandé d'installer un logiciel de Kaspersky, accepte.
A la fin de cette analyse, clique sur enregistrer le rapport.
Poste le contenu de ce rapport dans ton prochain message.
A+
jerry84
Messages postés
96
Date d'inscription
dimanche 27 avril 2008
Statut
Membre
Dernière intervention
11 janvier 2014
8
30 août 2008 à 10:58
30 août 2008 à 10:58
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.19.0 2008.08.20 -
AntiVir 7.8.1.23 2008.08.20 -
Authentium 5.1.0.4 2008.08.20 -
Avast 4.8.1195.0 2008.08.19 -
AVG 8.0.0.161 2008.08.20 -
BitDefender 7.2 2008.08.20 -
CAT-QuickHeal 9.50 2008.08.19 -
ClamAV 0.93.1 2008.08.19 -
DrWeb 4.44.0.09170 2008.08.20 -
eSafe 7.0.17.0 2008.08.19 -
eTrust-Vet 31.6.6036 2008.08.19 -
Ewido 4.0 2008.08.19 -
F-Prot 4.4.4.56 2008.08.19 -
F-Secure 7.60.13501.0 2008.08.20 -
Fortinet 3.14.0.0 2008.08.20 -
GData 2.0.7306.1023 2008.08.20 -
Ikarus T3.1.1.34.0 2008.08.20 -
K7AntiVirus 7.10.421 2008.08.19 -
Kaspersky 7.0.0.125 2008.08.20 -
McAfee 5364 2008.08.19 -
Microsoft 1.3807 2008.08.20 -
NOD32v2 3370 2008.08.20 -
Norman 5.80.02 2008.08.19 -
Panda 9.0.0.4 2008.08.19 -
PCTools 4.4.2.0 2008.08.19 -
Prevx1 V2 2008.08.20 -
Rising 20.58.22.00 2008.08.20 -
Sophos 4.32.0 2008.08.20 -
Sunbelt 3.1.1546.1 2008.08.15 -
Symantec 10 2008.08.20 -
TheHacker 6.3.0.5.054 2008.08.19 Aplicacion/Riskware.Tool.Htpatch
TrendMicro 8.700.0.1004 2008.08.20 -
VBA32 3.12.8.3 2008.08.19 -
ViRobot 2008.8.19.1341 2008.08.20 -
VirusBuster 4.5.11.0 2008.08.19 -
Webwasher-Gateway 6.6.2 2008.08.20 -
Information additionnelle
File size: 28672 bytes
MD5...: 80a2e031e64e1d00ad6693ca45425c2f
SHA1..: 82c7deac38f7905ffe75e66742aa56ff56e0b8f1
SHA256: e148f5035abcc8f33d69c867073a6501c9bc76b75f331a4a60a21e2d2b08bd9c
SHA512: 4c3292900aba0a8d4e9c96a1a661830689b686944b4da19c849bb1b27f9f1d8d
ee3951b6424f7ad590e005133b838ab24fe345b16dd887b790f41f24f1bd42b1
PEiD..: Armadillo v1.71
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x401410
timedatestamp.....: 0x3dbfa911 (Wed Oct 30 09:40:33 2002)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c8e 0x3000 6.24 7e9e3a951c3e7e29a12e3bbe84355e07
.rdata 0x4000 0x9e6 0x1000 3.82 af2fe3e3419bf973a9be37562473442a
.data 0x5000 0xa7c 0x1000 0.87 2bdbf426a944d151efea270a337f5301
.rsrc 0x6000 0x970 0x1000 1.78 7effd357cfb14a2581f6ec1bc9d6b05a
( 3 imports )
> USER32.dll: DispatchMessageA, TranslateAcceleratorA, EndDialog, BeginPaint, GetClientRect, DrawTextA, EndPaint, PostQuitMessage, DefWindowProcA, DestroyWindow, DialogBoxParamA, CreateWindowExA, ShowWindow, UpdateWindow, LoadIconA, LoadCursorA, RegisterClassExA, LoadStringA, LoadAcceleratorsA, GetMessageA, TranslateMessage
> WINIO.dll: InitializeWinIo, MapPhysToLin, UnmapPhysicalMemory, ShutdownWinIo
> KERNEL32.dll: TerminateProcess, GetCurrentProcess, GetVersion, ExitProcess, MultiByteToWideChar, LoadLibraryA, GetProcAddress, HeapReAlloc, VirtualAlloc, HeapAlloc, GetOEMCP, GetACP, GetCPInfo, WriteFile, RtlUnwind, HeapFree, VirtualFree, HeapCreate, HeapDestroy, GetFileType, GetStdHandle, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, SetHandleCount, FreeEnvironmentStringsA, GetEnvironmentStrings, UnhandledExceptionFilter, GetModuleFileNameA, WideCharToMultiByte, FreeEnvironmentStringsW, GetEnvironmentStringsW
( 0 exports )
ThreatExpert info: https://www.symantec.com?md5=80a2e031e64e1d00ad6693ca45425c2f
AhnLab-V3 2008.8.19.0 2008.08.20 -
AntiVir 7.8.1.23 2008.08.20 -
Authentium 5.1.0.4 2008.08.20 -
Avast 4.8.1195.0 2008.08.19 -
AVG 8.0.0.161 2008.08.20 -
BitDefender 7.2 2008.08.20 -
CAT-QuickHeal 9.50 2008.08.19 -
ClamAV 0.93.1 2008.08.19 -
DrWeb 4.44.0.09170 2008.08.20 -
eSafe 7.0.17.0 2008.08.19 -
eTrust-Vet 31.6.6036 2008.08.19 -
Ewido 4.0 2008.08.19 -
F-Prot 4.4.4.56 2008.08.19 -
F-Secure 7.60.13501.0 2008.08.20 -
Fortinet 3.14.0.0 2008.08.20 -
GData 2.0.7306.1023 2008.08.20 -
Ikarus T3.1.1.34.0 2008.08.20 -
K7AntiVirus 7.10.421 2008.08.19 -
Kaspersky 7.0.0.125 2008.08.20 -
McAfee 5364 2008.08.19 -
Microsoft 1.3807 2008.08.20 -
NOD32v2 3370 2008.08.20 -
Norman 5.80.02 2008.08.19 -
Panda 9.0.0.4 2008.08.19 -
PCTools 4.4.2.0 2008.08.19 -
Prevx1 V2 2008.08.20 -
Rising 20.58.22.00 2008.08.20 -
Sophos 4.32.0 2008.08.20 -
Sunbelt 3.1.1546.1 2008.08.15 -
Symantec 10 2008.08.20 -
TheHacker 6.3.0.5.054 2008.08.19 Aplicacion/Riskware.Tool.Htpatch
TrendMicro 8.700.0.1004 2008.08.20 -
VBA32 3.12.8.3 2008.08.19 -
ViRobot 2008.8.19.1341 2008.08.20 -
VirusBuster 4.5.11.0 2008.08.19 -
Webwasher-Gateway 6.6.2 2008.08.20 -
Information additionnelle
File size: 28672 bytes
MD5...: 80a2e031e64e1d00ad6693ca45425c2f
SHA1..: 82c7deac38f7905ffe75e66742aa56ff56e0b8f1
SHA256: e148f5035abcc8f33d69c867073a6501c9bc76b75f331a4a60a21e2d2b08bd9c
SHA512: 4c3292900aba0a8d4e9c96a1a661830689b686944b4da19c849bb1b27f9f1d8d
ee3951b6424f7ad590e005133b838ab24fe345b16dd887b790f41f24f1bd42b1
PEiD..: Armadillo v1.71
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x401410
timedatestamp.....: 0x3dbfa911 (Wed Oct 30 09:40:33 2002)
machinetype.......: 0x14c (I386)
( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2c8e 0x3000 6.24 7e9e3a951c3e7e29a12e3bbe84355e07
.rdata 0x4000 0x9e6 0x1000 3.82 af2fe3e3419bf973a9be37562473442a
.data 0x5000 0xa7c 0x1000 0.87 2bdbf426a944d151efea270a337f5301
.rsrc 0x6000 0x970 0x1000 1.78 7effd357cfb14a2581f6ec1bc9d6b05a
( 3 imports )
> USER32.dll: DispatchMessageA, TranslateAcceleratorA, EndDialog, BeginPaint, GetClientRect, DrawTextA, EndPaint, PostQuitMessage, DefWindowProcA, DestroyWindow, DialogBoxParamA, CreateWindowExA, ShowWindow, UpdateWindow, LoadIconA, LoadCursorA, RegisterClassExA, LoadStringA, LoadAcceleratorsA, GetMessageA, TranslateMessage
> WINIO.dll: InitializeWinIo, MapPhysToLin, UnmapPhysicalMemory, ShutdownWinIo
> KERNEL32.dll: TerminateProcess, GetCurrentProcess, GetVersion, ExitProcess, MultiByteToWideChar, LoadLibraryA, GetProcAddress, HeapReAlloc, VirtualAlloc, HeapAlloc, GetOEMCP, GetACP, GetCPInfo, WriteFile, RtlUnwind, HeapFree, VirtualFree, HeapCreate, HeapDestroy, GetFileType, GetStdHandle, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, SetHandleCount, FreeEnvironmentStringsA, GetEnvironmentStrings, UnhandledExceptionFilter, GetModuleFileNameA, WideCharToMultiByte, FreeEnvironmentStringsW, GetEnvironmentStringsW
( 0 exports )
ThreatExpert info: https://www.symantec.com?md5=80a2e031e64e1d00ad6693ca45425c2f
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
30 août 2008 à 12:44
30 août 2008 à 12:44
OK, merci.
Après le rapport Kaspersky,
1) Mets à jour la version d'IE, version plus sécurisée.
Téléchargement d'IE7 :
http://www.commentcamarche.net/telecharger/telecharger 220 internet explorer
2) Il manque un parefeu comme protection sur le PC :
Quelques liens de pare-feu gratuits :
Zone alarm :
https://www.malekal.com/tutoriel-zonealarm-firewall/
- Comodo™ Firewall ( version 3.0 en anglais, sinon 2.4 multi-langues )
https://www.malekal.com/tutorial-comodo-firewall/
http://www.personalfirewall.comodo.com/download_firewall.html#fw2.4
- Kerio Personal Firewall
https://www.malekal.com/tutorial-et-guide-counterspy/
A nécessairement installer.
A+
Après le rapport Kaspersky,
1) Mets à jour la version d'IE, version plus sécurisée.
Téléchargement d'IE7 :
http://www.commentcamarche.net/telecharger/telecharger 220 internet explorer
2) Il manque un parefeu comme protection sur le PC :
Quelques liens de pare-feu gratuits :
Zone alarm :
https://www.malekal.com/tutoriel-zonealarm-firewall/
- Comodo™ Firewall ( version 3.0 en anglais, sinon 2.4 multi-langues )
https://www.malekal.com/tutorial-comodo-firewall/
http://www.personalfirewall.comodo.com/download_firewall.html#fw2.4
- Kerio Personal Firewall
https://www.malekal.com/tutorial-et-guide-counterspy/
A nécessairement installer.
A+
jerry84
Messages postés
96
Date d'inscription
dimanche 27 avril 2008
Statut
Membre
Dernière intervention
11 janvier 2014
8
30 août 2008 à 13:16
30 août 2008 à 13:16
ok, pour le scan kapersky je te le post dans l'aprem je dois y retourné par contre il ce serve de mozilla comme navigateur et c'est une version windows xp professionnel pas d'origine ^^ il ne font plus de mise a jour y un souci ou pas ?
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
30 août 2008 à 13:33
30 août 2008 à 13:33
Aucun souci.
Ils devraient dans ce cas télécharger le SP3, pas via le windows update mais en le téléchargeant à
https://www.clubic.com/telecharger-fiche242026-windows-xp-service-pack-3.html
Utilisent-tils Firefox 3 ? Sinon, fais leur télécharger la dernière version :
http://www.firefox3.fr/
A+
Ils devraient dans ce cas télécharger le SP3, pas via le windows update mais en le téléchargeant à
https://www.clubic.com/telecharger-fiche242026-windows-xp-service-pack-3.html
Utilisent-tils Firefox 3 ? Sinon, fais leur télécharger la dernière version :
http://www.firefox3.fr/
A+
jerry84
Messages postés
96
Date d'inscription
dimanche 27 avril 2008
Statut
Membre
Dernière intervention
11 janvier 2014
8
30 août 2008 à 15:26
30 août 2008 à 15:26
KASPERSKY ON-LINE SCANNER REPORT
Saturday, August 30, 2008 3:25:06 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 30/08/2008
Enregistrements dans la base antivirus Kaspersky : 1041505
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
Statistiques de l'analyse
Total d'objets analysés 47723
Nombre de virus trouvés 4
Nombre d'objets infectés 6 / 0
Nombre d'objets suspects 0
Durée de l'analyse 03:42:03
Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\jean\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\temp\me_D97YY4DJfyKMiAu L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\temp\me_IIe71mLOF8QwFzS L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\temp\me_oHapgDeIChket66 L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\temp\me_qMXTSQnIkITJ0uj L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\jean\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\jean\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me L'objet est verrouillé ignoré
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000140.FCS L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020755.exe Infecté : Trojan-Downloader.Win32.Zlob.xag ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020757.exe Infecté : Trojan-Downloader.Win32.Zlob.xbh ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021887.exe Infecté : Trojan-Banker.Win32.Banker.vyo ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021892.exe Infecté : Trojan-Downloader.Win32.Zlob.xbh ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021902.exe Infecté : Trojan-Downloader.Win32.Zlob.xag ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021915.dll Infecté : Hoax.Win32.Agent.fb ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP363\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
Analyse terminée.
Saturday, August 30, 2008 3:25:06 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 30/08/2008
Enregistrements dans la base antivirus Kaspersky : 1041505
Paramètres d'analyse
Analyser avec la base antivirus suivante standard
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
Statistiques de l'analyse
Total d'objets analysés 47723
Nombre de virus trouvés 4
Nombre d'objets infectés 6 / 0
Nombre d'objets suspects 0
Durée de l'analyse 03:42:03
Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\jean\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\temp\me_D97YY4DJfyKMiAu L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\temp\me_IIe71mLOF8QwFzS L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\temp\me_oHapgDeIChket66 L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\temp\me_qMXTSQnIkITJ0uj L'objet est verrouillé ignoré
C:\Documents and Settings\jean\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\jean\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\jean\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me L'objet est verrouillé ignoré
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000140.FCS L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat L'objet est verrouillé ignoré
C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020755.exe Infecté : Trojan-Downloader.Win32.Zlob.xag ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP356\A0020757.exe Infecté : Trojan-Downloader.Win32.Zlob.xbh ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021887.exe Infecté : Trojan-Banker.Win32.Banker.vyo ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021892.exe Infecté : Trojan-Downloader.Win32.Zlob.xbh ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021902.exe Infecté : Trojan-Downloader.Win32.Zlob.xag ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP357\A0021915.dll Infecté : Hoax.Win32.Agent.fb ignoré
C:\System Volume Information\_restore{549C9C0F-31EC-4D08-B56A-19076AB30DDA}\RP363\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
Analyse terminée.
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
30 août 2008 à 15:42
30 août 2008 à 15:42
Tout se trouve dans la restauration système.
1) On va enlever les logiciels qui ont été utilisés..
Télécharge ToolsCleaner .sur le bureau
http://pc-system.fr/
Double-clique sur ToolsCleaner2.exe --> Recherche --> Suppression.
Il est possible que ton bureau disparaisse.
Fais un copier/coller du rapport qui se trouve dans C:\TCleaner.txt
2) Tu vas utiliser CCleaner.
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
utilise les fonctions nettoyeur et registre.
3) Les points de restauration :
- Panneau de configuation --> Système --> Restauration du sytème
cocher " Désactiver la restauration .... "
Une fenêtre va s’ouvrir pour t’avertir que les poins de restauration existants seront supprimés.
Accepte.
Décoche ensuite « Désactiver la restauration .... » pour réactiver la restauration système
- Tu vas recréer un point de restauration propre.
Pour recréer un point de restauration :
Démarrer --> Programmes --> Accessoires --> Outils système --> Restauration système
Choisis "Créer un point de restauration". Suis les invites.
A+
1) On va enlever les logiciels qui ont été utilisés..
Télécharge ToolsCleaner .sur le bureau
http://pc-system.fr/
Double-clique sur ToolsCleaner2.exe --> Recherche --> Suppression.
Il est possible que ton bureau disparaisse.
Fais un copier/coller du rapport qui se trouve dans C:\TCleaner.txt
2) Tu vas utiliser CCleaner.
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
utilise les fonctions nettoyeur et registre.
3) Les points de restauration :
- Panneau de configuation --> Système --> Restauration du sytème
cocher " Désactiver la restauration .... "
Une fenêtre va s’ouvrir pour t’avertir que les poins de restauration existants seront supprimés.
Accepte.
Décoche ensuite « Désactiver la restauration .... » pour réactiver la restauration système
- Tu vas recréer un point de restauration propre.
Pour recréer un point de restauration :
Démarrer --> Programmes --> Accessoires --> Outils système --> Restauration système
Choisis "Créer un point de restauration". Suis les invites.
A+
jerry84
Messages postés
96
Date d'inscription
dimanche 27 avril 2008
Statut
Membre
Dernière intervention
11 janvier 2014
8
30 août 2008 à 16:29
30 août 2008 à 16:29
-->- Recherche:
C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\jean\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\jean\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\jean\Bureau\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\jean\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\jean\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\jean\Bureau\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\jean\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\jean\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\jean\Bureau\hijackthis.log: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\jean\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\jean\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\Documents and Settings\jean\Bureau\hijackthis.log: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
30 août 2008 à 17:16
30 août 2008 à 17:16
Comment se comporte le PC ?
jerry84
Messages postés
96
Date d'inscription
dimanche 27 avril 2008
Statut
Membre
Dernière intervention
11 janvier 2014
8
30 août 2008 à 18:46
30 août 2008 à 18:46
ma fois tout a l'air normal ^^ je pense
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
30 août 2008 à 19:54
30 août 2008 à 19:54
je remarque que ComBoFix n'a pas été supprimé. Supprime le manuellement.
C'est un outil puissant mais à utiliser avec prudence.
Peux-tu mettre le sujet comme résolu, stp ?
@+
C'est un outil puissant mais à utiliser avec prudence.
Peux-tu mettre le sujet comme résolu, stp ?
@+
jerry84
Messages postés
96
Date d'inscription
dimanche 27 avril 2008
Statut
Membre
Dernière intervention
11 janvier 2014
8
31 août 2008 à 10:07
31 août 2008 à 10:07
salut merci pour ton aide encore un fois par contre pour firefox 3 l'adresse et invalide pour le telechargement tant pis
je desintaleais combo des que je peu
encore merci pour tout
cordialement
je desintaleais combo des que je peu
encore merci pour tout
cordialement