Sujet Précédent Sujet Suivant

Avis sur HijackThis log apres Virtumonde

Résolu/Fermé
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 - 2 mai 2008 à 12:15
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 - 5 mai 2008 à 16:43
Bonjour,
Je souhaite un avis sur mon rapport Hijackthis apres Vundo/Virtumonde detection
j'ai passe Cclean,Spybot,Avast (gratuit),Vundofix,Bitdefender et apres Hijackthis (en sans echec), le voici
le problem c'est que j'ai toujours un element de demarrage
qufxfxde (dans Utilitaire de configuration system)
Commande:- Rundll32.exe "C:\WINDOWS\system32\qdfxfxde.dll",s
Emplacement:- SOFTWARE\Microsoft\Windows\currentVersion\Run

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:46:59, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6A7DCA88-77E6-4C2C-9209-C40985C2AB2D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ACFF2FC7-6C39-4697-804B-E571EEC98F7A} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2} - (no file)
O2 - BHO: (no name) - {F377E7C1-29D3-40A6-8E99-65E504ECF1BA} - (no file)
O2 - BHO: (no name) - {FE946F62-F12F-4488-AA5F-8B147EF6BC62} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

48 réponses

Précédent
Réponse 21 / 48
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
2 mai 2008 à 18:20
ok,


installe maintenant antivir et fais l'analyse en mode sans échec.

Aller courage.
0
Réponse 22 / 48
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
2 mai 2008 à 18:22
je vais des installer Avast "sans echec"
et installer AntiVir que j'ai deja eu sur vieux P2 il y a 5ans ca a changer ?
rest on line sur l'autre ordi
0
Réponse 23 / 48
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
2 mai 2008 à 19:07
Bon j'ai commencer scan on mode normal ayant charger mises a jour, ici log partiel



Avira AntiVir Personal
Report file date: vendredi 2 mai 2008 18:57

Scanning for 1248213 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HOME-7BABDDAA15

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 02/05/2008 16:56:17
AVSCAN.DLL : 8.1.1.0 53505 Bytes 02/05/2008 16:56:17
LUKE.DLL : 8.1.2.9 151809 Bytes 02/05/2008 16:56:18
LUKERES.DLL : 8.1.2.1 12033 Bytes 02/05/2008 16:56:18
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:56:18
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 16:56:18
ANTIVIR3.VDF : 7.0.3.243 276992 Bytes 02/05/2008 16:56:18
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 02/05/2008 16:56:19
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 02/05/2008 16:56:19
AESCN.DLL : 8.1.0.15 119157 Bytes 02/05/2008 16:56:19
AERDL.DLL : 8.1.0.20 418165 Bytes 02/05/2008 16:56:19
AEPACK.DLL : 8.1.1.4 364918 Bytes 02/05/2008 16:56:19
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 02/05/2008 16:56:19
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 02/05/2008 16:56:19
AEHELP.DLL : 8.1.0.14 115063 Bytes 02/05/2008 16:56:19
AEGEN.DLL : 8.1.0.18 299381 Bytes 02/05/2008 16:56:19
AEEMU.DLL : 8.1.0.5 430450 Bytes 02/05/2008 16:56:18
AECORE.DLL : 8.1.0.27 168310 Bytes 02/05/2008 16:56:18
AVWINLL.DLL : 1.0.0.7 14593 Bytes 02/05/2008 16:56:17
AVPREF.DLL : 8.0.0.1 25857 Bytes 02/05/2008 16:56:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 02/05/2008 16:56:17
AVARKT.DLL : 1.0.0.23 307457 Bytes 02/05/2008 16:56:17
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 02/05/2008 16:56:17
SQLITE3.DLL : 3.3.17.1 339968 Bytes 02/05/2008 16:56:18
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 02/05/2008 16:56:18
NETNT.DLL : 8.0.0.1 7937 Bytes 02/05/2008 16:56:18
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 02/05/2008 16:56:13
RCTEXT.DLL : 8.0.32.0 86273 Bytes 02/05/2008 16:56:13

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 2 mai 2008 18:57

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'VirtualExpander.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'tbksche.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'HidFind.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Fast.exe' - '1' Module(s) have been scanned
Scan process 'TaskSwitch.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'KHOOKER.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'Fast.exe' - '1' Module(s) have been scanned
Scan process 'tbkntservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '39' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRenos1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '488948e8.qua'!


End of the scan: vendredi 2 mai 2008 19:03
Used time: 06:03 min

The scan has been canceled!

1035 Scanning directories
8478 Files were scanned
0 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
8478 Files not concerned
82 Archives were scanned
1 Warnings
1 Notes

A+ ca en prend du temps merci pour ton interet
0
Réponse 24 / 48
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
2 mai 2008 à 19:28
je n'ai pas eu ton deuxième rapport avec les suppressions.

si tu ne l'à pas refais un scan.

sinon envois le moi.
0
Utilisateur anonyme
2 mai 2008 à 19:37
Bonjour vous,
Bin si tu l'as eu :

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRenos1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '488948e8.qua'!


A+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 48
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
2 mai 2008 à 21:22
scan tojour en cour 97% 2h10 de scan? tous se ralenti ?
A+
0
Réponse 26 / 48
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
2 mai 2008 à 21:24
no soucis.
0
Réponse 27 / 48
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
2 mai 2008 à 21:41
Salut
voicii rapport
1) partiel


Avira AntiVir Personal
Report file date: vendredi 2 mai 2008 18:57

Scanning for 1248213 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HOME-7BABDDAA15

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 02/05/2008 16:56:17
AVSCAN.DLL : 8.1.1.0 53505 Bytes 02/05/2008 16:56:17
LUKE.DLL : 8.1.2.9 151809 Bytes 02/05/2008 16:56:18
LUKERES.DLL : 8.1.2.1 12033 Bytes 02/05/2008 16:56:18
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:56:18
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 16:56:18
ANTIVIR3.VDF : 7.0.3.243 276992 Bytes 02/05/2008 16:56:18
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 02/05/2008 16:56:19
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 02/05/2008 16:56:19
AESCN.DLL : 8.1.0.15 119157 Bytes 02/05/2008 16:56:19
AERDL.DLL : 8.1.0.20 418165 Bytes 02/05/2008 16:56:19
AEPACK.DLL : 8.1.1.4 364918 Bytes 02/05/2008 16:56:19
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 02/05/2008 16:56:19
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 02/05/2008 16:56:19
AEHELP.DLL : 8.1.0.14 115063 Bytes 02/05/2008 16:56:19
AEGEN.DLL : 8.1.0.18 299381 Bytes 02/05/2008 16:56:19
AEEMU.DLL : 8.1.0.5 430450 Bytes 02/05/2008 16:56:18
AECORE.DLL : 8.1.0.27 168310 Bytes 02/05/2008 16:56:18
AVWINLL.DLL : 1.0.0.7 14593 Bytes 02/05/2008 16:56:17
AVPREF.DLL : 8.0.0.1 25857 Bytes 02/05/2008 16:56:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 02/05/2008 16:56:17
AVARKT.DLL : 1.0.0.23 307457 Bytes 02/05/2008 16:56:17
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 02/05/2008 16:56:17
SQLITE3.DLL : 3.3.17.1 339968 Bytes 02/05/2008 16:56:18
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 02/05/2008 16:56:18
NETNT.DLL : 8.0.0.1 7937 Bytes 02/05/2008 16:56:18
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 02/05/2008 16:56:13
RCTEXT.DLL : 8.0.32.0 86273 Bytes 02/05/2008 16:56:13

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 2 mai 2008 18:57

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'VirtualExpander.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'tbksche.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'HidFind.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Fast.exe' - '1' Module(s) have been scanned
Scan process 'TaskSwitch.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'KHOOKER.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'Fast.exe' - '1' Module(s) have been scanned
Scan process 'tbkntservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '39' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinRenos1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '488948e8.qua'!


End of the scan: vendredi 2 mai 2008 19:03
Used time: 06:03 min

The scan has been canceled!

1035 Scanning directories
8478 Files were scanned
0 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
8478 Files not concerned
82 Archives were scanned
1 Warnings
1 Notes

2) Complet boot "sans echec"


Avira AntiVir Personal
Report file date: vendredi 2 mai 2008 19:14

Scanning for 1248213 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Tim
Computer name: HOME-7BABDDAA15

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 02/05/2008 16:56:17
AVSCAN.DLL : 8.1.1.0 53505 Bytes 02/05/2008 16:56:17
LUKE.DLL : 8.1.2.9 151809 Bytes 02/05/2008 16:56:18
LUKERES.DLL : 8.1.2.1 12033 Bytes 02/05/2008 16:56:18
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 16:56:18
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 16:56:18
ANTIVIR3.VDF : 7.0.3.243 276992 Bytes 02/05/2008 16:56:18
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 02/05/2008 16:56:19
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 02/05/2008 16:56:19
AESCN.DLL : 8.1.0.15 119157 Bytes 02/05/2008 16:56:19
AERDL.DLL : 8.1.0.20 418165 Bytes 02/05/2008 16:56:19
AEPACK.DLL : 8.1.1.4 364918 Bytes 02/05/2008 16:56:19
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 02/05/2008 16:56:19
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 02/05/2008 16:56:19
AEHELP.DLL : 8.1.0.14 115063 Bytes 02/05/2008 16:56:19
AEGEN.DLL : 8.1.0.18 299381 Bytes 02/05/2008 16:56:19
AEEMU.DLL : 8.1.0.5 430450 Bytes 02/05/2008 16:56:18
AECORE.DLL : 8.1.0.27 168310 Bytes 02/05/2008 16:56:18
AVWINLL.DLL : 1.0.0.7 14593 Bytes 02/05/2008 16:56:17
AVPREF.DLL : 8.0.0.1 25857 Bytes 02/05/2008 16:56:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 02/05/2008 16:56:17
AVARKT.DLL : 1.0.0.23 307457 Bytes 02/05/2008 16:56:17
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 02/05/2008 16:56:17
SQLITE3.DLL : 3.3.17.1 339968 Bytes 02/05/2008 16:56:18
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 02/05/2008 16:56:18
NETNT.DLL : 8.0.0.1 7937 Bytes 02/05/2008 16:56:18
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 02/05/2008 16:56:13
RCTEXT.DLL : 8.0.32.0 86273 Bytes 02/05/2008 16:56:13

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 2 mai 2008 19:14

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '41' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Tim\Mes documents\LimeWire\Saved\David Bowie - Baal`s Hymn.wma
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!
C:\Documents and Settings\Tim\Mes documents\Ma musique\Sandy Denny\sandy denny.mp3
[DETECTION] Is the Trojan horse TR/Dldr.WMA.Wimad.N
[NOTE] The file was deleted!


End of the scan: vendredi 2 mai 2008 21:27
Used time: 2:13:15 min

The scan has been done completely.

9213 Scanning directories
467809 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
467807 Files not concerned
3773 Archives were scanned
1 Warnings
2 Notes



j'espere qu'on vois ce qui se passe
0
Réponse 28 / 48
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
2 mai 2008 à 22:20
salut ludsfa
est ce que cette topic peut me servir
http://www.commentcamarche.net/faq/sujet 952 windows fichier pagefile sys
A+
0
Réponse 29 / 48
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
2 mai 2008 à 22:28
bien,

repasse une fois combofix

oui ce topic est bien mais finissons on arrive au bout.

fais ceci et voit le reste demain.
0
Réponse 30 / 48
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
2 mai 2008 à 23:03
Il se fait tard!

Dernier Combofix log
ComboFix 08-05-01.1 - Tim 2008-05-02 22:37:33.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.284 [GMT 2:00]
Endroit: C:\Documents and Settings\Tim\Mes documents\Informatique\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-02 to 2008-05-02 ))))))))))))))))))))))))))))))))))))
.

2008-05-02 18:52 . 2008-05-02 18:52 <REP> d-------- C:\Program Files\Avira
2008-05-02 18:52 . 2008-05-02 18:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-05-02 18:46 . 2008-05-02 18:46 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-05-02 14:24 . 2008-05-02 14:24 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-02 14:24 . 2008-05-02 14:24 <REP> d-------- C:\Documents and Settings\Tim\Application Data\Malwarebytes
2008-05-02 14:24 . 2008-05-02 14:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-02 14:13 . 2008-05-02 14:18 <REP> d-------- C:\HijackThis
2008-05-02 13:08 . 2008-05-02 13:08 <REP> d-------- C:\VundoFix Backups
2008-05-01 08:45 . 2008-05-01 08:45 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\MySpace
2008-04-30 10:57 . 2008-04-30 11:33 <REP> d-------- C:\Program Files\RegCleaner
2008-04-26 10:47 . 2008-04-26 10:47 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-26 09:28 . 2008-04-29 11:58 109,743 --a------ C:\WINDOWS\BMabd0bf06.xml
2008-04-25 16:14 . 2008-04-29 17:17 <REP> d-------- C:\WINDOWS\system32\pnVes05
2008-04-25 16:14 . 2008-04-25 16:14 <REP> d-------- C:\Temp\zvebs14
2008-04-25 16:14 . 2008-04-25 16:14 <REP> d-------- C:\Temp
2008-04-25 16:00 . 2008-04-30 18:37 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-25 16:00 . 2008-04-25 16:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-25 15:59 . 2008-04-25 15:59 <REP> d-------- C:\Program Files\eMule
2008-04-25 13:46 . 2008-04-25 15:36 <REP> d-------- C:\Documents and Settings\Tim\Application Data\BitTorrent
2008-04-24 11:41 . 2008-04-24 11:41 <REP> d-------- C:\Program Files\MSBuild
2008-04-24 11:32 . 2008-04-24 11:45 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-24 11:29 . 2008-04-24 11:29 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-24 11:20 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-24 11:10 . 2008-04-24 11:46 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-20 10:41 . 2008-04-20 11:02 <REP> d-------- C:\xampp
2008-04-17 14:07 . 2008-04-17 14:07 <REP> d-------- C:\Program Files\Ghostgum
2008-04-17 14:05 . 2008-04-17 14:06 <REP> d-------- C:\Program Files\gs
2008-04-16 14:37 . 2008-04-16 14:37 <REP> d-------- C:\Program Files\Fichiers communs\xing shared
2008-04-12 16:00 . 2008-04-12 16:00 <REP> d-------- C:\Documents and Settings\Tim\Application Data\Recordpad
2008-04-11 17:56 . 2008-04-11 18:07 <REP> d-------- C:\Program Files\QBrew
2008-04-10 12:28 . 2008-04-10 12:28 244 --ah----- C:\sqmnoopt13.sqm
2008-04-10 12:28 . 2008-04-10 12:28 232 --ah----- C:\sqmdata13.sqm
2008-04-10 12:12 . 2008-04-10 12:12 <REP> d-------- C:\Program Files\Fichiers communs\Cadsoft
2008-04-10 12:12 . 2008-04-10 12:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Cadsoft
2008-04-10 12:11 . 2008-04-10 12:11 <REP> d-------- C:\Program Files\Cadsoft
2008-04-10 12:11 . 2008-04-10 12:11 0 --a------ C:\WINDOWS\system32\_r_a_p_.tmp
2008-04-08 09:01 . 2008-05-02 22:48 4,851,744 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-08 09:01 . 2008-05-02 22:42 57,908 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-08 08:57 . 2008-04-08 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-04-08 08:57 . 2007-12-13 19:27 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-04-08 08:57 . 2007-12-13 19:27 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-04-08 08:57 . 2007-12-13 19:27 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-04-08 08:57 . 2007-12-13 19:27 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-04-08 08:57 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-04-08 08:56 . 2007-12-13 19:27 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-04-07 22:54 . 2008-04-07 22:54 244 --ah----- C:\sqmnoopt12.sqm
2008-04-07 22:54 . 2008-04-07 22:54 232 --ah----- C:\sqmdata12.sqm
2008-04-07 14:24 . 2008-04-10 15:22 <REP> d-------- C:\Program Files\ProMash
2008-04-07 10:59 . 2008-04-07 10:59 244 --ah----- C:\sqmnoopt11.sqm
2008-04-07 10:59 . 2008-04-07 10:59 232 --ah----- C:\sqmdata11.sqm
2008-04-07 10:58 . 2008-04-07 10:58 244 --ah----- C:\sqmnoopt10.sqm
2008-04-07 10:58 . 2008-04-07 10:58 232 --ah----- C:\sqmdata10.sqm
2008-04-07 10:57 . 2008-04-07 10:57 244 --ah----- C:\sqmnoopt09.sqm
2008-04-07 10:57 . 2008-04-07 10:57 232 --ah----- C:\sqmdata09.sqm
2008-04-07 10:54 . 2008-04-07 10:54 244 --ah----- C:\sqmnoopt08.sqm
2008-04-07 10:54 . 2008-04-07 10:54 232 --ah----- C:\sqmdata08.sqm
2008-04-07 10:53 . 2008-04-07 10:53 244 --ah----- C:\sqmnoopt07.sqm
2008-04-07 10:53 . 2008-04-07 10:53 232 --ah----- C:\sqmdata07.sqm
2008-04-07 10:51 . 2008-04-07 10:51 244 --ah----- C:\sqmnoopt06.sqm
2008-04-07 10:51 . 2008-04-07 10:51 232 --ah----- C:\sqmdata06.sqm
2008-04-07 10:49 . 2008-04-07 10:49 244 --ah----- C:\sqmnoopt05.sqm
2008-04-07 10:49 . 2008-04-07 10:49 244 --ah----- C:\sqmnoopt04.sqm
2008-04-07 10:49 . 2008-04-07 10:49 232 --ah----- C:\sqmdata05.sqm
2008-04-07 10:49 . 2008-04-07 10:49 232 --ah----- C:\sqmdata04.sqm
2008-04-05 14:25 . 2008-04-05 14:25 <REP> d-------- C:\Documents and Settings\Tim\Application Data\Uniblue
2008-04-05 14:24 . 2008-04-05 14:24 <REP> d-------- C:\Program Files\Uniblue
2008-04-04 13:38 . 2008-04-04 13:38 <REP> d-------- C:\Program Files\iPod
2008-04-04 13:37 . 2008-04-04 13:39 <REP> d-------- C:\Program Files\iTunes
2008-04-04 13:22 . 2008-04-04 13:26 <REP> d-------- C:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-02 16:46 --------- d-----w C:\Program Files\Alwil Software
2008-05-02 11:51 5,782,259 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-05-02 08:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-01 06:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-30 21:53 681,984 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2008-04-30 12:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-04-30 07:34 3,194 ----a-w C:\WINDOWS\system32\tmp.reg
2008-04-29 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-29 15:47 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-26 16:16 --------- d-----w C:\Documents and Settings\Tim\Application Data\gtk-2.0
2008-04-25 12:17 --------- d-----w C:\Documents and Settings\Tim\Application Data\LimeWire
2008-04-22 12:14 --------- d-----w C:\Program Files\Google
2008-04-21 07:30 --------- d-----w C:\Program Files\BeerSmith
2008-04-20 09:13 --------- d-----w C:\Documents and Settings\Tim\Application Data\OpenOffice.org2
2008-04-18 15:49 --------- d-----w C:\Program Files\Safari
2008-04-18 15:46 --------- d-----w C:\Program Files\Apple Software Update
2008-04-16 12:36 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-04-14 22:39 1,494,016 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2008-04-12 14:00 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-12 14:00 --------- d-----w C:\Documents and Settings\Tim\Application Data\NCH Swift Sound
2008-04-12 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-01 07:23 --------- d-----w C:\Documents and Settings\Tim\Application Data\Apple Computer
2008-03-28 18:02 --------- d-----w C:\Program Files\Network Stumbler
2008-03-21 14:29 23,600 ----a-w C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-18 11:10 --------- d-----w C:\Program Files\LimeWire
2008-03-14 14:16 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-03-14 14:16 --------- d-----w C:\Program Files\Ahead
2008-03-14 14:04 --------- d-----w C:\Program Files\Steinberg
2008-03-14 12:38 --------- d-----w C:\Program Files\RAR Password Cracker
2008-03-14 10:10 --------- d-----w C:\Program Files\BRL-CAD
2008-03-13 07:45 --------- d-----w C:\Program Files\Java
2008-03-12 11:40 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-03-11 14:49 --------- d-----w C:\Program Files\MSECache
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-21 09:31 212,480 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-20 11:00 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-07 23:03 315,392 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2006-11-01 12:07 3,623,736 ----a-w C:\Program Files\procexp.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-02_14.05.23.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-02 11:51:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 20:43:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-02 16:46:05 262,144 ----a-w C:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2007-08-09 11:04:11 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 12:22:19 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-05-02 16:56:19 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 08:34:36 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 2008-05-02 20:44:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_65c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A7DCA88-77E6-4C2C-9209-C40985C2AB2D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACFF2FC7-6C39-4697-804B-E571EEC98F7A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F377E7C1-29D3-40A6-8E99-65E504ECF1BA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FE946F62-F12F-4488-AA5F-8B147EF6BC62}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
@={E4000AC4-5E5F-4956-807A-C5854405D64F}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TurboBackup"="C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe" [2007-03-07 00:00 512000]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-10 18:52 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2005-12-03 12:26 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 17:15 106496]
"SiS KHooker"="C:\WINDOWS\system32\khooker.exe" [2003-05-29 03:23 294912]
"AGRSMMSG"="AGRSMMSG.exe" [2003-04-29 09:58 88363 C:\WINDOWS\AGRSMMSG.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-07-18 22:51 135168]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2001-10-08 12:59 45632]
"FastUser"="C:\WINDOWS\system32\fast.exe" [2001-10-08 12:59 49216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2003-07-13 03:49 155648]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 19:27 919016]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2005-12-03 12:27 160768]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-16 14:34 185896]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2008-04-16 14:35 214560]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-05-02 18:56 262401]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2005-12-03 12:26 15360]
"TurboBackup"="C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe" [2007-03-07 00:00 512000]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 09:33 8720384]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMabd0bf06]
C:\WINDOWS\system32\qdfxfxde.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-04-16 14:35 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-04-16 14:34 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Free.fr\\connect.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3:TCP"= 3:TCP:Free
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)

R2 TBKNTService;TBKNTService;C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe [2007-11-16 16:07]
R3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 17:23]
S3 AIDA32Driver;AIDA32Driver;C:\Program Files\AIDA32 - Enterprise System Information\aida32.sys [2004-02-23 05:07]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 22:22]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 04:12]
S3 WPC54Gv3;Linksys Wireless Notebook Adapter WPC54Gv3 Driver;C:\WINDOWS\system32\DRIVERS\WPC54Gv3.SYS [2006-12-01 00:54]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-28 06:12:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-26 08:09:26 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-02 22:45:21
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 129

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\xampp\mysql\bin\mysqld-nt.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-02 22:57:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-02 20:56:55
ComboFix2.txt 2008-05-02 16:04:00
ComboFix3.txt 2008-05-02 12:06:18

Pre-Run: 9,712,943,104 octets libres
Post-Run: 9,709,035,520 octets libres

249 --- E O F --- 2008-04-26 09:31:09



il y a toujours des demandes de change de registre que j'ai refuse
02/05/2008 13:41:15 Allowed (based on user decision) value "GrpConv" (new data: "") deleted in System Startup global entry!
2008-05-02 13:59:00 Allowed (based on user decision) value "avast!" (new data: "") deleted in System Startup global entry!
2008-05-02 13:59:41 Denied (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
2008-05-02 13:59:58 Denied (based on user decision) value "Search Bar" (new data: "") deleted in Browser page!
2008-05-02 14:00:03 Denied (based on user decision) value "Search Page" (new data: "https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF") changed in Browser page!
2008-05-02 14:00:10 Denied (based on user decision) value "SearchAssistant" (new data: "https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
2008-05-02 14:00:44 Denied (based on user decision) value "load" (new data: "") deleted in NT startup!
2008-05-02 14:01:39 Denied (based on user decision) value "scrnsave.exe" (new data: "") deleted in Desktop settings!
02/05/2008 14:06:33 Denied (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
02/05/2008 14:06:36 Denied (based on user decision) value "Search Bar" (new data: "") deleted in Browser page!
02/05/2008 14:06:39 Denied (based on user decision) value "Search Page" (new data: "https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF") changed in Browser page!
02/05/2008 14:06:40 Denied (based on user decision) value "SearchAssistant" (new data: "https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
02/05/2008 14:06:44 Denied (based on user decision) value "load" (new data: "") deleted in NT startup!
02/05/2008 14:06:46 Denied (based on user decision) value "scrnsave.exe" (new data: "") deleted in Desktop settings!
02/05/2008 17:12:27 Denied (based on user decision) value "" (new data: ""%1" %*") changed in SCR Extension handler!
02/05/2008 17:13:05 Denied (based on user decision) value "" (new data: "regedit.exe "%1" %*") changed in REG Extension handler!
02/05/2008 17:13:45 Allowed (based on user decision) value "TkBellExe" (new data: "") deleted in System Startup global entry!
2008-05-02 17:56:34 Allowed (based on user whitelist) value "TkBellExe" (new data: ""C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot") added in System Startup global entry!
02/05/2008 18:25:08 Denied (based on user decision) value "Search Page" (new data: "http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch") changed in Browser page!
02/05/2008 18:25:22 Denied (based on user decision) value "Search Bar" (new data: "") deleted in Browser page!
02/05/2008 18:25:24 Denied (based on user decision) value "Search Page" (new data: "https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF") changed in Browser page!
02/05/2008 18:25:31 Denied (based on user decision) value "SearchAssistant" (new data: "https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm") changed in Browser page!
02/05/2008 18:25:36 Denied (based on user decision) value "load" (new data: "") deleted in NT startup!
02/05/2008 18:25:51 Denied (based on user decision) value "scrnsave.exe" (new data: "") deleted in Desktop settings!
02/05/2008 18:25:57 Denied (based on user decision) value "RealTray" (new data: "") deleted in System Startup global entry!
02/05/2008 18:52:42 Allowed (based on user decision) value "avgnt" (new data: ""C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min") added in System Startup global entry!
02/05/2008 19:01:02 Allowed (based on user whitelist) value "QuickTime Task" (new data: ""C:\Program Files\QuickTime\qttask.exe" -atboottime") added in System Startup global entry!
02/05/2008 22:36:53 Allowed (based on user decision) value "GrpConv" (new data: "grpconv -o") added in System Startup global entry!

est ce coherent?

merci pour ton temps à demain j'espere
0
Réponse 31 / 48
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
2 mai 2008 à 23:20
Aussi j'ai trouver ceci

S&D system iinternals rapport


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2007-07-12 unins000.exe (51.41.0.0)
2008-02-20 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-04-16 Includes\Adware.sbi
2008-04-24 Includes\AdwareC.sbi
2008-04-24 Includes\Cookies.sbi
2007-12-26 Includes\Dialer.sbi
2008-04-24 Includes\DialerC.sbi
2008-04-24 Includes\HeavyDuty.sbi
2008-03-19 Includes\Hijackers.sbi
2008-04-24 Includes\HijackersC.sbi
2008-02-27 Includes\Keyloggers.sbi
2008-04-24 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-04-22 Includes\Malware.sbi
2008-04-24 Includes\MalwareC.sbi
2008-03-26 Includes\PUPS.sbi
2008-04-24 Includes\PUPSC.sbi
2008-04-24 Includes\Revision.sbi
2008-01-09 Includes\Security.sbi
2008-04-24 Includes\SecurityC.sbi
2008-04-16 Includes\Spybots.sbi
2008-04-24 Includes\SpybotsC.sbi
2008-04-16 Includes\Spyware.sbi
2008-04-24 Includes\SpywareC.sbi
2007-11-06 Includes\Tracks.uti
2008-04-24 Includes\Trojans.sbi
2008-04-24 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\WMPBurn.exe
Filename: \WMPBurn\WMPBurn.exe
Data:

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Agere Systems Soft Modem
Filename: agrsmdel
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\BG2Main.Exe
Filename: BG2Main.Exe
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\cmmgr32.exe
Filename: cmmgr32.exe
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help\nwind9.cnt
Filename: nwind9.cnt
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help\nwind9.hlp
Filename: nwind9.hlp
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help\nwindcs9.cnt
Filename: nwindcs9.cnt
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help\nwindcs9.hlp
Filename: nwindcs9.hlp
Data:

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Free.fr
Filename: RunDll32 advpack.dll,LaunchINFSection C:\Program Files\Free.fr\KitFree.inf, Uninstall.NT
Data:

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SiS 740
Filename: RUNDLL32 setuplib.dll,UnInstall ,315&ISUNINST -f"C:\PROGRA~1\SISCOM~1.19\DeIsL1.isu"&P.U 4 xvga.in&-1
Data:

Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCHealth
Filename: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Data:

Category: Missing helpfile
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Help\scanpst.hlp
Filename: scanpst.hlp
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\setup.exe
Filename: setup.exe
Data:

Category: Wrong app path
Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\table30.exe
Filename: table30.exe
Data:




je me renseign mais je ne change rien
aller bonne nuit
0
Réponse 32 / 48
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
3 mai 2008 à 17:08
salut,

peux tu maintenant me refaire un rapport hijackthis.
0
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
3 mai 2008 à 23:08
Salut je devais m'absenter aujourd'hui
on line demain
0
Réponse 33 / 48
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
3 mai 2008 à 23:07
salut
un peu de retard desolé

dernier Hijack log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:13, on 03/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {6A7DCA88-77E6-4C2C-9209-C40985C2AB2D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ACFF2FC7-6C39-4697-804B-E571EEC98F7A} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2} - (no file)
O2 - BHO: (no name) - {F377E7C1-29D3-40A6-8E99-65E504ECF1BA} - (no file)
O2 - BHO: (no name) - {FE946F62-F12F-4488-AA5F-8B147EF6BC62} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 34 / 48
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
4 mai 2008 à 02:26
bien,


Il me faut absolument ton deuxième rapport malwarebytes , si tu ne l'à pas refais un scan mais cette fois envois moi uniquement le rapport avec "afficher les résultats".
0
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
4 mai 2008 à 10:58
Salut ludsfa
Scan Malwarebytes en cour (mode sans echec) environ 50% fait à 11h
j'ai desactiver TeaTimer aussi. Registre à l'air d'etre dans un sale état mais une chose à la fois.

A+
0
Réponse 35 / 48
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
4 mai 2008 à 13:09
Salut ludsfa

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 707

Type de recherche: Examen complet (C:\|)
Eléments examinés: 119419
Temps écoulé: 2 hour(s), 24 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


A+
0
Réponse 36 / 48
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
4 mai 2008 à 17:46
Salut ludsfa

voila VirtumundoBeGone log


[05/01/2008, 23:02:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Tim\Bureau\VirtumundoBeGone.exe" )
[05/01/2008, 23:02:50] - Detected System Information:
[05/01/2008, 23:02:50] - Windows Version: 5.1.2600, Service Pack 2
[05/01/2008, 23:02:51] - Current Username: Tim (Admin)
[05/01/2008, 23:02:51] - Windows is in NORMAL mode.
[05/01/2008, 23:02:51] - Searching for Browser Helper Objects:
[05/01/2008, 23:02:51] - BHO 1: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[05/01/2008, 23:02:51] - BHO 2: {6A7DCA88-77E6-4C2C-9209-C40985C2AB2D} ()
[05/01/2008, 23:02:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 23:02:51] - No filename found. Continuing.
[05/01/2008, 23:02:51] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/01/2008, 23:02:51] - BHO 4: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/01/2008, 23:02:51] - BHO 5: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/01/2008, 23:02:51] - BHO 6: {ACFF2FC7-6C39-4697-804B-E571EEC98F7A} ()
[05/01/2008, 23:02:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 23:02:51] - Checking for HKLM\...\Winlogon\Notify\iifcAPiG
[05/01/2008, 23:02:51] - Key not found: HKLM\...\Winlogon\Notify\iifcAPiG, continuing.
[05/01/2008, 23:02:51] - BHO 7: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/01/2008, 23:02:51] - BHO 8: {B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2} ()
[05/01/2008, 23:02:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 23:02:51] - Checking for HKLM\...\Winlogon\Notify\mlJYoomJ
[05/01/2008, 23:02:51] - Key not found: HKLM\...\Winlogon\Notify\mlJYoomJ, continuing.
[05/01/2008, 23:02:51] - BHO 9: {F377E7C1-29D3-40A6-8E99-65E504ECF1BA} ()
[05/01/2008, 23:02:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 23:02:51] - No filename found. Continuing.
[05/01/2008, 23:02:51] - BHO 10: {FE946F62-F12F-4488-AA5F-8B147EF6BC62} ()
[05/01/2008, 23:02:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/01/2008, 23:02:52] - Checking for HKLM\...\Winlogon\Notify\tuvVLcbx
[05/01/2008, 23:02:52] - Key not found: HKLM\...\Winlogon\Notify\tuvVLcbx, continuing.
[05/01/2008, 23:02:52] - Finished Searching Browser Helper Objects
[05/01/2008, 23:02:52] - Finishing up...
[05/01/2008, 23:02:52] - Nothing found! Exiting...

[05/04/2008, 17:39:45] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Tim\Local Settings\Temporary Internet Files\Content.IE5\IYBSYF7W\VirtumundoBeGone[1].exe" )
[05/04/2008, 17:40:51] - Detected System Information:
[05/04/2008, 17:40:51] - Windows Version: 5.1.2600, Service Pack 2
[05/04/2008, 17:40:51] - Current Username: Tim (Admin)
[05/04/2008, 17:40:51] - Windows is in NORMAL mode.
[05/04/2008, 17:40:51] - Searching for Browser Helper Objects:
[05/04/2008, 17:40:51] - BHO 1: {6A7DCA88-77E6-4C2C-9209-C40985C2AB2D} ()
[05/04/2008, 17:40:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/04/2008, 17:40:51] - No filename found. Continuing.
[05/04/2008, 17:40:51] - BHO 2: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/04/2008, 17:40:51] - BHO 3: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[05/04/2008, 17:40:51] - BHO 4: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[05/04/2008, 17:40:52] - BHO 5: {ACFF2FC7-6C39-4697-804B-E571EEC98F7A} ()
[05/04/2008, 17:40:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/04/2008, 17:40:52] - No filename found. Continuing.
[05/04/2008, 17:40:52] - BHO 6: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
[05/04/2008, 17:40:52] - BHO 7: {B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2} ()
[05/04/2008, 17:40:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/04/2008, 17:40:52] - No filename found. Continuing.
[05/04/2008, 17:40:52] - BHO 8: {F377E7C1-29D3-40A6-8E99-65E504ECF1BA} ()
[05/04/2008, 17:40:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/04/2008, 17:40:52] - No filename found. Continuing.
[05/04/2008, 17:40:52] - BHO 9: {FE946F62-F12F-4488-AA5F-8B147EF6BC62} ()
[05/04/2008, 17:40:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/04/2008, 17:40:52] - No filename found. Continuing.
[05/04/2008, 17:40:52] - Finished Searching Browser Helper Objects
[05/04/2008, 17:40:52] - Finishing up...
[05/04/2008, 17:40:52] - Nothing found! Exiting...



redemarrage en cour
0
Réponse 37 / 48
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
5 mai 2008 à 07:00
salut,

tu me efais un hijackthis stp;



ensuite,

Télécharge sur ton bureau Clean (zip) :http://www.malekal.com/download/clean.zip

= Clic droit sur Clean.zip et Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
=double-clic Dossier Clean
= double-clic Clean. ( avec comme symbole une roue dentée)
= Option 1 = taper 1
= Clean va générer un rapport sur le C: (rapport.txt)
poste le rapport.
0
Réponse 38 / 48
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
5 mai 2008 à 07:46
Salut

voici nouveau rapport HJT lancer en "sans echec"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:27:12, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\HijackThis\testfix.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {6A7DCA88-77E6-4C2C-9209-C40985C2AB2D} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {ACFF2FC7-6C39-4697-804B-E571EEC98F7A} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B25EAFE6-E82B-4B9F-B5A1-9A44EBF445D2} - (no file)
O2 - BHO: (no name) - {F377E7C1-29D3-40A6-8E99-65E504ECF1BA} - (no file)
O2 - BHO: (no name) - {FE946F62-F12F-4488-AA5F-8B147EF6BC62} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [TurboBackup] C:\PROGRA~1\FILEST~1\TURBOB~1\tbksche.exe -s
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TBKNTService - Unknown owner - C:\PROGRA~1\FILEST~1\TURBOB~1\TBKNTService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 39 / 48
ludsfa Messages postés 1284 Date d'inscription dimanche 3 février 2008 Statut Membre Dernière intervention 15 janvier 2018 15
5 mai 2008 à 13:51
ok,

on continue,


Lancez Clean en option 2
= Clean va générer un rapport sur le C
envois le rapport.
0
Réponse 40 / 48
Yeuwhypot Messages postés 38 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 7 août 2008 1
5 mai 2008 à 13:58
Salut
je suis la
je passe en sans echec
0

Discussions similaires

TI college plus (calculatrice probleme)
help39 -
Whismeril -

3 réponses
logs freebox serveur
cocopops -
lemassykoi -

3 réponses
comment taper log10 sur une TI83plus.fr ?
FFFred -
FFFred -

2 réponses
Hijackthis pour Android mobile
Sartuplady -
le druide -

3 réponses
Analyse des logs hijackthis
philnoug -
nayas13 -

35 réponses