Ordinateur infesté par brontok-ce [Résolu]

Jul. - Dernière réponse le 3 sept. 2008 à 08:14

Bonjour,
J'ai un PC infesté par le virus ver brontok-ce, ce pc est en réseau avec serveur sans connexion Internet, j'ai voulu ouvrir un dossier présent sur une clé usb, et c'était en faite un exe. ce qui a fait redémarrer le PC. J'ai tout de suite débrancher le cable réseau. puis analyse avec avast au redémarrage il a trouvé des fichiers windows infectés et ne veux pas les réparer, que doit-je faire ?
C'est un XP sans parefeu ni antivirus récent (pas de connexion internet)
Merci d'avance

Ordinateur infesté par brontok-ce »

Suggestions

Ordinateur infesté par brontok-ce
Virus - Que faire quand on est infecté ? » Fiches pratiques
PC infecté par des rogues » Fiches pratiques
Ordi infesté : Your privacy is in danger (Résolu) » Forum
Ordinateur infesté (Résolu) » Forum
Ordi infesté/message error/une vrai tortue (Résolu) » Forum

Plus

Réponse

jlpjlp 50302Messages postés 18 mai 2007Date d'inscription 1 juin 2012Dernière intervention 1 sept. 2008 à 17:03

slt,

il va falloir que tu mette les logiciels sur une clé puis scanner ton ordi: telecharge tous les logiciels sur ta clé

1/ # Télécharge RavAntivirus d'Evosla :
http://www.evosla.com/compteur.php?soft=rav_antivirus

# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!

2/
Télécharge CleanX-II de sUBs (merci mOe) ici :

http://download.bleepingcomputer.com/sUBs/CleanX-II.exe

Déconnecte tes accès internet. Coupe tous les accès physiques (débranchement du modem, ...).
Ferme toutes les applications.
Désactive puis réactive ta restauration système.
Clic droit sur CleanX-II.exe et "exécuter en mode administrateur" pour démarrer la réparation (UAC désactivée).
Clique OK lorsque tu reçois un message d'avertissement.
A la fin du scan (qui peut prendre plusieurs minutes, patiente le temps qu'il finisse), il va produire un message d'erreur (parce que l'outil ne prend pas en compte la copie pour un Windows français). Pour contourner cette erreur, fais ceci :
Démarrer, exécuter et tape %temp%\report.txt . Le bloc-note va ouvrir le rapport.

Si ce rapport montre qu'il reste encore des fichiers infectés (en fin de rapport après "POST RUN ANALYSIS"), relance l'outil une nouvelle fois.
Ouvre à nouveau le rapport avec la méthode ci-dessus et copie le dans ta réponse. S'il reste encore des fichiers infectés, inutile de relancer encore l'outil. Il faut examiner le rapport.

3/ installe l'antivirus gratuit

http://www.malekal.com/tutorial_antivir.php

4/
colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Ajouter un commentaire

Réponse

Jul. 1 sept. 2008 à 17:49

Merci je fais les manips et te tiens au courant

Ajouter un commentaire

Réponse

Jul. 2 sept. 2008 à 08:47

Bonjour, alors voilà les résultats :

=> RavAntivirus, le pc et les clés sont sains
=> CleanX-II, je l'ai lancé dans ma cession par défaut (Sur mon nom de domaine où je suis admin) est-ce que ça a une incidence?
voilà le rapport :
#######################################################################

Brontok Worm Removal Tool - (Version - 06.09.17B)
by sUBs

#######################################################################

Current date: 02/09/08 Current time: 8:13:51,75

=== PRE RUN ANALYSIS ===================================

C:\WINDOWS\system32\Julien's Setting.scr

......................................

C:\Documents and Settings\Julien\Local Settings\Application Data\Bron.tok-17-1

...............

C:\Documents and Settings\Julien\Local Settings\Application Data\Bron.tok-17-1
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\adaniel1@eesus.jnj.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\adelton@fi.muni.cz.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\agl@bitbike.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\allan@lodestone.co.za.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\anders@johannsen.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\andrei@ispi.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\bar@izhcom.ru.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\bernard@bmpsystems.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\bmansion@mamasam.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\carsten.pedersen@bitbybit.dk.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\ch.longueval@cra-mp.org.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\ch.montgobert@cra-mp.org.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\ch.motgobert@cra-mp.org.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\chregu@nomad.ch.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\chregu@phant.ch.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\chuck@horde.org.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\colin@easydns.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\danone@aruba.it.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\david@infotrek.co.uk.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\dmun@4t2.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\eric@themepark.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\eric@urbanrage.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\erkac@vault-tec.sk.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\feherp@mail.matav.hu.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\francois.lameche@wanadoo.fr.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\frank@frontbase.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\gurima@owari.ne.jp.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\j.llibre@codetel.net.do.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\jean@bureau.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\jef@acme.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\jeremy@nirvani.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\jon@csh.rit.edu.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\jotel@itnet.com.pl.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\knudriis@post.tele.dk.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\kopp@netzarbeiter.de.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\manon@passionet.de.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\marie@maison.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\martinsc@uol.com.br.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\metallic@noworlater.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\mligor@zimco.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\mnot@pobox.com.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\monte@ispi.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\mpg4@duluoz.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\petko@unitra.sk.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\richard.heyes@heyes-computing.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\richard@phpguru.org.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\sascha@schumann.cx.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\sb@sebastian-bergmann.de.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\siusun@best-view.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\snajdr@cpress.cz.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\snajdr@pvt.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\ssb@fast.no.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\tdavid@ptt.yu.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\tobias@dnet.it.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\translate@bat.ru.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\tuupola@appelsiini.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\tzoompy@cs.washington.edu.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\ulf.wendel@phpdoc.de.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\urs@circle.ch.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\uw@netuse.de.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\VBS.Quocus@mm.int.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\vincent@blavet.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\visa@visakopu.net.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\W32.Babybear@mm.int.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Loc.Mail.Bron.Tok\yen789@pchome.com.tw.ini
C:\Documents and Settings\Julien\Local Settings\Application Data\Ok-SendMail-Bron-tok

=== POST RUN ANALYSIS ==================================

NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
8:15:58,04

======================================================

=> Antivir, je l'ai installé mais pas mis à jour car pas de connexions internet sur le poste

voilà le rapport :

Avira AntiVir Personal
Report file date: mardi 2 septembre 2008 08:26

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Julien
Computer name: XP_JULIEN

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/08 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/08 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/08 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/08 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/08 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/07 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/08 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/08 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/08 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/08 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/08 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/08 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/08 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/08 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/08 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/08 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/08 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/08 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/08 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/08 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/08 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/08 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/08 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/08 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/08 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/08 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/08 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/08 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/08 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/08 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/08 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/08 13:34:37

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 2 septembre 2008 08:26

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'CursorXP.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'HPTLBXFX.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'EEventManager.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'Directcd.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'StatusClient.exe' - '1' Module(s) have been scanned
Scan process 'UpdaterUI.exe' - '1' Module(s) have been scanned
Scan process 'shstat.exe' - '1' Module(s) have been scanned
Scan process 'DrvLsnr.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'naPrdMgr.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'VsTskMgr.exe' - '1' Module(s) have been scanned
Scan process 'Mcshield.exe' - '1' Module(s) have been scanned
Scan process 'FrameworkService.exe' - '1' Module(s) have been scanned
Scan process 'MantaManager.exe' - '1' Module(s) have been scanned
Scan process 'Manta.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '62' files ).

Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'

End of the scan: mardi 2 septembre 2008 08:29
Used time: 03:15 Minute(s)

The scan has been done completely.

203 Scanning directories
7958 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
7958 Files not concerned
90 Archives were scanned
0 Warnings
0 Notes

=>hijackThis
j'ai télécharger directement l'exe et non le zip, est-ce que ça a une incidence, il est installé dans prog files/TrendMicro, et il est renommé

voilà le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:38:41, on 02/09/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Serveur HF\Manta.exe
C:\Serveur HF\MantaManager.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-1761] "C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\Software\..\Telephony: DomainName = DomW3Sicagieb.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Hyper File Server : Xp_Julien - PC SOFT - C:\Serveur HF\Manta.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MantaManager - PC SOFT - C:\Serveur HF\MantaManager.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Ajouter un commentaire

Réponse

jlpjlp 50302Messages postés 18 mai 2007Date d'inscription 1 juin 2012Dernière intervention 2 sept. 2008 à 09:23

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur http://up.sur-la-toile.com/sadW
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

____________________
vire ce qui est dans moved files en allant dans poste de travail puis C puis otmovit

____________________

recolles un rapport clean 2 et hijackhtis et dis si encore des soucis

Ajouter un commentaire

Réponse

Jul. 2 sept. 2008 à 10:13

OtMoveIT ne l'a pas retrouvé (entre temps, antivir tournait est-ce qu'il a pu le trouvé) du coup je te poste le résultat d'antivir aussi

=> OTMOVEIT
File/Folder C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe not found.

=>Antivir

Avira AntiVir Personal
Report file date: mardi 2 septembre 2008 08:58

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Julien
Computer name: XP_JULIEN

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/08 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/08 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/08 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/08 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/08 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/07 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/08 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/08 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/08 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/08 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/08 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/08 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/08 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/08 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/08 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/08 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/08 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/08 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/08 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/08 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/08 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/08 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/08 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/08 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/08 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/08 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/08 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/08 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/08 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/08 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/08 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/08 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 2 septembre 2008 08:58

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'eden.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'CursorXP.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'HPTLBXFX.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'EEventManager.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'Directcd.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'StatusClient.exe' - '1' Module(s) have been scanned
Scan process 'UpdaterUI.exe' - '1' Module(s) have been scanned
Scan process 'shstat.exe' - '1' Module(s) have been scanned
Scan process 'DrvLsnr.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'naPrdMgr.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'VsTskMgr.exe' - '1' Module(s) have been scanned
Scan process 'Mcshield.exe' - '1' Module(s) have been scanned
Scan process 'FrameworkService.exe' - '1' Module(s) have been scanned
Scan process 'MantaManager.exe' - '1' Module(s) have been scanned
Scan process 'Manta.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '62' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Julien\Local Settings\Temp\bt2870.bat
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK lib.
[WARNING] Error in ARK lib
[NOTE] The file is scheduled for deleting after reboot.

End of the scan: mardi 2 septembre 2008 09:55
Used time: 56:14 Minute(s)

The scan has been canceled!

4263 Scanning directories
355541 Files were scanned
0 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
355538 Files not concerned
7546 Archives were scanned
3 Warnings
1 Notes

=> Cleanx2

#######################################################################

Brontok Worm Removal Tool - (Version - 06.09.17B)
by sUBs

#######################################################################

Current date: 02/09/08 Current time: 10:04:28,06

=== PRE RUN ANALYSIS ===================================

=== POST RUN ANALYSIS ==================================

NOTE
The post-run analysis portion should be empty. If it's not, reboot and run the tool a second time.
10:06:49,53

======================================================

=>HitjackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:09:02, on 02/09/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Serveur HF\Manta.exe
C:\Serveur HF\MantaManager.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [Tok-Cirrhatus-1761] "C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\Software\..\Telephony: DomainName = DomW3Sicagieb.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Hyper File Server : Xp_Julien - PC SOFT - C:\Serveur HF\Manta.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MantaManager - PC SOFT - C:\Serveur HF\MantaManager.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Ajouter un commentaire

Réponse

jlpjlp 50302Messages postés 18 mai 2007Date d'inscription 1 juin 2012Dernière intervention 2 sept. 2008 à 10:32

relance hijackhtis : fais do a system scan only et fix ces lignes (fix cheked)

O4 - HKCU\..\Run: [Tok-Cirrhatus-1761] "C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe"

_______________

télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur http://up.sur-la-toile.com/sadW
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe
C:\Documents and Settings\Julien\Local Settings\Temp\bt2870.bat

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

____________________
vire ce qui est dans moved files en allant dans poste de travail puis C puis otmovit

____________________

encore des problèmes???

Ajouter un commentaire

Réponse

Jul. 2 sept. 2008 à 12:52

Alors voici les résultats !!!
otmoveit ne les a paas trouvé, c'est normal ???
rapport :
File/Folder C:\Documents and Settings\Julien\Local Settings\Application Data\br4545on.exe not found.
File/Folder C:\Documents and Settings\Julien\Local Settings\Temp\bt2870.bat not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09022008_124915

j'ai fait la manip avec hitjackthis
et voici un nouveau rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:26, on 02/09/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Serveur HF\Manta.exe
C:\Serveur HF\MantaManager.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\Software\..\Telephony: DomainName = DomW3Sicagieb.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Hyper File Server : Xp_Julien - PC SOFT - C:\Serveur HF\Manta.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MantaManager - PC SOFT - C:\Serveur HF\MantaManager.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Ajouter un commentaire

Réponse

jlpjlp 50302Messages postés 18 mai 2007Date d'inscription 1 juin 2012Dernière intervention 2 sept. 2008 à 13:35

je pense que c'est bon
reverifie avec antivir , si rien c'est bon

Ajouter un commentaire

Réponse

Jul. 2 sept. 2008 à 15:30

Bon je viens de faire un dernier scan, rien de spécial sauf 2 warnings, je te poste le rapport :

Avira AntiVir Personal
Report file date: mardi 2 septembre 2008 13:51

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: Julien
Computer name: XP_JULIEN

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/08 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/08 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/08 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/08 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/08 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/07 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/08 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/08 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/08 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/08 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/08 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/08 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/08 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/08 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/08 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/08 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/08 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/08 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/08 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/08 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/08 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/08 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/08 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/08 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/08 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/08 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/08 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/08 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/08 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/08 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/08 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/08 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 2 septembre 2008 13:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'javaw.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'CursorXP.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'HPTLBXFX.exe' - '1' Module(s) have been scanned
Scan process 'EEventManager.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned
Scan process 'Directcd.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'StatusClient.exe' - '1' Module(s) have been scanned
Scan process 'UpdaterUI.exe' - '1' Module(s) have been scanned
Scan process 'shstat.exe' - '1' Module(s) have been scanned
Scan process 'DrvLsnr.exe' - '1' Module(s) have been scanned
Scan process 'SMTray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'naPrdMgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'VsTskMgr.exe' - '1' Module(s) have been scanned
Scan process 'Mcshield.exe' - '1' Module(s) have been scanned
Scan process 'FrameworkService.exe' - '1' Module(s) have been scanned
Scan process 'MantaManager.exe' - '1' Module(s) have been scanned
Scan process 'Manta.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '62' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!

End of the scan: mardi 2 septembre 2008 15:15
Used time: 1:24:54 Hour(s)

The scan has been done completely.

7397 Scanning directories
556007 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
556005 Files not concerned
8708 Archives were scanned
2 Warnings
0 Notes

et un rapport hitjackThis pour la forme !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:30:11, on 02/09/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Serveur HF\Manta.exe
C:\Serveur HF\MantaManager.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\WinDev 12\Programmes\WinDev12.exe
C:\Program Files\Trend Micro\HijackThis\eden.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/040C/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/040C/bl7.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /systrayIcon:on /fl:on /fr:on /appData:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\Software\..\Telephony: DomainName = DomW3Sicagieb.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = DomW3Sicagieb.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{208C7A33-4948-4E90-800D-EB646ABC2AB5}: NameServer = 192.168.223.194
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Hyper File Server : Xp_Julien - PC SOFT - C:\Serveur HF\Manta.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MantaManager - PC SOFT - C:\Serveur HF\MantaManager.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Ajouter un commentaire

Réponse

jlpjlp 50302Messages postés 18 mai 2007Date d'inscription 1 juin 2012Dernière intervention 2 sept. 2008 à 15:39

ok c'est bon

par contre si tu as macafee et antivir n'en garde qu'un

bonne suite

Ajouter un commentaire

Réponse

Jul. 2 sept. 2008 à 15:56

OK, Macaffee était une vielle version de démo, je pensais qu'elle était désinstallée, je vais rêgler ça

en tout cas merci de ton aide,

ps : est-ce qu'il y a une solution pour tenir la base virale à jour pour un pc non connecté au net (copie de la base d'un pc connecté par ex)

Ajouter un commentaire

Réponse

jlpjlp 50302Messages postés 18 mai 2007Date d'inscription 1 juin 2012Dernière intervention 2 sept. 2008 à 16:22

il suffit que tu télécharge antivir regulierement et le transefere sur une clé et que tu le remplace

pour telecharger:
http://www.free-av.com/en/download/index.html

ou alors en gratuit mais moins efficace: CLAMWIN
http://fr.clamwin.com/

Ajouter un commentaire

Réponse

Jul. 2 sept. 2008 à 17:10

OK, merci des conseils

et bonne fin de journée

Ajouter un commentaire

Réponse

Jul. 3 sept. 2008 à 08:14

Résolu !!!

Ajouter un commentaire

Répondre au sujet

Posez votre question

Dossier à la une

Passage au tout numérique : quel coût pour les particuliers ?

Passage au tout numérique : quel coût pour les particuliers ?

Combien cela coûte-t-il au total ? Quelles aides apportent l'état et les acteurs du marché pour alléger cette charge non choisie ? Tous les détails sur Commentçamarche.net.

Ordinateur infesté par brontok-ce [Résolu]

Ordinateur infesté par brontok-ce »

Passage au tout numérique : quel coût pour les particuliers ?