Ordinateur tres lent : mon ordiest il infecté
alafraiche
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
mon ordinateur est tres lent : je me demande s il n est pas infecté . voici le fichier hijack :
Merci de votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:23, on 24/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition
Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition
Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers
communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\SafeNet
Sentinel\Sentinel Protection
Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP
Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch
Buttons\EabServr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\AntiVir PersonalEdition
Classic\avgnt.exe
C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE
.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Fichiers communs\Microsoft
Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NetXfer -
{83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program
Files\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: NetXfer -
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program
Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program
Files\hpq\HP Wireless Assistant\HP Wireless
Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program
Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program
Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [H2O] C:\Program
Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir
PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Fichiers communs\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program
Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition
Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE
.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001"
/M "Stylus DX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program
Files\Fichiers communs\Apple\Mobile Device
Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program
Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Program
Files\Save\Save.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE
LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE
RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User
'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program
Files\Fichiers communs\Microsoft Shared\Works
Shared\WkCalRem.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk
= C:\Program Files\Fichiers communs\Autodesk
Shared\acstart16.exe
O4 - Global Startup: hp psc 2000 Series.lnk =
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lancement rapide d'Adobe
Reader.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Tout télécharger avec
NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec
NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O14 - IERESET.INF:
START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
E=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=lap
top
O17 -
HKLM\System\CCS\Services\Tcpip\..\{CA7AC89E-63B3-49E
B-88C3-C59657338E55}: NameServer =
212.27.53.252,212.27.54.252
O23 - Service: Adobe LM Service - Unknown owner -
C:\Program Files\Fichiers communs\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler)
- Avira GmbH - C:\Program Files\AntiVir
PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic
Service (AntiVirService) - Avira GmbH - C:\Program
Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. -
C:\Program Files\Fichiers communs\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies
Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) -
Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) -
Hewlett-Packard Development Company, L.P. -
C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l’iPod (iPod Service) -
Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc
Labeling Service (LightScribeService) - Unknown
owner - C:\Program Files\Fichiers
communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sentinel Protection Server
(SentinelProtectionServer) - SafeNet, Inc -
C:\Program Files\Fichiers communs\SafeNet
Sentinel\Sentinel Protection
Server\WinNT\spnsrvnt.exe
mon ordinateur est tres lent : je me demande s il n est pas infecté . voici le fichier hijack :
Merci de votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:23, on 24/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition
Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition
Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers
communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\SafeNet
Sentinel\Sentinel Protection
Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP
Wireless Assistant.exe
C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch
Buttons\EabServr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\AntiVir PersonalEdition
Classic\avgnt.exe
C:\Program Files\Fichiers
communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE
.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Fichiers communs\Microsoft
Shared\Works Shared\WkCalRem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Trend
Micro\HijackThis\HijackThis.exe
R1 -
HKCU\Software\Microsoft\Windows\CurrentVersion\Inter
net Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet
Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class -
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NetXfer -
{83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program
Files\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: NetXfer -
{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program
Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program
Files\hpq\HP Wireless Assistant\HP Wireless
Assistant.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI
Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program
Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program
Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program
Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program
Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [H2O] C:\Program
Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [NeroCheck]
C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir
PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program
Files\Fichiers communs\Real\Update_OB\realsched.exe"
-osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program
Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Edition
Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE
.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001"
/M "Stylus DX4200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program
Files\Fichiers communs\Apple\Mobile Device
Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program
Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program
Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [WhenUSave] "C:\Program
Files\Save\Save.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE
LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE
RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User
'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program
Files\Fichiers communs\Microsoft Shared\Works
Shared\WkCalRem.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk
= C:\Program Files\Fichiers communs\Autodesk
Shared\acstart16.exe
O4 - Global Startup: hp psc 2000 Series.lnk =
C:\Program Files\Hewlett-Packard\Digital
Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lancement rapide d'Adobe
Reader.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Tout télécharger avec
NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec
NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O14 - IERESET.INF:
START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
E=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=lap
top
O17 -
HKLM\System\CCS\Services\Tcpip\..\{CA7AC89E-63B3-49E
B-88C3-C59657338E55}: NameServer =
212.27.53.252,212.27.54.252
O23 - Service: Adobe LM Service - Unknown owner -
C:\Program Files\Fichiers communs\Adobe Systems
Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir Scheduler (AntiVirScheduler)
- Avira GmbH - C:\Program Files\AntiVir
PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic
Service (AntiVirService) - Avira GmbH - C:\Program
Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. -
C:\Program Files\Fichiers communs\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies
Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) -
Apple Inc. - C:\Program
Files\Bonjour\mDNSResponder.exe
O23 - Service: HP WMI Interface (hpqwmi) -
Hewlett-Packard Development Company, L.P. -
C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Service de l’iPod (iPod Service) -
Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc
Labeling Service (LightScribeService) - Unknown
owner - C:\Program Files\Fichiers
communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP -
C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sentinel Protection Server
(SentinelProtectionServer) - SafeNet, Inc -
C:\Program Files\Fichiers communs\SafeNet
Sentinel\Sentinel Protection
Server\WinNT\spnsrvnt.exe
A voir également:
- Ordinateur tres lent : mon ordiest il infecté
- Pc tres lent - Guide
- Comment réinitialiser un ordinateur - Guide
- Clavier de l'ordinateur - Guide
- # Sur ordinateur - Guide
- Mon mac est lent comment le nettoyer - Guide
3 réponses
Merci.
Voici le rapport de l antivirus :
Avira AntiVir Personal
Report file date: lundi 27 octobre 2008 12:26
Scanning for 1708212 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: GEORDI2
Version information:
BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 01/05/2008 14:43:11
AVSCAN.DLL : 8.1.1.0 53505 Bytes 01/05/2008 14:43:11
LUKE.DLL : 8.1.2.9 151809 Bytes 01/05/2008 14:43:11
LUKERES.DLL : 8.1.2.1 12033 Bytes 01/05/2008 14:43:11
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:58:11
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 15:31:30
ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 19/10/2008 08:19:43
ANTIVIR3.VDF : 7.0.7.94 202240 Bytes 27/10/2008 10:01:58
Engineversion : 8.2.0.9
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 18:58:22
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 17/10/2008 09:03:10
AESCN.DLL : 8.1.1.3 123252 Bytes 15/10/2008 18:58:12
AERDL.DLL : 8.1.1.2 438644 Bytes 19/09/2008 14:50:10
AEPACK.DLL : 8.1.2.4 369014 Bytes 15/10/2008 18:58:09
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 27/10/2008 10:02:05
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 27/10/2008 10:02:04
AEHELP.DLL : 8.1.1.2 115062 Bytes 15/10/2008 18:57:56
AEGEN.DLL : 8.1.0.42 319861 Bytes 27/10/2008 10:01:59
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 18:57:47
AECORE.DLL : 8.1.2.8 172406 Bytes 27/10/2008 10:01:58
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 18:57:37
AVWINLL.DLL : 1.0.0.7 14593 Bytes 01/05/2008 14:43:11
AVPREF.DLL : 8.0.0.1 25857 Bytes 01/05/2008 14:43:11
AVREP.DLL : 8.0.0.2 98344 Bytes 05/08/2008 17:38:00
AVREG.DLL : 8.0.0.0 30977 Bytes 01/05/2008 14:43:11
AVARKT.DLL : 1.0.0.23 307457 Bytes 01/05/2008 14:43:11
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 01/05/2008 14:43:11
SQLITE3.DLL : 3.3.17.1 339968 Bytes 01/05/2008 14:43:11
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 01/05/2008 14:43:11
NETNT.DLL : 8.0.0.1 7937 Bytes 01/05/2008 14:43:11
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 01/05/2008 14:43:08
RCTEXT.DLL : 8.0.32.0 86273 Bytes 01/05/2008 14:43:08
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: off
Start of the scan: lundi 27 octobre 2008 12:26
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Illustrator.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmi.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'WkCalRem.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIAEE.EXE' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'cledx.exe' - '1' Module(s) have been scanned
Scan process 'eabservr.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'spnsrvnt.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '41' files ).
Starting the file scan:
Begin scan in 'C:\' <disc1>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: lundi 27 octobre 2008 13:17
Used time: 51:50 min
The scan has been done completely.
10696 Scanning directories
323905 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
323905 Files not concerned
8045 Archives were scanned
2 Warnings
0 Notes
Et voicii le rapport de antimalware :
Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1276
Windows 5.1.2600 Service Pack 3
27/10/2008 12:25:07
mbam-log-2008-10-27 (12-25-07).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 127338
Temps écoulé: 53 minute(s), 46 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
C:\Program Files\Save\Save.exe (Adware.WhenUSave) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whenusave (Adware.WhenUSave) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Save\Save.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\ACM.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
Merci de votre aide.
Voici le rapport de l antivirus :
Avira AntiVir Personal
Report file date: lundi 27 octobre 2008 12:26
Scanning for 1708212 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: GEORDI2
Version information:
BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 01/05/2008 14:43:11
AVSCAN.DLL : 8.1.1.0 53505 Bytes 01/05/2008 14:43:11
LUKE.DLL : 8.1.2.9 151809 Bytes 01/05/2008 14:43:11
LUKERES.DLL : 8.1.2.1 12033 Bytes 01/05/2008 14:43:11
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 19:58:11
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 15:31:30
ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 19/10/2008 08:19:43
ANTIVIR3.VDF : 7.0.7.94 202240 Bytes 27/10/2008 10:01:58
Engineversion : 8.2.0.9
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 18:58:22
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 17/10/2008 09:03:10
AESCN.DLL : 8.1.1.3 123252 Bytes 15/10/2008 18:58:12
AERDL.DLL : 8.1.1.2 438644 Bytes 19/09/2008 14:50:10
AEPACK.DLL : 8.1.2.4 369014 Bytes 15/10/2008 18:58:09
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 27/10/2008 10:02:05
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 27/10/2008 10:02:04
AEHELP.DLL : 8.1.1.2 115062 Bytes 15/10/2008 18:57:56
AEGEN.DLL : 8.1.0.42 319861 Bytes 27/10/2008 10:01:59
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 18:57:47
AECORE.DLL : 8.1.2.8 172406 Bytes 27/10/2008 10:01:58
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 18:57:37
AVWINLL.DLL : 1.0.0.7 14593 Bytes 01/05/2008 14:43:11
AVPREF.DLL : 8.0.0.1 25857 Bytes 01/05/2008 14:43:11
AVREP.DLL : 8.0.0.2 98344 Bytes 05/08/2008 17:38:00
AVREG.DLL : 8.0.0.0 30977 Bytes 01/05/2008 14:43:11
AVARKT.DLL : 1.0.0.23 307457 Bytes 01/05/2008 14:43:11
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 01/05/2008 14:43:11
SQLITE3.DLL : 3.3.17.1 339968 Bytes 01/05/2008 14:43:11
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 01/05/2008 14:43:11
NETNT.DLL : 8.0.0.1 7937 Bytes 01/05/2008 14:43:11
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 01/05/2008 14:43:08
RCTEXT.DLL : 8.0.32.0 86273 Bytes 01/05/2008 14:43:08
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: off
Start of the scan: lundi 27 octobre 2008 12:26
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Illustrator.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmi.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'WkCalRem.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'E_FATIAEE.EXE' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'cledx.exe' - '1' Module(s) have been scanned
Scan process 'eabservr.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'spnsrvnt.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '41' files ).
Starting the file scan:
Begin scan in 'C:\' <disc1>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: lundi 27 octobre 2008 13:17
Used time: 51:50 min
The scan has been done completely.
10696 Scanning directories
323905 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
323905 Files not concerned
8045 Archives were scanned
2 Warnings
0 Notes
Et voicii le rapport de antimalware :
Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1276
Windows 5.1.2600 Service Pack 3
27/10/2008 12:25:07
mbam-log-2008-10-27 (12-25-07).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 127338
Temps écoulé: 53 minute(s), 46 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 7
Processus mémoire infecté(s):
C:\Program Files\Save\Save.exe (Adware.WhenUSave) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\whenusave (Adware.WhenUSave) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Program Files\Save\Save.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\ACM.dll (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\ffext.mod (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\SaveUninst.exe (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
Merci de votre aide.
slt tu es infecté :
colles un rapport antivir
et
colle un rapport complet avec malwarebyte antimalware
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
colles un rapport antivir
et
colle un rapport complet avec malwarebyte antimalware
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
