NON, pas de casino, NON pas de meet...Résolu/Fermé

Question

Bonjour,
Suite à votre article [popups] Ouverture de fenêtres internet publicitaires (pop-up) 
Je viens vous communiquer le résultat de l'analyse "navilog" et comme vous le conseillez, je vous dépose son rapport.
Je vous remercie par avance pour votre aimable attention.

Search Navipromo version 3.4.2 commencé le 25/01/2008 à 17:35:00,48

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Mise à jour le 21.01.2008 à 14h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180 
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Françoise\application data" *** 



*** Recherche dossiers dans "C:\Documents and Settings\Françoise\local settings\application data" *** 



*** Recherche dossiers dans "C:\Documents and Settings\Françoise\MENUDM~1\PROGRA~1" *** 


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\Documents and Settings\Françoise\Local Settings\Application Datahjcsp.dat
C:\Documents and Settings\Françoise\Local Settings\Application Datahjcsp.exe
C:\Documents and Settings\Françoise\Local Settings\Application Datahjcsp_nav.dat
C:\Documents and Settings\Françoise\Local Settings\Application Datahjcsp_navps.dat



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Françoise\local settings\application data" * 

Fichiers trouvés :

rhjcsp.exe trouvé ! 



*** Recherche fichiers *** 


C:\WINDOWS\pack.epk trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :


* Dans "C:\Documents and Settings\Françoise\local settings\application data" : 

rhjcsp.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !

4)Recherche fichiers connus :

C:\WINDOWS\system32	ttss.ini2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\bcbeg.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32	ttss.bak1 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32\bcbeg.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
C:\WINDOWS\system32	ttss.bak2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 25/01/2008 à 17:44:05,60 ***

g!rly · Answer

salut,

fais ceci :

Double clique sur le raccourci Navilog1 présent sur le bureau et laisse-toi guider.
Au menu principal, choisis 2 et valide.

Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle.

Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaitre

PS:Si ton bureau ne réapparait pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Celà te fera apparaitre ton bureau. 

et

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

et

Télécharge HijackThis ici : 

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Post le rapport généré ici stp...

@+

mememad · Answer

Merci, j'imprime ta réponse et je m'y colle...
A tout de suite...

g!rly · Answer

ok
@+

mememad · Answer

Me revoilà Voici donc le rapport "Combofix : ComboFix 08-01-23.1C - Fran‡oise 2008-01-25 18:18:37.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.467 [GMT 1:00] Endroit: C:\Documents and Settings\Fran‡oise\Bureau\ComboFix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Fran‡oise\Application Data mp17.tmp.exe C:\Documents and Settings\Fran‡oise\Application Data mp19.tmp.exe C:\Documents and Settings\Fran‡oise\Application Data mp37.tmp.exe C:\Documents and Settings\Fran‡oise\Application Data mp9.tmp.exe C:\Documents and Settings\Fran‡oise\Application Data mpA.tmp.exe C:\Program Files\MyWay C:\WINDOWS\cookies.ini C:\WINDOWS\ffefgh.ini C:\WINDOWS\hgfeff.dll C:\WINDOWS\system32\dsuiexq.dll C:\WINDOWS\system32\fontqxet.dll C:\WINDOWS\system32\hnetviw.dll C:\WINDOWS\system32\pfxzmtaim.dll C:\WINDOWS\system32\pfxzmtforum.dll C:\WINDOWS\system32\pfxzmtgtal.dll C:\WINDOWS\system32\pfxzmticq.dll C:\WINDOWS\system32\pfxzmtsmt.dll C:\WINDOWS\system32\pfxzmtsmtspm.dll C:\WINDOWS\system32\pfxzmtwbmail.dll C:\WINDOWS\system32\pfxzmtymsg.dll C:\WINDOWS\system32 asqervy.dll C:\WINDOWS\system32\sdfinacs.dll C:\WINDOWS\system32\sfxzmtforum.dll C:\WINDOWS\system32\sfxzmtsmt.dll C:\WINDOWS\system32\sfxzmtsmtspm.dll C:\WINDOWS\system32\sfxzmtwbmail.dll C:\WINDOWS\system32\wuasirvy.dll C:\WINDOWS\uxaaay.ini C:\WINDOWS\yaaaxu.dll C:\WINDOWS\yabbby.dll C:\WINDOWS\ybbbay.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CORE -------\LEGACY_WINCOM32 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))))))) . 2008-01-25 18:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-25 17:32 . 2008-01-25 18:14 d-------- C:\Program Files\Navilog1 2008-01-25 11:35 . 2008-01-25 11:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-25 11:35 . 2008-01-25 11:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-17 11:04 . 2008-01-17 11:04 253,952 --------- C:\WINDOWS\Setup1.exe 2008-01-17 11:04 . 2008-01-17 11:04 74,752 --a------ C:\WINDOWS\ST6UNST.EXE 2008-01-03 11:36 . 2008-01-03 11:36 d-------- C:\Program Files\FileZilla Client 2007-12-29 14:14 . 2007-12-29 14:18 d-------- C:\Program Files\Ad-Aware 2007 2007-12-29 14:13 . 2007-12-29 14:13 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-12-28 18:32 . 2007-12-28 19:22 d-------- C:\Program Files\Neodivx 2007-12-26 09:54 . 2007-12-26 10:01 72 --ahs---- C:\WINDOWS\SAEE086A7.tmp . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-25 08:54 --------- d-----w C:\Program Files\CDDC-MahJongg 2008-01-25 07:54 --------- d-----w C:\Program Files\eMule 2007-12-29 13:18 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-12-29 13:18 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-12-29 13:10 --------- d-----w C:\Program Files\Lavasoft 2007-12-25 11:49 --------- d-----w C:\Program Files\DivX 2007-12-18 11:40 --------- d-----w C:\Program Files\Secured eMule 2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2006-03-14 09:06 4,031 ----a-w C:\Program Files\dewplayer.swf 2006-01-26 16:20 144 ----a-w C:\Program Files\VirtualDub.jobs 2006-01-20 13:51 3,537 ----a-w C:\Program Files\UnInstall_VirtualDub.txt 2005-12-20 15:36 1,437,696 ----a-w C:\Program Files\PrintPratic3.exe 2005-12-20 15:34 4,644,864 ----a-w C:\Program Files\Res_fra7690.dll 2005-11-24 14:33 8,628 ---ha-w C:\Program Files\GETTINGSTARTEDQAM460.GID 2005-11-24 14:32 1,409 ----a-w C:\Program Files\MUSICAL.FOT 2005-11-03 09:52 17,408 -csha-w C:\Program Files\Thumbs.db 2005-09-29 08:10 16,384 ----a-w C:\Program Files\XTPResourceFr.dll 2005-07-19 21:10 887,296 ------w C:\Program Files\VirtualDub.exe 2005-07-10 13:47 117,991 ------w C:\Program Files\VirtualDub.vdi 2005-07-10 13:45 7,738 ------w C:\Program Files\vdub.exe 2005-07-10 13:44 7,168 ------w C:\Program Files\vdremote.dll 2005-07-10 13:44 6,656 ------w C:\Program Files\vdicmdrv.dll 2005-07-10 13:44 5,120 ------w C:\Program Files\vdsvrlnk.dll 2005-06-28 12:25 2,146,304 ----a-w C:\Program Files\XTP9600Lib.dll 2005-05-11 23:05 344,064 ------w C:\Program Files\UnInstall_VirtualDub.exe 2005-04-28 17:39 237,568 ----a-w C:\Program Files\ispare.exe 2005-04-26 17:26 10,684 ------w C:\Program Files\French.lng 2005-03-14 14:15 520 ----a-w C:\Program Files\Raccourci vers Internet Optimizer.doc.lnk 2004-12-29 08:51 10,240 ----a-w C:\Program Files\Comptabilité.FP3 2004-10-26 17:17 4,466 ----a-w C:\Program Files\QuartzAudioMasterLite.ini 2004-10-26 16:49 40,694 -c-ha-w C:\Program Files\QuartzAudioMasterF.GID 2004-10-26 16:41 175 ----a-w C:\Program Files\_DEISREG.ISR 2004-10-26 16:41 1,984 ----a-w C:\Program Files\DeIsL3.isu 2004-10-26 16:32 8,628 ---ha-w C:\Program Files\fwwelcomeF.GID 2004-10-26 16:32 7,895 ----a-w C:\Program Files\DeIsL2.isu 2004-10-26 16:29 2,111 ----a-w C:\Program Files\DeIsL1.isu 2004-10-22 02:51 257,886 ------w C:\Program Files\VirtualDub.vdhelp 2004-09-26 13:00 18,321 ------w C:\Program Files\copying 2004-02-23 18:27 98,304 ----a-w C:\Program Files\lffax14N.dll 2004-02-23 18:26 163,840 ----a-w C:\Program Files\ltfil14N.DLL 2004-02-23 08:51 73,728 ----a-w C:\Program Files\lfpsd14N.dll 2004-02-23 08:51 49,152 ----a-w C:\Program Files\lfpcd14N.dll 2004-02-23 08:45 475,136 ----a-w C:\Program Files\ltkrn14N.dll 2004-02-22 12:14 53,248 ----a-w C:\Program Files\lftga14N.dll 2004-02-22 12:14 159,744 ----a-w C:\Program Files\lftif14N.dll 2004-02-22 12:11 53,248 ----a-w C:\Program Files\lfpcx14N.dll 2004-02-22 12:11 159,744 ----a-w C:\Program Files\Lfpng14N.dll 2004-02-22 12:10 53,248 ----a-w C:\Program Files\lflmb14N.dll 2004-02-22 12:10 253,952 ----a-w C:\Program Files\LFJ2K14N.dll 2004-02-22 12:10 110,592 ----a-w C:\Program Files\lfjbg14N.dll 2004-02-22 12:08 65,536 ----a-w C:\Program Files\lfeps14N.dll 2004-02-22 12:06 401,408 ----a-w C:\Program Files\LFCMP14N.DLL 2004-02-22 12:05 57,344 ----a-w C:\Program Files\lfbmp14N.dll 2004-02-22 11:59 282,624 ----a-w C:\Program Files\ltefx14N.dll 2004-02-22 11:58 954,368 ----a-w C:\Program Files\ltimg14N.dll 2004-02-22 11:57 1,695,744 ----a-w C:\Program Files\LTCLR14N.dll 2004-02-22 08:29 86,016 ----a-w C:\Program Files\Lfpct14N.dll 2004-02-20 00:36 16,896 ------w C:\Program Files\auxsetup.exe 2004-02-19 12:13 299,008 ----a-w C:\Program Files\LTDIS14N.dll 2004-02-19 12:09 253,952 ----a-w C:\Program Files\LTEml14n.dll 2004-02-19 09:25 61,440 ----a-w C:\Program Files\Lfwmf14N.dll 2003-03-24 20:24 917,504 ----a-w C:\Program Files\_ISource30.dll 2003-03-19 06:20 1,060,864 ----a-w C:\Program Files\MFC71.dll 2003-03-19 05:44 61,440 ----a-w C:\Program Files\MFC71FRA.DLL 2003-03-19 05:14 499,712 ----a-w C:\Program Files\msvcp71.dll 2003-02-21 13:42 348,160 ----a-w C:\Program Files\msvcr71.dll 2002-08-29 10:44 1,703,936 ----a-w C:\Program Files\GdiPlus.dll 2002-06-29 20:04 393 ----a-w C:\Program Files\Install.txt 2002-06-28 10:06 30 ----a-w C:\Program Files\Uninstall.bat 2002-06-28 10:06 27 ----a-w C:\Program Files\Install.bat 2001-04-30 07:57 45,056 ----a-w C:\Program Files\qmidifw32.dll 2001-04-30 07:54 32,768 ----a-w C:\Program Files\QMIDIFW16.DLL 2001-04-20 09:55 262,144 ----a-w C:\Program Files\wmixd.dll 2001-04-20 07:54 99,299 ----a-w C:\Program Files\FWWELCOMEF.HLP 2001-04-12 12:39 2,548,067 ----a-w C:\Program Files\QuartzAudioMasterF.HLP 2001-04-12 12:29 6,096 ----a-w C:\Program Files\QuartzAudioMasterF.cnt 2001-04-03 15:15 73,728 ----a-w C:\Program Files\qmidifw.dll 2001-04-02 11:38 339,968 ----a-w C:\Program Files\qmidixf.dll 2001-04-02 11:33 77,824 ----a-w C:\Program Files\qksb.dll 2001-04-02 11:33 53,248 ----a-w C:\Program Files\wmdfx.dll 2001-04-02 11:32 90,112 ----a-w C:\Program Files\qam.dll 2001-02-20 15:25 225,280 ----a-w C:\Program Files\wmdcdce.dll 2001-02-05 15:34 735,976 ----a-w C:\Program Files\GETTINGSTARTEDQAM460.HLP 2000-12-12 12:10 202 ----a-w C:\Program Files\QFXP0004.QFP 2000-10-24 11:37 20,250 ----a-w C:\Program Files\QREV_F.HLP 2000-10-24 11:37 20,183 ----a-w C:\Program Files\QPHAS_F.HLP 2000-10-24 11:36 20,182 ----a-w C:\Program Files\QDEL_F.HLP 2000-10-24 11:36 19,776 ----a-w C:\Program Files\QCHO_F.HLP 2000-10-24 11:32 65,536 ----a-w C:\Program Files\PhaserF.Q3P 2000-10-24 11:32 212,992 ----a-w C:\Program Files\REVF.Q3P 2000-10-24 11:31 61,440 ----a-w C:\Program Files\DELAYF.Q3P 2000-10-24 11:30 81,920 ----a-w C:\Program Files\CHORUSF.Q3P 2000-10-05 14:00 282,362 ----a-w C:\Program Files\cool_demo.qac 2000-10-05 13:47 586 ----a-w C:\Program Files\QFXP0014.QFP 2000-09-20 11:11 496 ----a-w C:\Program Files\pianotrack.QAT 2000-09-20 11:11 352 ----a-w C:\Program Files\brasstrack.QAT 2000-09-20 11:11 1,738 ----a-w C:\Program Files\basstrack.QAT 2000-09-20 11:09 2,650 ----a-w C:\Program Files\drumtrack.QAT 2000-01-12 07:04 84,022 ----a-w C:\Program Files\q3cDefKnob.bmp 2000-01-05 22:11 47,654 ----a-w C:\Program Files\q3cDefBack.bmp . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2008-01-01 11:42 1502232 --a------ C:\Program Files\Freecorder bFre1.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19080985-88bd-4c73-87cd-9ba28a932567}] C:\WINDOWS\system32\msadups.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {327C2873-E90D-4C37-AA9D-10AC9BABA46C} {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} {1392B8D2-5C05-419F-A8F6-B9F15A596612} {EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= C:\Program Files\Freecorder bFre1.dll [2008-01-01 11:42 1502232] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472] "NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-05-19 18:38 1957888] "LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 03:11 114688] "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 15:06 406016] "WireLessKeyboard "="C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe" [2005-05-14 22:39 253952] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2005-03-02 11:17 180269] "NetService"="C:\Documents and Settings\Françoise\Application Data mp10.tmp.exe" [ ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\atlmgm] atlmgm.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\msadups] msadups.dll R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-04-15 10:02] R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-05-20 17:25] R2 ECBatteryDRV;ECBatteryDRV;C:\WINDOWS\system32\drivers\ECBatteryDRV.sys [2003-03-19 07:37] R2 ECMonitorDRV;ECMonitorDRV;C:\WINDOWS\system32\drivers\ECMonitorDRV.sys [2003-01-29 04:03] R2 ECUtilityDRV;ECUtilityDRV;C:\WINDOWS\system32\drivers\ECUtilityDRV.sys [2003-01-29 04:03] R2 HotCPUDRV;HotCPUDRV;C:\WINDOWS\system32\drivers\HotCPUDRV.sys [2003-01-29 04:03] R2 WinBootDRV;WinBootDRV;C:\WINDOWS\system32\drivers\WinBootDRV.sys [2003-01-29 04:02] R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-03-13 11:13] R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-03-13 11:13] R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-02-13 08:29] S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 20:12] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2003-09-15 03:42] S4 Dis2wormv;Dis2wormv;C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 20:57] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-25 18:26:17 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 2377 ************************************************************************** . Temps d'accomplissement: 2008-01-25 18:30:20 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-25 17:29:54 ET LE RAPPORT HIJACKTHIS : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:36:53, on 25/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\slrundll.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32 otepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gericom.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder bFre1.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder bFre1.dll O2 - BHO: (no name) - {19080985-88bd-4c73-87cd-9ba28a932567} - C:\WINDOWS\system32\msadups.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder bFre1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [NetService] C:\Documents and Settings\Françoise\Application Data mp10.tmp.exe /run O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader eader_sl.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Ouvrir le fichier PDF dans Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /300 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin pjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin pjpi150_04.dll O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.gericom.com O20 - Winlogon Notify: atlmgm - atlmgm.dll (file missing) O20 - Winlogon Notify: msadups - msadups.dll (file missing) O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

g!rly · Answer

francoise, 

regarde ceci concernant ton cher avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instal l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php <- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Copie le texte ci-dessous :

File::
C:\WINDOWS\Setup1.exe
C:\WINDOWS\SAEE086A7.tmp
C:\Program Files\Freecorder	bFre1.dll
C:\WINDOWS\system32\msadups.dll
C:\Documents and Settings\Françoise\Application Data	mp10.tmp.exe

Folder::
C:\Program Files\Navilog1

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19080985-88bd-4c73-87cd-9ba28a932567}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=-
[-HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"=-
[-HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetService"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\atlmgm]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\msadups]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

mememad · Answer

Ce fut très long mais ce n'est malheureusement pas de mon fait... Merci pour ta patience et ton savoir. Voici donc le rapport Combofix : ComboFix 08-01-23.1C - Françoise 2008-01-25 21:09:29.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.317 [GMT 1:00] Endroit: C:\Documents and Settings\Françoise\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Françoise\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE C:\Documents and Settings\Françoise\Application Data\tmp10.tmp.exe C:\Program Files\Freecorder\tbFre1.dll C:\WINDOWS\SAEE086A7.tmp C:\WINDOWS\Setup1.exe C:\WINDOWS\system32\msadups.dll . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\Freecorder\tbFre1.dll C:\Program Files\Navilog1 C:\Program Files\Navilog1\Backupnavi\backup_registry.dat C:\Program Files\Navilog1\Backupnavi\rhjcsp.dat C:\Program Files\Navilog1\Backupnavi\rhjcsp.exe C:\Program Files\Navilog1\Backupnavi\rhjcsp_nav.dat C:\Program Files\Navilog1\Backupnavi\rhjcsp_navps.dat C:\Program Files\Navilog1\catchme.exe C:\Program Files\Navilog1\GetPaths.exe C:\Program Files\Navilog1\gnc.exe C:\Program Files\Navilog1\oem2ansi.exe C:\Program Files\Navilog1\Process.exe C:\Program Files\Navilog1\reboot.exe C:\Program Files\Navilog1\reg.exe C:\Program Files\Navilog1\regnavi.reg C:\Program Files\Navilog1\traite.bat C:\Program Files\Navilog1\traite2.bat C:\Program Files\Navilog1\unins000.dat C:\Program Files\Navilog1\unins000.exe C:\WINDOWS\SAEE086A7.tmp C:\WINDOWS\Setup1.exe . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-25 to 2008-01-25 )))))))))))))))))))))))))))))))))))) . 2008-01-25 19:39 . 2008-01-25 19:39 d-------- C:\Program Files\Avira 2008-01-25 18:33 . 2008-01-25 18:33 d-------- C:\Program Files\Trend Micro 2008-01-25 18:17 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe 2008-01-25 11:35 . 2008-01-25 11:35 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-25 11:35 . 2008-01-25 11:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-17 11:04 . 2008-01-17 11:04 74,752 --a------ C:\WINDOWS\ST6UNST.EXE 2008-01-03 11:36 . 2008-01-03 11:36 d-------- C:\Program Files\FileZilla Client 2007-12-29 14:14 . 2007-12-29 14:18 d-------- C:\Program Files\Ad-Aware 2007 2007-12-29 14:13 . 2007-12-29 14:13 d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-12-28 18:32 . 2007-12-28 19:22 d-------- C:\Program Files\Neodivx . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-25 20:15 --------- d-----w C:\Program Files\Freecorder 2008-01-25 08:54 --------- d-----w C:\Program Files\CDDC-MahJongg 2008-01-25 07:54 --------- d-----w C:\Program Files\eMule 2007-12-29 13:18 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys 2007-12-29 13:18 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys 2007-12-29 13:10 --------- d-----w C:\Program Files\Lavasoft 2007-12-25 11:49 --------- d-----w C:\Program Files\DivX 2007-12-18 11:40 --------- d-----w C:\Program Files\Secured eMule 2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll 2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll 2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll 2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll 2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2007-11-29 22:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys 2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2007-11-29 22:30 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2007-11-29 22:30 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll 2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll 2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll 2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll 2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll 2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll 2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2006-03-14 09:06 4,031 ----a-w C:\Program Files\dewplayer.swf 2006-01-26 16:20 144 ----a-w C:\Program Files\VirtualDub.jobs 2006-01-20 13:51 3,537 ----a-w C:\Program Files\UnInstall_VirtualDub.txt 2005-12-20 15:36 1,437,696 ----a-w C:\Program Files\PrintPratic3.exe 2005-12-20 15:34 4,644,864 ----a-w C:\Program Files\Res_fra7690.dll 2005-11-24 14:33 8,628 ---ha-w C:\Program Files\GETTINGSTARTEDQAM460.GID 2005-11-24 14:32 1,409 ----a-w C:\Program Files\MUSICAL.FOT 2005-11-03 09:52 17,408 -csha-w C:\Program Files\Thumbs.db 2005-09-29 08:10 16,384 ----a-w C:\Program Files\XTPResourceFr.dll 2005-07-19 21:10 887,296 ------w C:\Program Files\VirtualDub.exe 2005-07-10 13:47 117,991 ------w C:\Program Files\VirtualDub.vdi 2005-07-10 13:45 7,738 ------w C:\Program Files\vdub.exe 2005-07-10 13:44 7,168 ------w C:\Program Files\vdremote.dll 2005-07-10 13:44 6,656 ------w C:\Program Files\vdicmdrv.dll 2005-07-10 13:44 5,120 ------w C:\Program Files\vdsvrlnk.dll 2005-06-28 12:25 2,146,304 ----a-w C:\Program Files\XTP9600Lib.dll 2005-05-11 23:05 344,064 ------w C:\Program Files\UnInstall_VirtualDub.exe 2005-04-28 17:39 237,568 ----a-w C:\Program Files\ispare.exe 2005-04-26 17:26 10,684 ------w C:\Program Files\French.lng 2005-03-14 14:15 520 ----a-w C:\Program Files\Raccourci vers Internet Optimizer.doc.lnk 2004-12-29 08:51 10,240 ----a-w C:\Program Files\Comptabilité.FP3 2004-10-26 17:17 4,466 ----a-w C:\Program Files\QuartzAudioMasterLite.ini 2004-10-26 16:49 40,694 -c-ha-w C:\Program Files\QuartzAudioMasterF.GID 2004-10-26 16:41 175 ----a-w C:\Program Files\_DEISREG.ISR 2004-10-26 16:41 1,984 ----a-w C:\Program Files\DeIsL3.isu 2004-10-26 16:32 8,628 ---ha-w C:\Program Files\fwwelcomeF.GID 2004-10-26 16:32 7,895 ----a-w C:\Program Files\DeIsL2.isu 2004-10-26 16:29 2,111 ----a-w C:\Program Files\DeIsL1.isu 2004-10-22 02:51 257,886 ------w C:\Program Files\VirtualDub.vdhelp 2004-09-26 13:00 18,321 ------w C:\Program Files\copying 2004-02-23 18:27 98,304 ----a-w C:\Program Files\lffax14N.dll 2004-02-23 18:26 163,840 ----a-w C:\Program Files\ltfil14N.DLL 2004-02-23 08:51 73,728 ----a-w C:\Program Files\lfpsd14N.dll 2004-02-23 08:51 49,152 ----a-w C:\Program Files\lfpcd14N.dll 2004-02-23 08:45 475,136 ----a-w C:\Program Files\ltkrn14N.dll 2004-02-22 12:14 53,248 ----a-w C:\Program Files\lftga14N.dll 2004-02-22 12:14 159,744 ----a-w C:\Program Files\lftif14N.dll 2004-02-22 12:11 53,248 ----a-w C:\Program Files\lfpcx14N.dll 2004-02-22 12:11 159,744 ----a-w C:\Program Files\Lfpng14N.dll 2004-02-22 12:10 53,248 ----a-w C:\Program Files\lflmb14N.dll 2004-02-22 12:10 253,952 ----a-w C:\Program Files\LFJ2K14N.dll 2004-02-22 12:10 110,592 ----a-w C:\Program Files\lfjbg14N.dll 2004-02-22 12:08 65,536 ----a-w C:\Program Files\lfeps14N.dll 2004-02-22 12:06 401,408 ----a-w C:\Program Files\LFCMP14N.DLL 2004-02-22 12:05 57,344 ----a-w C:\Program Files\lfbmp14N.dll 2004-02-22 11:59 282,624 ----a-w C:\Program Files\ltefx14N.dll 2004-02-22 11:58 954,368 ----a-w C:\Program Files\ltimg14N.dll 2004-02-22 11:57 1,695,744 ----a-w C:\Program Files\LTCLR14N.dll 2004-02-22 08:29 86,016 ----a-w C:\Program Files\Lfpct14N.dll 2004-02-20 00:36 16,896 ------w C:\Program Files\auxsetup.exe 2004-02-19 12:13 299,008 ----a-w C:\Program Files\LTDIS14N.dll 2004-02-19 12:09 253,952 ----a-w C:\Program Files\LTEml14n.dll 2004-02-19 09:25 61,440 ----a-w C:\Program Files\Lfwmf14N.dll 2003-03-24 20:24 917,504 ----a-w C:\Program Files\_ISource30.dll 2003-03-19 06:20 1,060,864 ----a-w C:\Program Files\MFC71.dll 2003-03-19 05:44 61,440 ----a-w C:\Program Files\MFC71FRA.DLL 2003-03-19 05:14 499,712 ----a-w C:\Program Files\msvcp71.dll 2003-02-21 13:42 348,160 ----a-w C:\Program Files\msvcr71.dll 2002-08-29 10:44 1,703,936 ----a-w C:\Program Files\GdiPlus.dll 2002-06-29 20:04 393 ----a-w C:\Program Files\Install.txt 2002-06-28 10:06 30 ----a-w C:\Program Files\Uninstall.bat 2002-06-28 10:06 27 ----a-w C:\Program Files\Install.bat 2001-04-30 07:57 45,056 ----a-w C:\Program Files\qmidifw32.dll 2001-04-30 07:54 32,768 ----a-w C:\Program Files\QMIDIFW16.DLL 2001-04-20 09:55 262,144 ----a-w C:\Program Files\wmixd.dll 2001-04-20 07:54 99,299 ----a-w C:\Program Files\FWWELCOMEF.HLP 2001-04-12 12:39 2,548,067 ----a-w C:\Program Files\QuartzAudioMasterF.HLP 2001-04-12 12:29 6,096 ----a-w C:\Program Files\QuartzAudioMasterF.cnt 2001-04-03 15:15 73,728 ----a-w C:\Program Files\qmidifw.dll 2001-04-02 11:38 339,968 ----a-w C:\Program Files\qmidixf.dll . ((((((((((((((((((((((((((((( snapshot@2008-01-25_18.29.23.15 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-25 17:18:05 1,089,536 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-01-25 20:08:51 1,089,536 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-01-25 17:18:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-25 20:08:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat - 2008-01-25 17:18:05 909,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat + 2008-01-25 20:08:51 909,312 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\ntuser.dat - 2008-01-25 17:18:05 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-25 20:08:51 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat - 2008-01-25 17:18:06 9,170,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT + 2008-01-25 20:08:52 9,170,944 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT - 2008-01-25 17:18:06 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-25 20:08:52 36,864 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-25 20:08:52 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000007\ntuser.dat + 2007-08-09 12:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2007-07-18 13:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2007-09-07 11:05:19 62,016 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys + 2007-03-01 09:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys - 2007-10-28 08:25:57 54,614 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-25 17:30:20 54,614 ----a-w C:\WINDOWS\system32\perfc009.dat - 2007-10-28 08:25:57 65,800 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-01-25 17:30:20 65,800 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2007-10-28 08:25:57 384,930 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-25 17:30:20 384,930 ----a-w C:\WINDOWS\system32\perfh009.dat - 2007-10-28 08:25:57 449,978 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-01-25 17:30:20 449,978 ----a-w C:\WINDOWS\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472] "NBJ"="C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" [2005-05-19 18:38 1957888] "LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-03-11 03:11 114688] "PinnacleDriverCheck"="C:\WINDOWS\System32\PSDrvCheck.exe" [2003-11-10 15:06 406016] "WireLessKeyboard "="C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe" [2005-05-14 22:39 253952] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-03-02 11:17 180269] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2004-04-15 10:02] R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2005-05-20 17:25] R2 ECBatteryDRV;ECBatteryDRV;C:\WINDOWS\system32\drivers\ECBatteryDRV.sys [2003-03-19 07:37] R2 ECMonitorDRV;ECMonitorDRV;C:\WINDOWS\system32\drivers\ECMonitorDRV.sys [2003-01-29 04:03] R2 ECUtilityDRV;ECUtilityDRV;C:\WINDOWS\system32\drivers\ECUtilityDRV.sys [2003-01-29 04:03] R2 HotCPUDRV;HotCPUDRV;C:\WINDOWS\system32\drivers\HotCPUDRV.sys [2003-01-29 04:03] R2 WinBootDRV;WinBootDRV;C:\WINDOWS\system32\drivers\WinBootDRV.sys [2003-01-29 04:02] R3 {5C8B2B62-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-A;C:\WINDOWS\system32\drivers\A311.sys [2003-03-13 11:13] R3 {5C8B2B65-A385-11d5-A78B-00104B672758};AIM 3.0 Part 01 Codec Driver CH-7017-B;C:\WINDOWS\system32\drivers\A310.sys [2003-03-13 11:13] R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;C:\WINDOWS\system32\DRIVERS\DP83815.SYS [2003-02-13 08:29] S3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 20:12] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23] S3 sbusb;Sound Blaster USB Audio Driver;C:\WINDOWS\system32\DRIVERS\sbusb.sys [2003-09-15 03:42] S4 Dis2wormv;Dis2wormv;C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 20:57] *Newly Created Service* - ANTIVIRSCHEDULER *Newly Created Service* - ANTIVIRSERVICE *Newly Created Service* - AVGIO *Newly Created Service* - AVGNTFLT *Newly Created Service* - AVIPBB [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-25 21:15:47 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . Temps d'accomplissement: 2008-01-25 21:18:16 ComboFix-quarantined-files.txt 2008-01-25 20:17:13 ComboFix2.txt 2008-01-25 17:30:20 ET HIJACKTHIS : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:19:42, on 25/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gericom.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\Multimedia Keyboard\PS2USBKbdDrv.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [NBJ] "C:\PROGRA~1\Ahead\NEROBA~1\NBJ.exe" O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Ouvrir le fichier PDF dans Word - res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /300 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O14 - IERESET.INF: START_PAGE_URL=http://www.gericom.com O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTsvcCDA.exe (file missing) O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

g!rly · Answer

re,

c´est beaucoup mieux ;-)

maintenant :

tu surf avec internet explorer 6.0 = failles de securitées importantes

alors fais les mises a jour windows : tu veux la version 7.0

et pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

http://www.firefox.fr/

ta version de acrobat reader n´est pas a jour, tu veux la version 8.1 derniere en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou foxit plus léger :

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

anti spyware :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : http://forum.telecharger.01net.com/forum/

telecharge aussi cet anti spyware il a aussi un resident le teatimer :

spybot :

https://www.commentcamarche.net/telecharger/ 122 spybot

http://www.safer-networking.org/fr/faq/33.html

spyware gard :

https://www.zebulon.fr/dossiers/securite/47-spywareguard.html

tous les trois sont complementaires, alors si tu veux; tu peux tous les installer...

puis j´amerais que tu fasse un scan complet de ta machine avec antivir

avec les réglages suivant :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

post le rapport d´antivir stp

@+

mememad · Answer

Bonjour,
Je dois te présenter les excuses de mon corps qui n'a pas eu la force de résister à une flémingite aiguë hier soir !
Je viens de lire ta dernière réponse dans ma boîte à mail. 
J'ai été surprise de lire que "je surfais avec Explorer" étant donné que j'ai toujours utilisé Mozilla. Quand j'ai voulu utiliser ton lien http://www.firefox.fr de mon mail, effectivement, oh ! surprise, Exploreur s'est ouvert !!! J'avais d'ailleurs remarqué hier soir parmi les nouveaux icônes de "navilog, cleanavi...etc." qu'un icône de cet exploreur s'était déposé sur mon bureau ! Non pas un raccourci mais l'icône du programme !!! Gonflé non ?
Peux-tu m'expliquer comment remédier à cette intrusion car je viens de refaire un essai, tant que mozilla n'est pas ouvert, si j'actionne un lien directement d'un de mes mail, "l'autre intrus" se rapplique !

J'ai fait tous les devoirs que tu m'as demandés. Voici le résultat d'antivir :

AntiVir PersonalEdition Classic
Report file date: samedi 26 janvier 2008  10:38

Scanning for 1036370 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         Françoise
Computer name:    NOM-FULKL1OH2QW

Version information:
BUILD.DAT    : 269           15604 Bytes  10/09/2007 14:31:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  23/08/2007 13:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  16/08/2007 12:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  14/08/2007 15:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  21/08/2007 12:35:20
ANTIVIR0.VDF : 6.35.0.1    7371264 Bytes  31/05/2006 12:32:40
ANTIVIR1.VDF : 6.39.0.129  7251968 Bytes  10/07/2007 12:32:46
ANTIVIR2.VDF : 6.39.1.43   1542656 Bytes  25/08/2007 17:21:02
ANTIVIR3.VDF : 6.39.1.51     29696 Bytes  28/08/2007 07:22:36
AVEWIN32.DLL : 7.6.0.5     2789888 Bytes  29/08/2007 17:09:10
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  26/02/2007 10:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  18/07/2007 07:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15     360488 Bytes  03/08/2007 08:46:00
AVREG.DLL    : 7.0.1.6       30760 Bytes  18/07/2007 07:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  18/07/2007 07:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  08/03/2007 11:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  07/08/2007 12:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  21/08/2007 12:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: samedi 26 janvier 2008  10:38

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'OUTLOOK.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'PS2USBKbdDrv.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'fxssvc.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '25' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\user32.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB824141$\win32k.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$
dis.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$
disuio.sys
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$
etshell.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\es.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$pcrt4.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$pcss.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$	xflog.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB832353$\wmpcore.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB833998$\shell32.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB833998$\sxs.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$
etapi32.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$
mcom.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$tcdll.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll
      [WARNING]   The file could not be opened!
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll
      [WARNING]   The file could not be opened!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: samedi 26 janvier 2008  11:35
Used time: 56:37 min

The scan has been done completely.

   5146 Scanning directories
 253396 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
     61 Files cannot be scanned
 253396 Files not concerned
   7080 Archives were scanned
     61 Warnings
      0 Notes

EST-CE GRAVE DOCTEUR ???

g!rly · Answer

re,

ok pouir le scan antivir...

tu n´as pas du vouloir utiliser firefox comme navigateur par defaut au depart, 

pour y remedier :

Tu ouvres firefox.
OUTILS/OPTIONS
Au pied de la fenêtre qui s'ouvre dans l´onglet generale, tu coches la case "au démarrage toujours vérifier que firefox est le navigateur par défaut"
puis au prochain redemarrage tu lui dira que tu veux qu´il soie le navigateur par defaut...

comment ce porte ton pc maintenant?

@+

mememad · Answer

Cher docteur, je viens de réaliser ta dernière recommandation.
J'ai l'impression que mon PC se porte à ravir car le peu de surf que j'ai fait entre les exercices que tu m'avais donnés n'ont pas été perturbés par "l'intrus".
Girly, je ne sais comment te remercier pour avoir aidé une vielle handicappée de l'info.
Que puis-je faire pour te faire plaisir ?
Je me permets donc de t'embrasser virtuellement et coche la case "résolu"...
A bientôt peut-être... mais le plus tard possible.

g!rly · Answer

tres bien ;-)
c´etait un plaisir...
je t´embrasse aussi :P
bonne continuation.
bye`

NON, pas de casino, NON pas de meet...

11 réponses

Discussions similaires

Newsletters