Virus Malware-gen nar.vbs
Fermé
kemo_juju
Messages postés
12
Date d'inscription
vendredi 1 février 2008
Statut
Membre
Dernière intervention
2 avril 2012
-
27 août 2008 à 19:02
kemo_juju Messages postés 12 Date d'inscription vendredi 1 février 2008 Statut Membre Dernière intervention 2 avril 2012 - 29 août 2008 à 19:12
kemo_juju Messages postés 12 Date d'inscription vendredi 1 février 2008 Statut Membre Dernière intervention 2 avril 2012 - 29 août 2008 à 19:12
A voir également:
- Virus Malware-gen nar.vbs
- Win32pup-gen ✓ - Forum Linux / Unix
- Malware anti malware - Télécharger - Antivirus & Antimalwares
- Evo-gen virus huawei - Forum Huawei
- Svchost.exe virus - Guide
- Roguekiller anti-malware - Télécharger - Antivirus & Antimalwares
12 réponses
Utilisateur anonyme
27 août 2008 à 19:03
27 août 2008 à 19:03
lu,
https://www.virustotal.com/gui/
analyse et poste le rapport.
https://www.virustotal.com/gui/
analyse et poste le rapport.
kemo_juju
Messages postés
12
Date d'inscription
vendredi 1 février 2008
Statut
Membre
Dernière intervention
2 avril 2012
1
27 août 2008 à 19:13
27 août 2008 à 19:13
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.21.0 2008.08.25 -
AntiVir 7.8.1.23 2008.08.25 VBS/RunAuto.Q
Authentium 5.1.0.4 2008.08.25 VBS/Autorun.S
Avast 4.8.1195.0 2008.08.24 VBS:Malware-gen
AVG 8.0.0.161 2008.08.24 VBS/Small
BitDefender 7.2 2008.08.25 Generic.ScriptWorm.51607B57
CAT-QuickHeal 9.50 2008.08.22 VBS/Autorun.CAJ
ClamAV 0.93.1 2008.08.25 Worm.VBS.Autorun.Nar
DrWeb 4.44.0.09170 2008.08.25 SCRIPT.Virus
eSafe 7.0.17.0 2008.08.24 -
eTrust-Vet 31.6.6044 2008.08.23 VBS/SillyAutorunScript.L
Ewido 4.0 2008.08.24 -
F-Prot 4.4.4.56 2008.08.25 VBS/Autorun.S
F-Secure 7.60.13501.0 2008.08.25 Type_Script
Fortinet 3.14.0.0 2008.08.25 -
GData 2.0.7306.1023 2008.08.20 VBS:Malware-gen
Ikarus T3.1.1.34.0 2008.08.25 Generic.ScriptWorm
K7AntiVirus 7.10.427 2008.08.23 -
Kaspersky 7.0.0.125 2008.08.25 Type_Script
McAfee 5368 2008.08.22 VBS/Autorun.worm.k
Microsoft 1.3807 2008.08.25 -
NOD32v2 3383 2008.08.24 VBS/AutoRun.S
Norman 5.80.02 2008.08.22 -
Panda 9.0.0.4 2008.08.25 -
PCTools 4.4.2.0 2008.08.24 -
Prevx1 V2 2008.08.25 -
Rising 20.59.00.00 2008.08.25 Unknown Script Virus
Sophos 4.32.0 2008.08.25 -
Sunbelt 3.1.1575.1 2008.08.23 -
Symantec 10 2008.08.25 VBS.Runauto
TheHacker 6.3.0.6.060 2008.08.23 -
TrendMicro 8.700.0.1004 2008.08.25 VBS_AUTORUN.CAJ
VBA32 3.12.8.4 2008.08.23 -
ViRobot 2008.8.22.1346 2008.08.22 -
VirusBuster 4.5.11.0 2008.08.24 -
Webwasher-Gateway 6.6.2 2008.08.25 Script.RunAuto.Q
Information additionnelle
Tamano archivo: 7474 bytes
MD5...: a45d0f681a149daa3b8e8b556b7462c6
SHA1..: cc024e6c8697d7665829aa50e58c8868aa617aa6
SHA256: 7d295a3d95d1bad9498f2ef412abf66ab5015937d37c254df31f7e9d92533ecb
SHA512: fc7f402fff02adbb042a662cb3ae2e939e8b77a70bb9de52bd102c4dd06797a0
b403c293394f1fa1683499f6121c1e68c30c0e0b10486c0d302baebc941b29dd
PEiD..: -
PEInfo: -
packers (F-Prot): Unicode
packers (Authentium): Unicode
AhnLab-V3 2008.8.21.0 2008.08.25 -
AntiVir 7.8.1.23 2008.08.25 VBS/RunAuto.Q
Authentium 5.1.0.4 2008.08.25 VBS/Autorun.S
Avast 4.8.1195.0 2008.08.24 VBS:Malware-gen
AVG 8.0.0.161 2008.08.24 VBS/Small
BitDefender 7.2 2008.08.25 Generic.ScriptWorm.51607B57
CAT-QuickHeal 9.50 2008.08.22 VBS/Autorun.CAJ
ClamAV 0.93.1 2008.08.25 Worm.VBS.Autorun.Nar
DrWeb 4.44.0.09170 2008.08.25 SCRIPT.Virus
eSafe 7.0.17.0 2008.08.24 -
eTrust-Vet 31.6.6044 2008.08.23 VBS/SillyAutorunScript.L
Ewido 4.0 2008.08.24 -
F-Prot 4.4.4.56 2008.08.25 VBS/Autorun.S
F-Secure 7.60.13501.0 2008.08.25 Type_Script
Fortinet 3.14.0.0 2008.08.25 -
GData 2.0.7306.1023 2008.08.20 VBS:Malware-gen
Ikarus T3.1.1.34.0 2008.08.25 Generic.ScriptWorm
K7AntiVirus 7.10.427 2008.08.23 -
Kaspersky 7.0.0.125 2008.08.25 Type_Script
McAfee 5368 2008.08.22 VBS/Autorun.worm.k
Microsoft 1.3807 2008.08.25 -
NOD32v2 3383 2008.08.24 VBS/AutoRun.S
Norman 5.80.02 2008.08.22 -
Panda 9.0.0.4 2008.08.25 -
PCTools 4.4.2.0 2008.08.24 -
Prevx1 V2 2008.08.25 -
Rising 20.59.00.00 2008.08.25 Unknown Script Virus
Sophos 4.32.0 2008.08.25 -
Sunbelt 3.1.1575.1 2008.08.23 -
Symantec 10 2008.08.25 VBS.Runauto
TheHacker 6.3.0.6.060 2008.08.23 -
TrendMicro 8.700.0.1004 2008.08.25 VBS_AUTORUN.CAJ
VBA32 3.12.8.4 2008.08.23 -
ViRobot 2008.8.22.1346 2008.08.22 -
VirusBuster 4.5.11.0 2008.08.24 -
Webwasher-Gateway 6.6.2 2008.08.25 Script.RunAuto.Q
Information additionnelle
Tamano archivo: 7474 bytes
MD5...: a45d0f681a149daa3b8e8b556b7462c6
SHA1..: cc024e6c8697d7665829aa50e58c8868aa617aa6
SHA256: 7d295a3d95d1bad9498f2ef412abf66ab5015937d37c254df31f7e9d92533ecb
SHA512: fc7f402fff02adbb042a662cb3ae2e939e8b77a70bb9de52bd102c4dd06797a0
b403c293394f1fa1683499f6121c1e68c30c0e0b10486c0d302baebc941b29dd
PEiD..: -
PEInfo: -
packers (F-Prot): Unicode
packers (Authentium): Unicode
Utilisateur anonyme
27 août 2008 à 19:15
27 août 2008 à 19:15
1/
Télécharger CCleaner (sans installer la barre de Yahoo ) :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
lance le, dans nettoyeur clique sur lancer le nettoyage puis dans Registre fait chercher et répare les erreurs autant de fois qu'il y en n'a.
2/
On enlève le plus gros :
branches toutes tes clés usb, mp3, disque dur externes...(la ou l'infection à pu ce propager) et en els retire pas avant la fin du scan !!
fait un scan en ligne avec internet explore, si tu as firefox fait:
démarrer -> executer -> tape : iexplore (puis valide)
(coche toutes les cases à chaque fois) :
https://www.eset.com/
à la fin colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt
si ta besoin d'aide tu as un tutoriel ici : http://bibou0007.com/tutos-et-lexique-f45/tutorial-nod32-online-scanner-t128.htm
3/
Ensuite une fois fini fait un rapport hijackthis :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
tu le télécharges, tu le lances et tu cliquera sur le premier bouton en haut "Do a system scan and save a logfile"
tu colleras le fichier texte ici ;).
Télécharger CCleaner (sans installer la barre de Yahoo ) :
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
lance le, dans nettoyeur clique sur lancer le nettoyage puis dans Registre fait chercher et répare les erreurs autant de fois qu'il y en n'a.
2/
On enlève le plus gros :
branches toutes tes clés usb, mp3, disque dur externes...(la ou l'infection à pu ce propager) et en els retire pas avant la fin du scan !!
fait un scan en ligne avec internet explore, si tu as firefox fait:
démarrer -> executer -> tape : iexplore (puis valide)
(coche toutes les cases à chaque fois) :
https://www.eset.com/
à la fin colle le rapport : C:\Program Files\EsetOnlineScanner\log.txt
si ta besoin d'aide tu as un tutoriel ici : http://bibou0007.com/tutos-et-lexique-f45/tutorial-nod32-online-scanner-t128.htm
3/
Ensuite une fois fini fait un rapport hijackthis :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
tu le télécharges, tu le lances et tu cliquera sur le premier bouton en haut "Do a system scan and save a logfile"
tu colleras le fichier texte ici ;).
kemo_juju
Messages postés
12
Date d'inscription
vendredi 1 février 2008
Statut
Membre
Dernière intervention
2 avril 2012
1
27 août 2008 à 21:38
27 août 2008 à 21:38
voila le log.txt de eset :
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3393 (20080827)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=c541b62dd580b24ebbcced7d5285e9fb
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-27 07:22:32
# local_time=2008-08-27 09:22:32 (+0100, Paris, Madrid)
# country="Belgium"
# osver=5.1.2600 NT Service Pack 2
# scanned=507803
# found=25
# scan_time=5446
D:\nar.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
H:\nar.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
H:\Disk\heaj 07 - 08\TFA Fresh (chateau Crupet)\nar.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\nar.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\nar.Vvbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\nar.V00vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\nar.V01vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP116\A0038833.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP117\A0038893.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP118\A0038977.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP119\A0039198.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP119\A0039229.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP119\A0039258.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP120\A0039321.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP120\A0039332.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP121\A0039533.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP121\A0039549.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP122\A0039590.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP123\A0039676.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP123\A0040667.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP123\A0040683.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP124\A0040774.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP164\A0055405.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP192\A0067350.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP194\A0067445.VBS VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
et le HijackThis.log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:22, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\KCRBPBF9\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apache2.2 - Unknown owner - D:\xampplite\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3393 (20080827)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=c541b62dd580b24ebbcced7d5285e9fb
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-08-27 07:22:32
# local_time=2008-08-27 09:22:32 (+0100, Paris, Madrid)
# country="Belgium"
# osver=5.1.2600 NT Service Pack 2
# scanned=507803
# found=25
# scan_time=5446
D:\nar.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
H:\nar.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
H:\Disk\heaj 07 - 08\TFA Fresh (chateau Crupet)\nar.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\nar.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\nar.Vvbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\nar.V00vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\nar.V01vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP116\A0038833.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP117\A0038893.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP118\A0038977.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP119\A0039198.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP119\A0039229.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP119\A0039258.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP120\A0039321.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP120\A0039332.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP121\A0039533.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP121\A0039549.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP122\A0039590.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP123\A0039676.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP123\A0040667.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP123\A0040683.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP124\A0040774.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP164\A0055405.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP192\A0067350.vbs VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
I:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP194\A0067445.VBS VBS/AutoRun.S worm (unable to clean - deleted) 00000000000000000000000000000000
et le HijackThis.log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:22, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Julie\Local Settings\Temporary Internet Files\Content.IE5\KCRBPBF9\HiJackThis[1].exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apache2.2 - Unknown owner - D:\xampplite\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
27 août 2008 à 21:49
27 août 2008 à 21:49
bonjour à vous deux, perso je ne prendrais aucune désision consernant l'interprétation de ton hijackthis car il est installé dans un dossier temporaire et si nous faisons des manipes ou fixes tu n'aurras pas de sauvegarde en cas de problème donc perso je te conseillerais de le désinstaller et de réinstaller convenablement et de refaire un rapport. Merci , suis cette procédure pour l'installation
télécharge Hijackthis : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
.cliques sur download
.cliques sur download Hijackthis installer
.enregistres le sur le bureau
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.installes le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
.Cliques sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
si besion d'aide :https://www.androidworld.fr/
télécharge Hijackthis : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
.cliques sur download
.cliques sur download Hijackthis installer
.enregistres le sur le bureau
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.installes le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
.Cliques sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
si besion d'aide :https://www.androidworld.fr/
kemo_juju
Messages postés
12
Date d'inscription
vendredi 1 février 2008
Statut
Membre
Dernière intervention
2 avril 2012
1
28 août 2008 à 11:24
28 août 2008 à 11:24
Voila voila le nouveau HijackThis (installé dans C:\... ) (merci bcp pour les coups de mains hein... perso, j'ai essayé de comprendre ce que ces .txt racontent... mais je n'ai absolument rien compris... :s)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:24, on 28/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apache2.2 - Unknown owner - D:\xampplite\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:24, on 28/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/MyFunCardsFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - https://www.eset.com/
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
O17 - HKLM\System\CS2\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apache2.2 - Unknown owner - D:\xampplite\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - D:\xampplite\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
Utilisateur anonyme
28 août 2008 à 16:29
28 août 2008 à 16:29
re,
fix :
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
ATTENTION :
tu as ces lignes :
O17 - HKLM\System\CCS\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
3 fois, je te dirais de les fixer puisque IP m'est louche, cependant les enlever couperai ta connection internet ! (tu devrai réinstaller/configurer) donc je demande l'avis a qqn de plus avancée pour éviter toutes "bétise de ma part"
Pourquoi je dit louche ? un traceroute de cette IP passe par : te-3-4.car1.dallas1.level3.net
Et un lookup de ceci donne :
IP address: 8.9.232.73
Host name: te-3-4.car1.dallas1.level3.net
8.9.232.73 is from United States(US) in region North America
Je doute que tu sois américain? si oui c'est bon, sinon ben je trouve ca louche...
Moi je te conseillerai de fixer ces ligne et de reconfigurer ta connection.
----------------
Ensuite, tu as avast.
Je te conseil de changer pour antivir (gratuit) :
https://www.malekal.com/avira-free-security-antivirus-gratuit/
Ou Nod32 (payant), qui est très bien, et 30 jous d'éssai ici :
https://www.eset.com/
Voila :)
fix :
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/
ATTENTION :
tu as ces lignes :
O17 - HKLM\System\CCS\Services\Tcpip\..\{181201F0-1388-4FE8-A8B3-98143CDE7CE8}: NameServer = 172.17.1.254,172.17.1.253
3 fois, je te dirais de les fixer puisque IP m'est louche, cependant les enlever couperai ta connection internet ! (tu devrai réinstaller/configurer) donc je demande l'avis a qqn de plus avancée pour éviter toutes "bétise de ma part"
Pourquoi je dit louche ? un traceroute de cette IP passe par : te-3-4.car1.dallas1.level3.net
Et un lookup de ceci donne :
IP address: 8.9.232.73
Host name: te-3-4.car1.dallas1.level3.net
8.9.232.73 is from United States(US) in region North America
Je doute que tu sois américain? si oui c'est bon, sinon ben je trouve ca louche...
Moi je te conseillerai de fixer ces ligne et de reconfigurer ta connection.
----------------
Ensuite, tu as avast.
Je te conseil de changer pour antivir (gratuit) :
https://www.malekal.com/avira-free-security-antivirus-gratuit/
Ou Nod32 (payant), qui est très bien, et 30 jous d'éssai ici :
https://www.eset.com/
Voila :)
kemo_juju
Messages postés
12
Date d'inscription
vendredi 1 février 2008
Statut
Membre
Dernière intervention
2 avril 2012
1
28 août 2008 à 17:30
28 août 2008 à 17:30
heu... c'est quoi fixer? (recopier ces lignes la dans le point log? a la place de qqe chose?ou à la fin?)
et non, au dernière nouvelle, je suis belge, et j'ai un fournisseur internet belge ;-)
et j'avais nod32 jusqu'au mois dernier, j'ai installé avast sous les conseils d'un informaticien. je dois le retirer et changer? pourquoi? il n'est pas bien?
(je sais, je pose beaucoup de question, mais j'aime bien comprendre ce que je fais...)
et non, au dernière nouvelle, je suis belge, et j'ai un fournisseur internet belge ;-)
et j'avais nod32 jusqu'au mois dernier, j'ai installé avast sous les conseils d'un informaticien. je dois le retirer et changer? pourquoi? il n'est pas bien?
(je sais, je pose beaucoup de question, mais j'aime bien comprendre ce que je fais...)
Utilisateur anonyme
28 août 2008 à 17:38
28 août 2008 à 17:38
Alors commence par le plus simple...
ton informaticien connait rien...il auarait di antivir, bitdefender ou kaspersky ok...mais avast ...c'est pour qu'il reviennent chez toi.
Nod32 est très bien tu n'aurait pas du changer...
Fixer c'est quoi ? quand tu as generer le rapport ta un fichier texte (que tu peux fermer une fois que tu l'avais collé)
et ta le programme où ta ausssi les lignes, la tu les coches (ta un petitr carré devant) celle que je t'ai cité et ensuite tu clique sur :
"fix checked", il te demandera peu etre de fermer internet explorer ou de redemarrer, accepte.
ton informaticien connait rien...il auarait di antivir, bitdefender ou kaspersky ok...mais avast ...c'est pour qu'il reviennent chez toi.
Nod32 est très bien tu n'aurait pas du changer...
Fixer c'est quoi ? quand tu as generer le rapport ta un fichier texte (que tu peux fermer une fois que tu l'avais collé)
et ta le programme où ta ausssi les lignes, la tu les coches (ta un petitr carré devant) celle que je t'ai cité et ensuite tu clique sur :
"fix checked", il te demandera peu etre de fermer internet explorer ou de redemarrer, accepte.
kemo_juju
Messages postés
12
Date d'inscription
vendredi 1 février 2008
Statut
Membre
Dernière intervention
2 avril 2012
1
28 août 2008 à 18:17
28 août 2008 à 18:17
voila, j'ai fixé toutes les lignes... sauf celle de l'adresse IP (si vous n'êtes pas sûr, je préfère attendre une deuxième avis... ;-) )
et je viens de changer avast pour antivir (j'avais retiré nod32, pcq ma version d'évaluation était terminée...)
maintenant, je dois faire autre chose? je dois refaire une analyse pour vérifier que tout est bien partit?
et je viens de changer avast pour antivir (j'avais retiré nod32, pcq ma version d'évaluation était terminée...)
maintenant, je dois faire autre chose? je dois refaire une analyse pour vérifier que tout est bien partit?
kemo_juju
Messages postés
12
Date d'inscription
vendredi 1 février 2008
Statut
Membre
Dernière intervention
2 avril 2012
1
29 août 2008 à 19:12
29 août 2008 à 19:12
voila l'analyse avec antivir :
Avira AntiVir Personal
Report file date: vendredi 29 août 2008 12:11
Scanning for 1581048 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: JULIE-44049AC7A
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 16:08:10
ANTIVIR3.VDF : 7.0.6.88 171520 Bytes 28/08/2008 16:08:11
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 28/08/2008 16:08:17
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 28/08/2008 16:08:16
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 28/08/2008 16:08:15
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 28/08/2008 16:08:12
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 28/08/2008 16:08:11
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, H:, I:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 29 août 2008 12:11
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Data>
Begin scan in 'H:\' <OneTouch4 Mini>
H:\Disk\Programme\Autres\Suite Adobe\BS\Activation.rar
[0] Archive type: RAR
--> Activation\MasterCollectionCS3KEYGEN+ACTIVATION.EXE
[DETECTION] Is the TR/Agent.55481 Trojan
[NOTE] The file was moved to '492bef58.qua'!
H:\Disk\Programme\UT(...)\3DS Max8\max_Keygen\max8keygen.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/BCBM back-door program
[NOTE] The file was moved to '492ff3f1.qua'!
H:\Disk\Programme\UT(...)\Mudbox\Crack\XF-Mudbox-KG.exe
[DETECTION] Is the TR/Packed.8772 Trojan
[NOTE] The file was deleted!
H:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP90\A0015123.vbs
[DETECTION] Contains recognition pattern of the VBS/RunAuto.Q VBS script virus
[NOTE] The file was deleted!
H:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP90\A0015127.vbs
[DETECTION] Contains recognition pattern of the VBS/RunAuto.Q VBS script virus
[NOTE] The file was moved to '48e7f41c.qua'!
H:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP90\A0015194.vbs
[DETECTION] Contains recognition pattern of the VBS/RunAuto.Q VBS script virus
[NOTE] The file was moved to '48e7f43a.qua'!
H:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP90\A0015197.vbs
[DETECTION] Contains recognition pattern of the VBS/RunAuto.Q VBS script virus
[NOTE] The file was moved to '48e7f443.qua'!
H:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP195\A0068569.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/BCBM back-door program
[NOTE] The file was moved to '48e7f4a2.qua'!
H:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP195\A0068570.exe
[DETECTION] Is the TR/Packed.8772 Trojan
[NOTE] The file was moved to '48e7f4a3.qua'!
Begin scan in 'I:\' <DISK EXT JU>
End of the scan: vendredi 29 août 2008 15:12
Used time: 3:01:38 Hour(s)
The scan has been done completely.
10326 Scanning directories
533005 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
532994 Files not concerned
3255 Archives were scanned
2 Warnings
9 Notes
Avira AntiVir Personal
Report file date: vendredi 29 août 2008 12:11
Scanning for 1581048 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: JULIE-44049AC7A
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 16:08:10
ANTIVIR3.VDF : 7.0.6.88 171520 Bytes 28/08/2008 16:08:11
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 28/08/2008 16:08:17
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 28/08/2008 16:08:16
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 28/08/2008 16:08:15
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 28/08/2008 16:08:12
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 28/08/2008 16:08:11
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, H:, I:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 29 août 2008 12:11
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
33 processes with 33 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Data>
Begin scan in 'H:\' <OneTouch4 Mini>
H:\Disk\Programme\Autres\Suite Adobe\BS\Activation.rar
[0] Archive type: RAR
--> Activation\MasterCollectionCS3KEYGEN+ACTIVATION.EXE
[DETECTION] Is the TR/Agent.55481 Trojan
[NOTE] The file was moved to '492bef58.qua'!
H:\Disk\Programme\UT(...)\3DS Max8\max_Keygen\max8keygen.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/BCBM back-door program
[NOTE] The file was moved to '492ff3f1.qua'!
H:\Disk\Programme\UT(...)\Mudbox\Crack\XF-Mudbox-KG.exe
[DETECTION] Is the TR/Packed.8772 Trojan
[NOTE] The file was deleted!
H:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP90\A0015123.vbs
[DETECTION] Contains recognition pattern of the VBS/RunAuto.Q VBS script virus
[NOTE] The file was deleted!
H:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP90\A0015127.vbs
[DETECTION] Contains recognition pattern of the VBS/RunAuto.Q VBS script virus
[NOTE] The file was moved to '48e7f41c.qua'!
H:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP90\A0015194.vbs
[DETECTION] Contains recognition pattern of the VBS/RunAuto.Q VBS script virus
[NOTE] The file was moved to '48e7f43a.qua'!
H:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP90\A0015197.vbs
[DETECTION] Contains recognition pattern of the VBS/RunAuto.Q VBS script virus
[NOTE] The file was moved to '48e7f443.qua'!
H:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP195\A0068569.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/BCBM back-door program
[NOTE] The file was moved to '48e7f4a2.qua'!
H:\System Volume Information\_restore{B1163C2D-DC1D-49D9-84FD-665EED608556}\RP195\A0068570.exe
[DETECTION] Is the TR/Packed.8772 Trojan
[NOTE] The file was moved to '48e7f4a3.qua'!
Begin scan in 'I:\' <DISK EXT JU>
End of the scan: vendredi 29 août 2008 15:12
Used time: 3:01:38 Hour(s)
The scan has been done completely.
10326 Scanning directories
533005 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
532994 Files not concerned
3255 Archives were scanned
2 Warnings
9 Notes
