Aller au contenu

Lina

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    102

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Lina

  1. Lina
    J'ai refait un scan aujourd'hui: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, October 12, 2007 2:00:43 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 12/10/2007 Kaspersky Anti-Virus database records: 431376 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 104221 Number of viruses found: 1 Number of infected objects: 2 Number of suspicious objects: 0 Duration of the scan process: 01:34:53 Infected Object Name / Virus Name / Last Action C:\ab59109c80694295757306de\admparse.dll Object is locked skipped C:\ab59109c80694295757306de\admparse.dll.mui Object is locked skipped C:\ab59109c80694295757306de\advpack.dll Object is locked skipped C:\ab59109c80694295757306de\advpack.dll.mui Object is locked skipped C:\ab59109c80694295757306de\browseui.dll Object is locked skipped C:\ab59109c80694295757306de\corpol.dll Object is locked skipped C:\ab59109c80694295757306de\custsat.dll Object is locked skipped C:\ab59109c80694295757306de\dxtmsft.dll Object is locked skipped C:\ab59109c80694295757306de\dxtrans.dll Object is locked skipped C:\ab59109c80694295757306de\extmgr.dll Object is locked skipped C:\ab59109c80694295757306de\extmgr.dll.mui Object is locked skipped C:\ab59109c80694295757306de\feeddisc.wav Object is locked skipped C:\ab59109c80694295757306de\hmmapi.dll Object is locked skipped C:\ab59109c80694295757306de\hmmapi.dll.mui Object is locked skipped C:\ab59109c80694295757306de\html.iec Object is locked skipped C:\ab59109c80694295757306de\html.iec.mui Object is locked skipped C:\ab59109c80694295757306de\icardie.dll Object is locked skipped C:\ab59109c80694295757306de\icardie.dll.mui Object is locked skipped C:\ab59109c80694295757306de\icrav03.rat Object is locked skipped C:\ab59109c80694295757306de\ie4uinit.exe Object is locked skipped C:\ab59109c80694295757306de\ie4uinit.exe.mui Object is locked skipped C:\ab59109c80694295757306de\ieakeng.dll Object is locked skipped C:\ab59109c80694295757306de\ieakeng.dll.mui Object is locked skipped C:\ab59109c80694295757306de\ieakmmc.chm Object is locked skipped C:\ab59109c80694295757306de\ieaksie.dll Object is locked skipped C:\ab59109c80694295757306de\ieaksie.dll.mui Object is locked skipped C:\ab59109c80694295757306de\ieakui.dll Object is locked skipped C:\ab59109c80694295757306de\ieakui.dll.mui Object is locked skipped C:\ab59109c80694295757306de\ieapfltr.dat Object is locked skipped C:\ab59109c80694295757306de\ieapfltr.dll Object is locked skipped C:\ab59109c80694295757306de\iedkcs32.dll Object is locked skipped C:\ab59109c80694295757306de\iedkcs32.dll.mui Object is locked skipped C:\ab59109c80694295757306de\iedw.exe Object is locked skipped C:\ab59109c80694295757306de\iedw.exe.mui Object is locked skipped C:\ab59109c80694295757306de\ieencode.dll Object is locked skipped C:\ab59109c80694295757306de\ieeula.chm Object is locked skipped C:\ab59109c80694295757306de\ieframe.dll Object is locked skipped C:\ab59109c80694295757306de\ieframe.dll.mui Object is locked skipped C:\ab59109c80694295757306de\iepeers.dll Object is locked skipped C:\ab59109c80694295757306de\iepeers.dll.mui Object is locked skipped C:\ab59109c80694295757306de\ieproxy.dll Object is locked skipped C:\ab59109c80694295757306de\iernonce.dll Object is locked skipped C:\ab59109c80694295757306de\iernonce.dll.mui Object is locked skipped C:\ab59109c80694295757306de\iertutil.dll Object is locked skipped C:\ab59109c80694295757306de\iesetup.dll Object is locked skipped C:\ab59109c80694295757306de\iesetup.dll.mui Object is locked skipped C:\ab59109c80694295757306de\iesupp.chm Object is locked skipped C:\ab59109c80694295757306de\ieudinit.exe Object is locked skipped C:\ab59109c80694295757306de\ieui.dll Object is locked skipped C:\ab59109c80694295757306de\ieui.dll.mui Object is locked skipped C:\ab59109c80694295757306de\ieuinit.inf Object is locked skipped C:\ab59109c80694295757306de\ieunatt.exe.mui Object is locked skipped C:\ab59109c80694295757306de\iexplore.chm Object is locked skipped C:\ab59109c80694295757306de\iexplore.exe Object is locked skipped C:\ab59109c80694295757306de\iexplore.exe.mui Object is locked skipped C:\ab59109c80694295757306de\imgutil.dll Object is locked skipped C:\ab59109c80694295757306de\inetcorp.iem Object is locked skipped C:\ab59109c80694295757306de\inetcpl.cpl Object is locked skipped C:\ab59109c80694295757306de\inetcpl.cpl.mui Object is locked skipped C:\ab59109c80694295757306de\inetres.adm Object is locked skipped C:\ab59109c80694295757306de\inetset.iem Object is locked skipped C:\ab59109c80694295757306de\infobar.wav Object is locked skipped C:\ab59109c80694295757306de\inseng.dll Object is locked skipped C:\ab59109c80694295757306de\inseng.dll.mui Object is locked skipped C:\ab59109c80694295757306de\install.ins Object is locked skipped C:\ab59109c80694295757306de\jscript.dll Object is locked skipped C:\ab59109c80694295757306de\jsproxy.dll Object is locked skipped C:\ab59109c80694295757306de\licmgr10.dll Object is locked skipped C:\ab59109c80694295757306de\licmgr10.dll.mui Object is locked skipped C:\ab59109c80694295757306de\msfeeds.dll Object is locked skipped C:\ab59109c80694295757306de\msfeeds.mof Object is locked skipped C:\ab59109c80694295757306de\msfeedsbs.dll Object is locked skipped C:\ab59109c80694295757306de\msfeedsbs.dll.mui Object is locked skipped C:\ab59109c80694295757306de\msfeedsbs.mof Object is locked skipped C:\ab59109c80694295757306de\msfeedssync.exe Object is locked skipped C:\ab59109c80694295757306de\mshta.exe Object is locked skipped C:\ab59109c80694295757306de\mshta.exe.mui Object is locked skipped C:\ab59109c80694295757306de\mshtml.dll Object is locked skipped C:\ab59109c80694295757306de\mshtml.dll.mui Object is locked skipped C:\ab59109c80694295757306de\mshtml.tlb Object is locked skipped C:\ab59109c80694295757306de\mshtmled.dll Object is locked skipped C:\ab59109c80694295757306de\mshtmled.dll.mui Object is locked skipped C:\ab59109c80694295757306de\mshtmler.dll Object is locked skipped C:\ab59109c80694295757306de\mshtmler.dll.mui Object is locked skipped C:\ab59109c80694295757306de\msls31.dll Object is locked skipped C:\ab59109c80694295757306de\msrating.dll Object is locked skipped C:\ab59109c80694295757306de\msrating.dll.mui Object is locked skipped C:\ab59109c80694295757306de\mstime.dll Object is locked skipped C:\ab59109c80694295757306de\navstart.wav Object is locked skipped C:\ab59109c80694295757306de\occache.dll Object is locked skipped C:\ab59109c80694295757306de\occache.dll.mui Object is locked skipped C:\ab59109c80694295757306de\occache.ini Object is locked skipped C:\ab59109c80694295757306de\pngfilt.dll Object is locked skipped C:\ab59109c80694295757306de\popupblk.wav Object is locked skipped C:\ab59109c80694295757306de\shdocvw.dll Object is locked skipped C:\ab59109c80694295757306de\shlwapi.dll Object is locked skipped C:\ab59109c80694295757306de\spmsg.dll Object is locked skipped C:\ab59109c80694295757306de\spuninst.exe Object is locked skipped C:\ab59109c80694295757306de\spupdsvc.exe Object is locked skipped C:\ab59109c80694295757306de\tdc.ocx Object is locked skipped C:\ab59109c80694295757306de\ticrf.rat Object is locked skipped C:\ab59109c80694295757306de\update\eula.rtf Object is locked skipped C:\ab59109c80694295757306de\update\idndl.exe Object is locked skipped C:\ab59109c80694295757306de\update\ie7.cat Object is locked skipped C:\ab59109c80694295757306de\update\iecustom.dll Object is locked skipped C:\ab59109c80694295757306de\update\iereseticons.exe Object is locked skipped C:\ab59109c80694295757306de\update\iesetup.exe Object is locked skipped C:\ab59109c80694295757306de\update\legitlibm.dll Object is locked skipped C:\ab59109c80694295757306de\update\nlsdl.exe Object is locked skipped C:\ab59109c80694295757306de\update\update.exe Object is locked skipped C:\ab59109c80694295757306de\update\update.exe.manifest Object is locked skipped C:\ab59109c80694295757306de\update\update.inf Object is locked skipped C:\ab59109c80694295757306de\update\update.ver Object is locked skipped C:\ab59109c80694295757306de\update\updspapi.dll Object is locked skipped C:\ab59109c80694295757306de\update\xmllitesetup.exe Object is locked skipped C:\ab59109c80694295757306de\url.dll Object is locked skipped C:\ab59109c80694295757306de\urlmon.dll Object is locked skipped C:\ab59109c80694295757306de\urlmon.dll.mui Object is locked skipped C:\ab59109c80694295757306de\vbscript.dll Object is locked skipped C:\ab59109c80694295757306de\vgx.dll Object is locked skipped C:\ab59109c80694295757306de\webcheck.dll Object is locked skipped C:\ab59109c80694295757306de\webcheck.dll.mui Object is locked skipped C:\ab59109c80694295757306de\webcheck.ini Object is locked skipped C:\ab59109c80694295757306de\winfxdocobj.exe Object is locked skipped C:\ab59109c80694295757306de\winfxdocobj.exe.mui Object is locked skipped C:\ab59109c80694295757306de\wininet.dll Object is locked skipped C:\ab59109c80694295757306de\wininet.dll.mui Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\10eabc5e06431f03720d90ca03c140ee_8d623dee-9672-4871-a6ec-db6e27c220b0 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\406f16387329031e170bd387bfd40a28_8d623dee-9672-4871-a6ec-db6e27c220b0 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\6173edee83d94e8fa074e4f5a783b8b3_8d623dee-9672-4871-a6ec-db6e27c220b0 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\931119b9f499cb751797920c7442a0ae_8d623dee-9672-4871-a6ec-db6e27c220b0 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\a7d2c7338745d455cf441732372d8565_8d623dee-9672-4871-a6ec-db6e27c220b0 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\ee920479fcf7a27d51781e8367b4a1e4_8d623dee-9672-4871-a6ec-db6e27c220b0 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Lina\Application Data\Mozilla\Firefox\Profiles\e91wbsqm.default\cert8.db Object is locked skipped C:\Documents and Settings\Lina\Application Data\Mozilla\Firefox\Profiles\e91wbsqm.default\formhistory.dat Object is locked skipped C:\Documents and Settings\Lina\Application Data\Mozilla\Firefox\Profiles\e91wbsqm.default\history.dat Object is locked skipped C:\Documents and Settings\Lina\Application Data\Mozilla\Firefox\Profiles\e91wbsqm.default\key3.db Object is locked skipped C:\Documents and Settings\Lina\Application Data\Mozilla\Firefox\Profiles\e91wbsqm.default\parent.lock Object is locked skipped C:\Documents and Settings\Lina\Application Data\Mozilla\Firefox\Profiles\e91wbsqm.default\search.sqlite Object is locked skipped C:\Documents and Settings\Lina\Application Data\Mozilla\Firefox\Profiles\e91wbsqm.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Lina\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Microsoft\Messenger\poussiquette0302@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Microsoft\Messenger\poussiquette0302@hotmail.com\SharingMetadata\pending.dat Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Microsoft\Messenger\poussiquette0302@hotmail.com\SharingMetadata\Working\database_44C4_2DAA_C42D_9EE4\dfsr.db Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Microsoft\Messenger\poussiquette0302@hotmail.com\SharingMetadata\Working\database_44C4_2DAA_C42D_9EE4\fsr.log Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Microsoft\Messenger\poussiquette0302@hotmail.com\SharingMetadata\Working\database_44C4_2DAA_C42D_9EE4\fsrtmp.log Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Microsoft\Messenger\poussiquette0302@hotmail.com\SharingMetadata\Working\database_44C4_2DAA_C42D_9EE4\tmp.edb Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Microsoft\Windows Live Contacts\poussiquette0302@hotmail.com\real\members.stg Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Microsoft\Windows Live Contacts\poussiquette0302@hotmail.com\shadow\members.stg Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Mozilla\Firefox\Profiles\e91wbsqm.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Mozilla\Firefox\Profiles\e91wbsqm.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Mozilla\Firefox\Profiles\e91wbsqm.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Application Data\Mozilla\Firefox\Profiles\e91wbsqm.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Historique\History.IE5\MSHist012007101220071013\index.dat Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Temp\~DFC982.tmp Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Temp\~DFCB14.tmp Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Temp\~DFD635.tmp Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Temp\~DFD640.tmp Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Lina\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Lina\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Lina\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\ed84fbc206dbc1edc1a7d738a8dc\update\update.exe Object is locked skipped C:\ed84fbc206dbc1edc1a7d738a8dc\update\updspapi.dll Object is locked skipped C:\ed84fbc206dbc1edc1a7d738a8dc\update\wpdinstallutil.dll Object is locked skipped C:\MS32DLL.dll.vbs Infected: Worm.VBS.Solow.b skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{8EBFBB51-5917-4CCD-9BBF-99AF854FB71B}\RP29\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\ae5faed976c7cda13c00095f8c9b3f\update\update.exe Object is locked skipped D:\badb3ab365653df96461b5\update\update.exe Object is locked skipped D:\MS32DLL.dll.vbs Infected: Worm.VBS.Solow.b skipped D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped D:\System Volume Information\_restore{8EBFBB51-5917-4CCD-9BBF-99AF854FB71B}\RP29\change.log Object is locked skipped Scan process completed.
  2. Lina
    Ok, j'espère que le scan sera fini dans 2h... Bonne soirée à toi aussi Apollo.01! Merci de ton aide
  3. Lina
    Bonsoir Apollo.01, Désolée de ne pas avoir répondu plus tôt. J'ai supprimé Adobem.exe. Pour l'installation de l'antivirus et du firewall, je laisserai mon frère s'en chargeait Voilà le rapport de ToolsCleaner2: ********ToolsCleaner2 (A.Rothstein)******** Debut le 11/10/2007 a 19:24:57,67 /////////////////// ********Fin de Scan principal******** Aucun Programme trouve! ** Module de recherche complementaire ** (Beta Test 1) C:\WINDOWS\ERUNT\SdFix /////////////////// Fin le 11/10/2007 a 19:26:57,76 - Points de Restauration Ok! - Vidage de la corbeille Ok! - Fichiers temporaires Ok! Merci d'avoir utilise ToolsCleaner2 Je reposterai pour le rapport du scan Kaspersky
  4. Lina
    Bonjour Apollo.01, Voilà je l'ai fait,
  5. Lina
    Re, J'ai fait l'analyse d'adobem.exe, et RAS, il est clean. Mon rapport hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:24:50, on 08/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Docs de Lina\HijackThis.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-790525478-1972579041-1801674531-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Oways') O4 - HKUS\S-1-5-21-790525478-1972579041-1801674531-1004\..\Run: [Free Uploader Oe Integration] C:\Program Files\Free Download Manager\FUM\fumoei.exe (User 'Oways') O4 - Global Startup: ???CE C???CE.lnk O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe -- End of file - 2022 bytes
  6. Lina
    Bonjour Apollo.01, voilà le rapport de kaspersky: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Monday, October 08, 2007 6:00:54 PM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 8/10/2007 Enregistrements dans la base antivirus Kaspersky : 402828 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: A:\ C:\ D:\ E:\ Statistiques de l'analyse: Total d'objets analysés: 106960 Nombre de virus trouvés: 1 Nombre d'objets infectés: 1 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 01:32:29 Nom de l'objet infecté / Nom du virus / Dernière action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Application Data\Mozilla\Firefox\Profiles\kj26oy26.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Application Data\Mozilla\Firefox\Profiles\kj26oy26.default\flashgot.log L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Application Data\Mozilla\Firefox\Profiles\kj26oy26.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Application Data\Mozilla\Firefox\Profiles\kj26oy26.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Application Data\Mozilla\Firefox\Profiles\kj26oy26.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Application Data\Mozilla\Firefox\Profiles\kj26oy26.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Application Data\Mozilla\Firefox\Profiles\kj26oy26.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\FM_log.txt L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Application Data\Microsoft\Messenger\abdoulrallach@hotmail.com\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Application Data\Microsoft\Messenger\abdoulrallach@hotmail.com\SharingMetadata\pending.dat L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Application Data\Microsoft\Messenger\abdoulrallach@hotmail.com\SharingMetadata\Working\database_44C4_2DAA_C42D_9EE4\dfsr.db L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Application Data\Microsoft\Messenger\abdoulrallach@hotmail.com\SharingMetadata\Working\database_44C4_2DAA_C42D_9EE4\fsr.log L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Application Data\Microsoft\Messenger\abdoulrallach@hotmail.com\SharingMetadata\Working\database_44C4_2DAA_C42D_9EE4\fsrtmp.log L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Application Data\Microsoft\Messenger\abdoulrallach@hotmail.com\SharingMetadata\Working\database_44C4_2DAA_C42D_9EE4\tmp.edb L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Application Data\Microsoft\Windows Live Contacts\abdoulrallach@hotmail.com\real\members.stg L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Application Data\Mozilla\Firefox\Profiles\kj26oy26.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Application Data\Mozilla\Firefox\Profiles\kj26oy26.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Application Data\Mozilla\Firefox\Profiles\kj26oy26.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Application Data\Mozilla\Firefox\Profiles\kj26oy26.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\Historique\History.IE5\MSHist012007100820071009\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\temp\~DF68E4.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Oways\Local Settings\temp\~DF68EF.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Oways\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Oways\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{8EBFBB51-5917-4CCD-9BBF-99AF854FB71B}\RP27\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{D4D34DF4-FAE6-4088-A934-BE8F84D2DC9E}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\system32\adobem.exe Infecté : Backdoor.Win32.VanBot.cq ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\ae5faed976c7cda13c00095f8c9b3f\update\update.exe L'objet est verrouillé ignoré D:\badb3ab365653df96461b5\update\update.exe L'objet est verrouillé ignoré D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré D:\System Volume Information\_restore{8EBFBB51-5917-4CCD-9BBF-99AF854FB71B}\RP27\change.log L'objet est verrouillé ignoré Analyse terminée.
  7. Lina
    Je me suis trompée de compte, désolée
  8. Lina
    Bonsoir Apollo.01 J'ai supprimé le fichier autorun.inf et lancé CCleaner. Voilà le rapport: -------------------------------[ Lop S&D 1.1 ]------------------------------ Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ] Lancé depuis : "D:\Docs de Lina\Lop S&D" Rapport crée : Le 07/10/2007 à 19:52:27,18 PC : SOYCD-896BEB646 ! Faire analyser le rapport par un Helper avant intervention ! ---------------------[ Listing des dossiers dans Applications Data ]-------------------- C:\Documents and Settings\All Users\Application Data\Ulead Systems C:\Documents and Settings\All Users\Application Data\InterVideo C:\Documents and Settings\All Users\Application Data\Teleca C:\Documents and Settings\All Users\Application Data\Sony Ericsson C:\Documents and Settings\All Users\Application Data\FLEXnet C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool C:\Documents and Settings\All Users\Application Data\Ahead C:\Documents and Settings\All Users\Application Data\TEMP C:\Documents and Settings\All Users\Application Data\Skype C:\Documents and Settings\All Users\Application Data\vsosdk C:\Documents and Settings\All Users\Application Data\NVIDIA C:\Documents and Settings\All Users\Application Data\Microsoft C:\Documents and Settings\All Users\Application Data\Grisoft C:\Documents and Settings\All Users\Application Data\Adobe C:\Documents and Settings\All Users\Application Data\desktop.ini C:\Documents and Settings\All Users\Application Data\Nero C:\Documents and Settings\All Users\Application Data\Real C:\Documents and Settings\All Users\Application Data\Apple Computer C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage C:\Documents and Settings\All Users\Application Data\autorun.inf C:\Documents and Settings\Default User\Application Data\desktop.ini C:\Documents and Settings\Default User\Application Data\Microsoft C:\Documents and Settings\Lina\Application Data\foobar2000 C:\Documents and Settings\Lina\Application Data\Grisoft C:\Documents and Settings\Lina\Application Data\Ulead Systems C:\Documents and Settings\Lina\Application Data\FastStone C:\Documents and Settings\Lina\Application Data\nCleaner C:\Documents and Settings\Lina\Application Data\Teleca C:\Documents and Settings\Lina\Application Data\Sony Ericsson C:\Documents and Settings\Lina\Application Data\Vso C:\Documents and Settings\Lina\Application Data\Adobe C:\Documents and Settings\Lina\Application Data\SopCast C:\Documents and Settings\Lina\Application Data\vlc C:\Documents and Settings\Lina\Application Data\Sun C:\Documents and Settings\Lina\Application Data\Ahead C:\Documents and Settings\Lina\Application Data\Microsoft C:\Documents and Settings\Lina\Application Data\Media Player Classic C:\Documents and Settings\Lina\Application Data\Macromedia C:\Documents and Settings\Lina\Application Data\Mozilla C:\Documents and Settings\Lina\Application Data\desktop.ini C:\Documents and Settings\Lina\Application Data\Talkback C:\Documents and Settings\Lina\Application Data\Identities C:\Documents and Settings\LocalService\Application Data\Microsoft C:\Documents and Settings\NetworkService\Application Data\Microsoft C:\Documents and Settings\Oways\Application Data\foobar2000 C:\Documents and Settings\Oways\Application Data\Skype C:\Documents and Settings\Oways\Application Data\Ulead Systems C:\Documents and Settings\Oways\Application Data\SumatraPDF C:\Documents and Settings\Oways\Application Data\Microsoft C:\Documents and Settings\Oways\Application Data\Teleca C:\Documents and Settings\Oways\Application Data\Sony Ericsson C:\Documents and Settings\Oways\Application Data\Vso C:\Documents and Settings\Oways\Application Data\nCleaner C:\Documents and Settings\Oways\Application Data\Grisoft C:\Documents and Settings\Oways\Application Data\Google C:\Documents and Settings\Oways\Application Data\SopCast C:\Documents and Settings\Oways\Application Data\Opera C:\Documents and Settings\Oways\Application Data\pcouffin.cat C:\Documents and Settings\Oways\Application Data\pcouffin.sys C:\Documents and Settings\Oways\Application Data\pcouffin.inf C:\Documents and Settings\Oways\Application Data\Sun C:\Documents and Settings\Oways\Application Data\SecuROM C:\Documents and Settings\Oways\Application Data\FastStone C:\Documents and Settings\Oways\Application Data\FileZilla C:\Documents and Settings\Oways\Application Data\Visicom Media C:\Documents and Settings\Oways\Application Data\Adobe C:\Documents and Settings\Oways\Application Data\Ahead C:\Documents and Settings\Oways\Application Data\Real C:\Documents and Settings\Oways\Application Data\vlc C:\Documents and Settings\Oways\Application Data\Contacts C:\Documents and Settings\Oways\Application Data\desktop.ini C:\Documents and Settings\Oways\Application Data\Media Player Classic C:\Documents and Settings\Oways\Application Data\Mozilla C:\Documents and Settings\Oways\Application Data\Macromedia C:\Documents and Settings\Oways\Application Data\Talkback C:\Documents and Settings\Oways\Application Data\Identities C:\Documents and Settings\PROPRI~1\Application Data\foobar2000 C:\Documents and Settings\PROPRI~1\Application Data\Skype C:\Documents and Settings\PROPRI~1\Application Data\Ulead Systems C:\Documents and Settings\PROPRI~1\Application Data\SumatraPDF C:\Documents and Settings\PROPRI~1\Application Data\Microsoft C:\Documents and Settings\PROPRI~1\Application Data\Teleca C:\Documents and Settings\PROPRI~1\Application Data\Sony Ericsson C:\Documents and Settings\PROPRI~1\Application Data\Vso C:\Documents and Settings\PROPRI~1\Application Data\nCleaner C:\Documents and Settings\PROPRI~1\Application Data\Grisoft C:\Documents and Settings\PROPRI~1\Application Data\Google C:\Documents and Settings\PROPRI~1\Application Data\SopCast C:\Documents and Settings\PROPRI~1\Application Data\Opera C:\Documents and Settings\PROPRI~1\Application Data\pcouffin.cat C:\Documents and Settings\PROPRI~1\Application Data\pcouffin.sys C:\Documents and Settings\PROPRI~1\Application Data\pcouffin.inf C:\Documents and Settings\PROPRI~1\Application Data\Sun C:\Documents and Settings\PROPRI~1\Application Data\SecuROM C:\Documents and Settings\PROPRI~1\Application Data\FastStone C:\Documents and Settings\PROPRI~1\Application Data\FileZilla C:\Documents and Settings\PROPRI~1\Application Data\Visicom Media C:\Documents and Settings\PROPRI~1\Application Data\Adobe C:\Documents and Settings\PROPRI~1\Application Data\Ahead C:\Documents and Settings\PROPRI~1\Application Data\Real C:\Documents and Settings\PROPRI~1\Application Data\vlc C:\Documents and Settings\PROPRI~1\Application Data\Contacts C:\Documents and Settings\PROPRI~1\Application Data\desktop.ini C:\Documents and Settings\PROPRI~1\Application Data\Media Player Classic C:\Documents and Settings\PROPRI~1\Application Data\Mozilla C:\Documents and Settings\PROPRI~1\Application Data\Macromedia C:\Documents and Settings\PROPRI~1\Application Data\Talkback C:\Documents and Settings\PROPRI~1\Application Data\Identities ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------------- C:\WINDOWS\tasks\SA.DAT C:\WINDOWS\tasks\desktop.ini --------------[ Listing des dossiers dans C:\Program Files ]-------------- C:\Program Files\7-Zip C:\Program Files\Adobe C:\Program Files\Ahead C:\Program Files\Alcohol Soft C:\Program Files\Audacity C:\Program Files\AviSynth 2.5 C:\Program Files\AvRack C:\Program Files\Bluetack C:\Program Files\Bonjour C:\Program Files\CCleaner C:\Program Files\CodeStuff C:\Program Files\Common Files C:\Program Files\ComPlus Applications C:\Program Files\DAEMON Tools C:\Program Files\DAZ C:\Program Files\Disc2Phone C:\Program Files\DivX C:\Program Files\DkZ Studio C:\Program Files\eRightSoft C:\Program Files\FastStone Capture C:\Program Files\ffdshow C:\Program Files\Fichiers communs C:\Program Files\FileZilla Client C:\Program Files\foobar2000 C:\Program Files\Free Download Manager C:\Program Files\Gabest C:\Program Files\Google C:\Program Files\Grisoft C:\Program Files\Guitar Pro 5 C:\Program Files\Hewlett-Packard C:\Program Files\Illustrate C:\Program Files\ImTOO C:\Program Files\Intel C:\Program Files\Internet Explorer C:\Program Files\IRAI C:\Program Files\Java C:\Program Files\KONAMI C:\Program Files\Labcenter Electronics C:\Program Files\Magic 3GP Video Converter C:\Program Files\Magicbit C:\Program Files\Maple 11 C:\Program Files\Maple V Release 5.1 C:\Program Files\Media Player Classic C:\Program Files\MediaCoder C:\Program Files\Messenger C:\Program Files\microsoft frontpage C:\Program Files\Microsoft Office C:\Program Files\Microsoft.NET C:\Program Files\Movie Maker C:\Program Files\Mozilla Firefox C:\Program Files\MSN C:\Program Files\MSN Gaming Zone C:\Program Files\MSN Messenger C:\Program Files\MSXML 4.0 C:\Program Files\Nero C:\Program Files\NetMeeting C:\Program Files\NKProds C:\Program Files\Online Services C:\Program Files\OO Software C:\Program Files\Opera C:\Program Files\Outlook Express C:\Program Files\PhotoFiltre C:\Program Files\Postal2 C:\Program Files\Postal2STP C:\Program Files\QuickTime Alternative C:\Program Files\Real Alternative C:\Program Files\Realtek Sound Manager C:\Program Files\Recuva C:\Program Files\Sega C:\Program Files\Services en ligne C:\Program Files\Skype C:\Program Files\Sony Ericsson C:\Program Files\SopCast C:\Program Files\Ubisoft C:\Program Files\Ulead Systems C:\Program Files\UnH Solutions C:\Program Files\Unlocker C:\Program Files\VideoLAN C:\Program Files\Visicom Media C:\Program Files\VSO C:\Program Files\Windows Media Components C:\Program Files\Windows Media Connect 2 C:\Program Files\Windows Media Player C:\Program Files\Windows NT C:\Program Files\WinRAR C:\Program Files\xerox C:\Program Files\Xvid ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]----- C:\Program Files\Fichiers communs\Adobe C:\Program Files\Fichiers communs\Ahead C:\Program Files\Fichiers communs\DAZ C:\Program Files\Fichiers communs\DESIGNER C:\Program Files\Fichiers communs\InstallShield C:\Program Files\Fichiers communs\InterVideo C:\Program Files\Fichiers communs\Java C:\Program Files\Fichiers communs\Macrovision Shared C:\Program Files\Fichiers communs\Microsoft Shared C:\Program Files\Fichiers communs\MSSoap C:\Program Files\Fichiers communs\ODBC C:\Program Files\Fichiers communs\Services C:\Program Files\Fichiers communs\Skype C:\Program Files\Fichiers communs\Sony Ericsson Shared C:\Program Files\Fichiers communs\SpeechEngines C:\Program Files\Fichiers communs\System C:\Program Files\Fichiers communs\Teleca Shared C:\Program Files\Fichiers communs\Ulead Systems ----------------------[ Recherche dans le Registre ]---------------------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] -----------------[ Recherche de Fichiers - Dossiers Lop ]----------------- Aucun dossier Lop trouvé ! --------------------[ Vérification du fichier Hosts ]--------------------- Fichier Hosts : Propre --------------------[ Recherche d'autres infections ]--------------------- Aucune autre infection trouvé ! --------------------[ Fin du rapport à 19:52:39,56 ]---------------------- Merci encore Apollo.01
  9. Lina
    Bonjour, Ok Junior Je fais quoi maintenant? (à moins qu'il n'y est plus rien à faire ^^)
  10. Lina
    Re Apollo.01, Bravo à toi! Je présume que c'est bientôt fini alors Voilà mon ComboFix: ComboFix 07-10-05.3 - Lina 2007-10-06 1:05:46.2 - NTFSx86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1256.963.1036.18.664 [GMT 2:00] Running from: D:\Docs de Lina\ComboFix.exe Command switches used :: D:\Docs de Lina\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((( Fichiers créés 2007-09-05 to 2007-10-05 )))))))))))))))))))))))))))))))))))) . 2007-10-05 20:27 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-10-05 20:27 <REP> drahs---- C:\autorun.inf 2007-09-26 15:54 <REP> d-------- C:\audiograbber 2007-09-24 18:02 <REP> d-------- C:\Documents and Settings\Lina\Application Data\Ulead Systems 2007-09-23 13:06 <REP> d-------- C:\Program Files\Guitar Pro 5 2007-09-22 16:35 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-09-22 16:35 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-09-22 16:35 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-09-22 16:35 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-09-22 16:35 1,092 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-22 16:18 36,864 --a------ C:\WINDOWS\system32\maplec.dll 2007-09-22 16:18 147,456 --a------ C:\WINDOWS\system32\WMIMPLEX.dll 2007-09-22 16:18 <REP> d-------- C:\watcom-1.3 2007-09-22 16:17 <REP> d-------- C:\Program Files\Maple 11 2007-09-22 15:25 <REP> d--h----- C:\Program Files\Zero G Registry 2007-09-22 15:22 <REP> d-------- C:\Program Files\CodeStuff 2007-09-22 15:00 <REP> d-------- C:\Documents and Settings\Oways\Application Data\Ulead Systems 2007-09-22 14:41 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll 2007-09-22 14:41 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll 2007-09-22 14:41 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll 2007-09-22 14:41 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll 2007-09-22 14:41 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll 2007-09-22 14:41 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll 2007-09-22 14:41 <REP> d-------- C:\Program Files\Windows Media Components 2007-09-22 14:41 <REP> d-------- C:\Program Files\Fichiers communs\InterVideo 2007-09-22 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo 2007-09-22 14:40 <REP> d-------- C:\Program Files\Ulead Systems 2007-09-22 14:40 <REP> d-------- C:\Program Files\Fichiers communs\Ulead Systems 2007-09-22 14:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems 2007-09-18 21:58 <REP> d-------- C:\Documents and Settings\Lina\Application Data\FastStone 2007-09-16 23:32 299,520 --a------ C:\WINDOWS\uninst.exe 2007-09-16 23:32 19,411 --a------ C:\WINDOWS\system32\Pkunzip.exe 2007-09-16 23:31 <REP> d-------- C:\Documents and Settings\Oways\WINDOWS 2007-09-16 18:02 86,016 -ra------ C:\WINDOWS\system32\ZSPOOL.DLL 2007-09-16 18:02 442,368 -ra------ C:\WINDOWS\system32\zshp1018.exe 2007-09-16 18:02 28,672 -ra------ C:\WINDOWS\system32\zlm.dll 2007-09-16 18:02 28,672 -ra------ C:\WINDOWS\system32\IMF32.DLL 2007-09-16 18:02 24,576 -ra------ C:\WINDOWS\system32\ZTAG32.DLL 2007-09-16 18:02 143,360 -ra------ C:\WINDOWS\apptune1018.exe 2007-09-16 18:02 106,496 -ra------ C:\WINDOWS\system32\vshp1018.dll 2007-09-16 18:02 102,400 -ra------ C:\WINDOWS\system32\zlhp1018.dll 2007-09-16 18:02 <REP> d--h----- C:\Program Files\Zenographics 2007-09-16 18:02 <REP> d-------- C:\Program Files\Hewlett-Packard 2007-09-16 17:32 <REP> d-------- C:\spoolerlogs 2007-09-16 12:22 <REP> d-------- C:\Program Files\Microsoft.NET 2007-09-16 12:21 <REP> dr-h----- C:\MSOCache 2007-09-16 12:20 <REP> d-------- C:\Documents and Settings\Lina\Application Data\nCleaner 2007-09-15 14:55 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2007-09-15 14:55 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-09-10 13:02 <REP> d-------- C:\Documents and Settings\Lina\Application Data\Teleca 2007-09-10 13:01 <REP> d-------- C:\Documents and Settings\Lina\Application Data\Sony Ericsson 2007-09-09 00:49 <REP> d-------- C:\Documents and Settings\Oways\Application Data\SumatraPDF 2007-09-08 23:36 <REP> d-------- C:\Program Files\ImTOO 2007-09-08 23:26 <REP> d-------- C:\Program Files\Magic 3GP Video Converter 2007-09-08 23:18 <REP> d-------- C:\Program Files\Magicbit 2007-09-08 17:54 <REP> d-------- C:\Program Files\Disc2Phone 2007-09-08 17:51 <REP> d-------- C:\WINDOWS\system32\URTTEMP 2007-09-08 17:46 90,800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys 2007-09-08 17:46 88,688 -ra------ C:\WINDOWS\system32\drivers\SE2Emgmt.sys 2007-09-08 17:46 86,560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys 2007-09-08 17:46 4,128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys 2007-09-08 17:46 18,704 -ra------ C:\WINDOWS\system32\drivers\se2End5.sys 2007-09-08 17:45 97,184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys 2007-09-08 17:45 9,360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys 2007-09-08 17:45 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Ebus.sys 2007-09-08 17:45 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecmnt.sys 2007-09-08 17:45 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecm.sys 2007-09-08 17:45 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewhnt.sys 2007-09-08 17:45 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewh.sys 2007-09-08 17:45 <REP> d-------- C:\Documents and Settings\Oways\Application Data\Teleca 2007-09-08 17:44 <REP> d-------- C:\Documents and Settings\Oways\Application Data\Sony Ericsson 2007-09-08 17:42 <REP> d-------- C:\Program Files\Sony Ericsson 2007-09-08 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Teleca Shared 2007-09-08 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Sony Ericsson Shared 2007-09-08 17:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2007-09-08 17:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2007-09-08 12:59 <REP> d-------- C:\WINDOWS\system32\ActiveScan . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-04 18:26 --------- d-------- C:\Documents and Settings\Lina\Application Data\foobar2000 2007-10-03 19:42 --------- d-------- C:\Program Files\MSN Messenger 2007-10-03 19:42 --------- d-------- C:\Program Files\Bonjour 2007-10-02 13:14 --------- d-------- C:\Documents and Settings\Oways\Application Data\foobar2000 2007-09-29 16:29 --------- d-------- C:\Program Files\Free Download Manager 2007-09-29 15:48 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-29 15:40 --------- d-------- C:\Program Files\KONAMI 2007-09-23 12:37 --------- d-------- C:\Program Files\Soulseek 2007-09-22 16:56 --------- d-------- C:\Documents and Settings\Oways\Application Data\Skype 2007-09-09 00:42 --------- d-------- C:\Program Files\Media Player Classic 2007-09-08 23:15 --------- d-------- C:\Program Files\MediaCoder 2007-09-08 11:56 --------- d-------- C:\Program Files\7-Zip 2007-09-08 11:56 --------- d-------- C:\Documents and Settings\Oways\Application Data\Vso 2007-09-08 11:56 --------- d-------- C:\Documents and Settings\Lina\Application Data\Vso 2007-09-08 11:56 --------- d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-09-07 21:13 --------- d-------- C:\Program Files\DkZ Studio 2007-09-01 15:44 --------- d-------- C:\Program Files\Real Alternative 2007-08-27 16:39 --------- d-------- C:\Program Files\MSXML 4.0 2007-08-23 22:32 --------- d-------- C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool 2007-08-21 22:25 --------- d-------- C:\Program Files\AviSynth 2.5 2007-08-20 22:13 --------- d-------- C:\Program Files\Ahead 2007-08-20 17:51 --------- d-------- C:\Program Files\Fichiers communs\Ahead 2007-08-20 17:49 --------- d-------- C:\Documents and Settings\All Users\Application Data\Ahead 2007-08-20 15:52 --------- d-------- C:\Program Files\Alcohol Soft 2007-08-20 15:46 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-08-20 14:00 --------- d-------- C:\Program Files\NKProds 2007-08-20 14:00 --------- d-------- C:\Documents and Settings\Oways\Application Data\nCleaner 2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll 2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll 2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll 2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll 2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll 2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll 2007-07-10 20:37 81920 --a------ C:\WINDOWS\system32\frapsvid.dll 2007-06-28 22:04 47360 --a------ C:\Documents and Settings\Oways\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((( snapshot@2007-10-05_20.15.55.06 ))))))))))))))))))))))))))))))))))))))))) . ----a-w 163,328 2007-09-27 20:03:23 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE ----a-w 4,104,192 2007-10-05 22:33:23 C:\WINDOWS\ERUNT\SDFIX\Users000001\NTUSER.DAT ----a-w 8,192 2007-10-05 22:33:24 C:\WINDOWS\ERUNT\SDFIX\Users000002\UsrClass.dat ----a-w 163,328 2007-09-27 20:03:23 C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE ----a-w 4,104,192 2007-10-05 22:33:12 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users000001\NTUSER.DAT ----a-w 8,192 2007-10-05 22:33:12 C:\WINDOWS\ERUNT\SDFIX_First_Run\Users000002\UsrClass.dat . ----a-w 163,328 2007-08-23 00:15:50 C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE ----a-w 3,387,392 2007-08-26 22:07:21 C:\WINDOWS\ERUNT\SDFIX\Users000001\NTUSER.DAT ----a-w 237,568 2007-08-26 22:07:21 C:\WINDOWS\ERUNT\SDFIX\Users000002\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Update Scheduler for Proteus Demonstration 7.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Update Scheduler for Proteus Demonstration 7.lnk backup=C:\WINDOWS\pss\Update Scheduler for Proteus Demonstration 7.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe R0 GWIOPM;Pilote GWIOPM pour E/S sous NT;C:\WINDOWS\system32\DRIVERS\GWIOPM.SYS S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-06 01:07:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-06 1:08:10 C:\ComboFix-quarantined-files.txt ... 2007-10-06 01:08 C:\ComboFix2.txt ... 2007-10-05 20:16 . --- E O F --- Bonne nuit à toi aussi si tu vas te coucher!
  11. Lina
    Voit mon report: SDFix: Version 1.107 Run by Lina on 06/10/2007 at 00:34 Microsoft Windows XP [version 5.1.2600] Running From: C:\DOCUME~1\Lina\Bureau\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\SYSTEM32\W32APIW.DLL - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] Remaining Files: --------------- File Backups: - C:\DOCUME~1\Lina\Bureau\SDFix\backups\backups.zip Files with Hidden Attributes: Mon 28 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Mon 27 Aug 2007 1,123,200 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\93a233c2dff315e0408559775486f5b2\BIT2A.tmp" Finished! Mon log hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:45:41, on 06/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe D:\Docs de Lina\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: ???CE C???CE.lnk O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe -- End of file - 2332 bytes
  12. Lina
    Merci de ta réponse Voilà les rapports de VirusTotal : Pour C:\WINDOWS\uninst.exe : AhnLab-V3 2007.10.6.0 2007.10.05 - AntiVir 7.6.0.20 2007.10.05 - Authentium 4.93.8 2007.10.05 - Avast 4.7.1051.0 2007.10.05 - AVG 7.5.0.488 2007.10.05 - BitDefender 7.2 2007.10.05 - CAT-QuickHeal 9.00 2007.10.05 - ClamAV 0.91.2 2007.10.05 - DrWeb 4.44.0.09170 2007.10.05 - eSafe 7.0.15.0 2007.10.04 - eTrust-Vet 31.2.5188 2007.10.05 -Ewido 4.0 2007.10.05 - FileAdvisor 1 2007.10.05 - Fortinet 3.11.0.0 2007.10.05 - F-Prot 4.3.2.48 2007.10.05 - F-Secure 6.70.13030.0 2007.10.05 - Ikarus T3.1.1.12 2007.10.05 - Kaspersky 7.0.0.125 2007.10.05 - McAfee 5135 2007.10.05 - Microsoft 1.2803 2007.10.04 - NOD32v2 2574 2007.10.05 - Norman 5.80.02 2007.10.05 - Panda 9.0.0.4 2007.10.05 - Prevx1 V2 2007.10.05 - Rising 19.43.40.00 2007.10.05 - Sophos 4.22.0 2007.10.05 - Sunbelt 2.2.907.0 2007.10.04 VIPRE.Suspicious Symantec 10 2007.10.05 - TheHacker 6.2.6.077 2007.10.05 - VBA32 3.12.2.4 2007.10.05 - VirusBuster 4.3.26:9 2007.10.05 - Webwasher-Gateway 6.0.1 2007.10.05 Win32.Malware.gen (suspicious) Pour C:\WINDOWS\system32\Pkunzip.exe : AhnLab-V3 2007.10.6.0 2007.10.05 - AntiVir 7.6.0.20 2007.10.05 - Authentium 4.93.8 2007.10.05 - Avast 4.7.1051.0 2007.10.05 - AVG 7.5.0.488 2007.10.05 - BitDefender 7.2 2007.10.05 - CAT-QuickHeal 9.00 2007.10.05 - ClamAV 0.91.2 2007.10.05 - DrWeb 4.44.0.09170 2007.10.05 - eSafe 7.0.15.0 2007.10.04 - eTrust-Vet 31.2.5188 2007.10.05 - Ewido 4.0 2007.10.05 - FileAdvisor 1 2007.10.05 - Fortinet 3.11.0.0 2007.10.05 - F-Prot 4.3.2.48 2007.10.05 - F-Secure 6.70.13030.0 2007.10.05 - Ikarus T3.1.1.12 2007.10.05 - Kaspersky 7.0.0.125 2007.10.05 - McAfee 5135 2007.10.05 - Microsoft 1.2803 2007.10.04 - NOD32v2 2574 2007.10.05 - Norman 5.80.02 2007.10.05 - Panda 9.0.0.4 2007.10.05 - Prevx1 V2 2007.10.05 - Rising 19.43.40.00 2007.10.05 - Sophos 4.22.0 2007.10.05 - Sunbelt 2.2.907.0 2007.10.04 - Symantec 10 2007.10.05 - TheHacker 6.2.6.077 2007.10.05 - VBA32 3.12.2.4 2007.10.05 - VirusBuster 4.3.26:9 2007.10.05 - Webwasher-Gateway 6.0.1 2007.10.05 - Pour C:\WINDOWS\system32\w32apiw.dll : Le site me met le message suivant : 0 bytes size received / Se ha recibido un archivo vacio Pour OTMoveIt, quand j'ai cliqué sur MoveIt, il m'a mis le message suivant: Le rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:26:55, on 05/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe D:\Docs de Lina\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: ???CE C???CE.lnk O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe -- End of file - 2309 bytes
  13. Lina
    Bonjour, Je suis allée dans le fichier dans le fichier autorun.inf, je l'ai ouvert, mais il n'y avait rien dedans, j'ai supprimé le fichier (j'ai bien fait l'étape pour voir les fichiers cachés). Sinon j'avais déjà ATP Cleaner et aussi CCleaner, je fais le nettoyage régulièrement. Voilà le rapport: ComboFix 07-10-05.3 - Lina 2007-10-05 20:11:22.1 - NTFSx86 Microsoft Windows XP ?dition familiale 5.1.2600.2.1256.963.1036.18.561 [GMT 2:00] Running from: D:\Docs de Lina\ComboFix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Bureau\UUSEE~1.LNK C:\Documents and Settings\Oways\Application Data\ezpinst.log C:\Program Files\uusee C:\Program Files\uusee\AD\1�0\index.html C:\Program Files\uusee\AD\1�1\index.html C:\Program Files\uusee\AD\1\100\ad.swf C:\Program Files\uusee\AD\1\100\index.html C:\Program Files\uusee\AD\1\dsj\dsj.html C:\Program Files\uusee\AD\1\dsj2\dsj2.html C:\Program Files\uusee\AD\1\dy\dy.html C:\Program Files\uusee\AD\1\dy2\dy2.html C:\Program Files\uusee\AD\1\dy3\dy3.html C:\Program Files\uusee\AD\1\jk\jk.html C:\Program Files\uusee\AD\1\ln\ln.html C:\Program Files\uusee\AD\1\ty\ty.html C:\Program Files\uusee\AD\1\ty2\ty2.html C:\Program Files\uusee\AD\1\yl\yl.html C:\Program Files\uusee\AD\1\yl2\yl2.html C:\Program Files\uusee\AD\1\yl3\yl3.html C:\Program Files\uusee\AD\1\yx\yx.html C:\Program Files\uusee\AD\1\zx\zx.html C:\Program Files\uusee\AD\1\zx2\zx2.html C:\Program Files\uusee\AD\2�0\index.html C:\Program Files\uusee\AD\UUAD_Banner.html C:\Program Files\uusee\AD\UUAD_Banner.swf C:\Program Files\uusee\AD\UUAD_Buffering.html C:\Program Files\uusee\AD\UUAD_Buffering.swf C:\Program Files\uusee\AD\UUAD_TextLink_0.xml C:\Program Files\uusee\ARMP.ocx C:\Program Files\uusee\bak_UUPlayer.dll C:\Program Files\uusee\in_psp.dll C:\Program Files\uusee\MultiVMR9.dll C:\Program Files\uusee\out_mmshttp.dll C:\Program Files\uusee\patch_cmd.exe C:\Program Files\uusee\u264Dec.ax C:\Program Files\uusee\UFDeMux.ax C:\Program Files\uusee\uninst.exe C:\Program Files\uusee\updateC2.ocx C:\Program Files\uusee\UUPlayer.dll C:\Program Files\uusee\UUPlayer.exe C:\Program Files\uusee\UUPlayer.ocx C:\Program Files\uusee\UUPlayer.skn C:\Program Files\uusee\UUPlayer_bak.exe C:\Program Files\uusee\UURecorder.exe C:\Program Files\uusee\UUSee.url C:\Program Files\uusee\uusee_video.dll C:\Program Files\uusee\UUSEEAudioDec.ax C:\Program Files\uusee\UUSeePlayer.exe C:\Program Files\uusee\UUTV.xml C:\Program Files\uusee\UUTV_MY.xml C:\Program Files\uusee\vermini.ini C:\Program Files\uusee\vermini.ini.uuuu.dat C:\Program Files\uusee\vermini_x.ini C:\Program Files\uusee\vermini_x1.ini . ((((((((((((((((((((((((((((( Fichiers créés 2007-09-05 to 2007-10-05 )))))))))))))))))))))))))))))))))))) . 2007-10-04 18:45 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-09-26 15:54 <REP> d-------- C:\audiograbber 2007-09-24 18:02 <REP> d-------- C:\Documents and Settings\Lina\Application Data\Ulead Systems 2007-09-23 13:06 <REP> d-------- C:\Program Files\Guitar Pro 5 2007-09-22 16:35 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-09-22 16:35 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-09-22 16:35 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-09-22 16:35 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-09-22 16:35 1,092 --a------ C:\WINDOWS\system32\tmp.reg 2007-09-22 16:18 36,864 --a------ C:\WINDOWS\system32\maplec.dll 2007-09-22 16:18 147,456 --a------ C:\WINDOWS\system32\WMIMPLEX.dll 2007-09-22 16:18 <REP> d-------- C:\watcom-1.3 2007-09-22 16:17 <REP> d-------- C:\Program Files\Maple 11 2007-09-22 15:25 <REP> d--h----- C:\Program Files\Zero G Registry 2007-09-22 15:22 <REP> d-------- C:\Program Files\CodeStuff 2007-09-22 15:00 <REP> d-------- C:\Documents and Settings\Oways\Application Data\Ulead Systems 2007-09-22 14:41 26,136 --a------ C:\WINDOWS\system32\IVIresize.dll 2007-09-22 14:41 210,456 --a------ C:\WINDOWS\system32\IVIresizeW7.dll 2007-09-22 14:41 206,360 --a------ C:\WINDOWS\system32\IVIresizeA6.dll 2007-09-22 14:41 198,168 --a------ C:\WINDOWS\system32\IVIresizeP6.dll 2007-09-22 14:41 198,168 --a------ C:\WINDOWS\system32\IVIresizeM6.dll 2007-09-22 14:41 194,072 --a------ C:\WINDOWS\system32\IVIresizePX.dll 2007-09-22 14:41 <REP> d-------- C:\Program Files\Windows Media Components 2007-09-22 14:41 <REP> d-------- C:\Program Files\Fichiers communs\InterVideo 2007-09-22 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InterVideo 2007-09-22 14:40 <REP> d-------- C:\Program Files\Ulead Systems 2007-09-22 14:40 <REP> d-------- C:\Program Files\Fichiers communs\Ulead Systems 2007-09-22 14:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems 2007-09-18 21:58 <REP> d-------- C:\Documents and Settings\Lina\Application Data\FastStone 2007-09-16 23:32 299,520 --a------ C:\WINDOWS\uninst.exe 2007-09-16 23:32 19,411 --a------ C:\WINDOWS\system32\Pkunzip.exe 2007-09-16 23:31 <REP> d-------- C:\Documents and Settings\Oways\WINDOWS 2007-09-16 18:02 86,016 -ra------ C:\WINDOWS\system32\ZSPOOL.DLL 2007-09-16 18:02 442,368 -ra------ C:\WINDOWS\system32\zshp1018.exe 2007-09-16 18:02 28,672 -ra------ C:\WINDOWS\system32\zlm.dll 2007-09-16 18:02 28,672 -ra------ C:\WINDOWS\system32\IMF32.DLL 2007-09-16 18:02 24,576 -ra------ C:\WINDOWS\system32\ZTAG32.DLL 2007-09-16 18:02 143,360 -ra------ C:\WINDOWS\apptune1018.exe 2007-09-16 18:02 106,496 -ra------ C:\WINDOWS\system32\vshp1018.dll 2007-09-16 18:02 102,400 -ra------ C:\WINDOWS\system32\zlhp1018.dll 2007-09-16 18:02 <REP> d--h----- C:\Program Files\Zenographics 2007-09-16 18:02 <REP> d-------- C:\Program Files\Hewlett-Packard 2007-09-16 17:32 <REP> d-------- C:\spoolerlogs 2007-09-16 12:22 <REP> d-------- C:\Program Files\Microsoft.NET 2007-09-16 12:21 <REP> dr-h----- C:\MSOCache 2007-09-16 12:20 <REP> d-------- C:\Documents and Settings\Lina\Application Data\nCleaner 2007-09-15 14:55 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys 2007-09-15 14:55 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-09-10 13:02 <REP> d-------- C:\Documents and Settings\Lina\Application Data\Teleca 2007-09-10 13:01 <REP> d-------- C:\Documents and Settings\Lina\Application Data\Sony Ericsson 2007-09-09 00:49 <REP> d-------- C:\Documents and Settings\Oways\Application Data\SumatraPDF 2007-09-08 23:36 <REP> d-------- C:\Program Files\ImTOO 2007-09-08 23:26 <REP> d-------- C:\Program Files\Magic 3GP Video Converter 2007-09-08 23:18 <REP> d-------- C:\Program Files\Magicbit 2007-09-08 17:54 <REP> d-------- C:\Program Files\Disc2Phone 2007-09-08 17:51 <REP> d-------- C:\WINDOWS\system32\URTTEMP 2007-09-08 17:46 90,800 -ra------ C:\WINDOWS\system32\drivers\se2Eunic.sys 2007-09-08 17:46 88,688 -ra------ C:\WINDOWS\system32\drivers\SE2Emgmt.sys 2007-09-08 17:46 86,560 -ra------ C:\WINDOWS\system32\drivers\SE2Eobex.sys 2007-09-08 17:46 4,128 -ra------ C:\WINDOWS\system32\drivers\se2Ecr.sys 2007-09-08 17:46 18,704 -ra------ C:\WINDOWS\system32\drivers\se2End5.sys 2007-09-08 17:45 97,184 -ra------ C:\WINDOWS\system32\drivers\SE2Emdm.sys 2007-09-08 17:45 9,360 -ra------ C:\WINDOWS\system32\drivers\SE2Emdfl.sys 2007-09-08 17:45 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Ebus.sys 2007-09-08 17:45 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecmnt.sys 2007-09-08 17:45 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Ecm.sys 2007-09-08 17:45 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewhnt.sys 2007-09-08 17:45 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Ewh.sys 2007-09-08 17:45 <REP> d-------- C:\Documents and Settings\Oways\Application Data\Teleca 2007-09-08 17:44 <REP> d-------- C:\Documents and Settings\Oways\Application Data\Sony Ericsson 2007-09-08 17:42 <REP> d-------- C:\Program Files\Sony Ericsson 2007-09-08 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Teleca Shared 2007-09-08 17:42 <REP> d-------- C:\Program Files\Fichiers communs\Sony Ericsson Shared 2007-09-08 17:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Teleca 2007-09-08 17:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson 2007-09-08 12:59 <REP> d-------- C:\WINDOWS\system32\ActiveScan 2007-09-08 11:53 0 --a------ C:\WINDOWS\system32\w32apiw.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-10-04 18:26 --------- d-------- C:\Documents and Settings\Lina\Application Data\foobar2000 2007-10-03 19:42 --------- d-------- C:\Program Files\MSN Messenger 2007-10-03 19:42 --------- d-------- C:\Program Files\Bonjour 2007-10-02 13:14 --------- d-------- C:\Documents and Settings\Oways\Application Data\foobar2000 2007-09-29 16:29 --------- d-------- C:\Program Files\Free Download Manager 2007-09-29 15:48 --------- d--h----- C:\Program Files\InstallShield Installation Information 2007-09-29 15:40 --------- d-------- C:\Program Files\KONAMI 2007-09-22 16:56 --------- d-------- C:\Documents and Settings\Oways\Application Data\Skype 2007-09-09 00:42 --------- d-------- C:\Program Files\Media Player Classic 2007-09-08 23:15 --------- d-------- C:\Program Files\MediaCoder 2007-09-08 11:56 --------- d-------- C:\Program Files\7-Zip 2007-09-08 11:56 --------- d-------- C:\Documents and Settings\Oways\Application Data\Vso 2007-09-08 11:56 --------- d-------- C:\Documents and Settings\Lina\Application Data\Vso 2007-09-08 11:56 --------- d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-09-07 21:13 --------- d-------- C:\Program Files\DkZ Studio 2007-09-01 15:44 --------- d-------- C:\Program Files\Real Alternative 2007-08-27 16:39 --------- d-------- C:\Program Files\MSXML 4.0 2007-08-23 22:32 --------- d-------- C:\Documents and Settings\All Users\Application Data\Ping Sign Byte Tool 2007-08-21 22:25 --------- d-------- C:\Program Files\AviSynth 2.5 2007-08-20 22:13 --------- d-------- C:\Program Files\Ahead 2007-08-20 17:51 --------- d-------- C:\Program Files\Fichiers communs\Ahead 2007-08-20 17:49 --------- d-------- C:\Documents and Settings\All Users\Application Data\Ahead 2007-08-20 15:52 --------- d-------- C:\Program Files\Alcohol Soft 2007-08-20 15:46 685816 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-08-20 14:00 --------- d-------- C:\Program Files\NKProds 2007-08-20 14:00 --------- d-------- C:\Documents and Settings\Oways\Application Data\nCleaner 2007-06-28 22:04 47360 --a------ C:\Documents and Settings\Oways\Application Data\pcouffin.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Update Scheduler for Proteus Demonstration 7.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Update Scheduler for Proteus Demonstration 7.lnk backup=C:\WINDOWS\pss\Update Scheduler for Proteus Demonstration 7.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe R0 GWIOPM;Pilote GWIOPM pour E/S sous NT;C:\WINDOWS\system32\DRIVERS\GWIOPM.SYS S3 AC2003;AC2003;C:\WINDOWS\system32\Drivers\AC2003.sys S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f2c37b89-1e58-11dc-9af8-00508d658306}] AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs . ************************************************************************** catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-05 20:15:21 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-10-05 20:16:20 - machine was rebooted C:\ComboFix-quarantined-files.txt ... 2007-10-05 20:16 . --- E O F --- Et voici celui d'hijackthis: ogfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:22:31, on 05/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe D:\Docs de Lina\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: ???CE C???CE.lnk O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe -- End of file - 2345 bytes Sinon, je n'ai pas d'antivirus, et le firewall, je crois que c'est celui de Windows.
  14. Lina
    Re, J'ai fait le l'étape avec clean, Script execute en mode sans echec Rapport clean par Malekal_morte - http://www.malekal.com Script execute en mode sans echec 04/10/2007 a 12:57:51,93 Microsoft Windows XP [version 5.1.2600] *** Suppression des fichiers dans C: tentative de suppression de C:\autorun.inf Impossible de supprimer C:\autorun.inf *** Suppression des fichiers dans C:\WINDOWS\ *** Suppression des fichiers dans C:\WINDOWS\system32 tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe *** Suppression des fichiers dans C:\Program Files *** Suppression des clefs du registre effectuee.. *** Fin du rapport ! :? Mais j'ai pas eu la fenêtre où il fallait cocher les options... autorun.inf est là
  15. Lina
    Bonjour Apollo.01, Non, il y a juste un CD-R de musique que j'ai acheté, mais il ne devrait pas y avoir de virus à l'intérieur Sinon, je peux avoir attrapé cela par autre moyen? (internet, avec les pubs? ) Je te le demande, pour éviter par la suite de me refaire infecter. Donc étant donné que je n'ai pas de supports amovibles succeptibles d'avoir infecté l'ordi, je ne fais pas la 1ère étape (télécharger flash desinfector) non? Je vais redemarrer et faire ce que tu m'as dit Merci encore, et j'espère à plus tard ^^
  16. Lina
    C'est bon, je viens de tout supprimer de la quarantaine et j'ai desactivé et réactivé la restauration du système. Donc demain je referais un scan Bonne nuit Apollo.01
  17. Lina
    Je suis allée en mode sans échec et je pense avoir bien configurer AVG, mais je referais le scan complet demain pour être sûre Est-ce que je supprime aussi definitivement C:\WINDOWS\MS32DLL.dll.vbs ? Merci de t'occuper de mon cas, au fait
  18. Lina
    J'ai bien fait ce que tu m'as dit, mais il veut pas me l'enlever... mon rapport AVG: C:\Documents and Settings\Lina\Cookies\lina@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise. C:\Documents and Settings\Lina\Cookies\lina@search.live[1].txt -> TrackingCookie.Live : Aucune action entreprise. C:\System Volume Information\_restore{8EBFBB51-5917-4CCD-9BBF-99AF854FB71B}\RP21\A0010353.vbs -> Worm.Solow.a : Aucune action entreprise. Je comprends pas pourquoi il me met "aucune action entreprise" car à la fin du scan les cookies ont été supprimés et worm.solow.a en quarataine C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\oodag.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: ???CE C???CE.lnk O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
  19. Lina
    Merci de vos réponses Pour le scan de Panda, il s'est arrêté à Outlook, je l'ai refait une deuxième fois mais toujours le même résultat... : C'est le programme que j'avais utilisé la dernière fois... Et il me semble avoir fait ce que tu as dit... Je viens d'essayer et ça a l'air d'avoir marché... Je crois que c'est bon cette fois-ci, voilà mon log: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: ???CE C???CE.lnk O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
  20. Lina
    Bonjour à tous, Normalement en cas de problème, c'est mon frère qui règle tout (car étant membre du groupe sécurité du forum), mais il n'est pas là, donc, j'ai besoin de vous... AVG me met que je suis infectée par worm.solow.a, j'avais déjà téléchargé un programme qui permettait de supprimer cette infection "hacked by godzilla", et après avoir redémarré mon ordi, tout aller bien, j'ai refait le scan AVG sans rien trouver, et sur le log hijackthis, la ligne hacked by godzilla n'était plus présente. Cependant, je viens de refaire un scan, et je retrouve worm.solow.a Et retrouve la ligne hacked by godzilla... Voici mon log: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WScript.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [MS32DLL] C:\WINDOWS\MS32DLL.dll.vbs O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: ???CE C???CE.lnk O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe Merci d'avance.
  21. Lina
    Bonsoir à tous, voici quelques chansons que je trouve touchantes: - Led Zeppelin - Baby I'm gonna leave you - The Who - Behind Blue Eyes. - Neneh Cherry & Youssoun'dour - 7 seconds - Le Roi Lion - Lion est mort ce soir ( , non j'ai pas honte ) - Bob Dylan - Knocking On Heavens Door - Aerosmith - Dream On - Noir Désir - Ernestine (il y en a pas mal de Noir Désir qui me touche, mais bon, je vais pas toutes les mettre...) - Pink Floyd - Wish You Were Here (pareil que pour Noir Désir) - Tracy Chapman - Bang Bang Bang (pareil que pour Pink Floyd) Je crois que je vais arrêter là pour aujourd'hui
  22. Lina

    Questions sur les serveurs

    Lina a répondu à un(e) sujet de Lina dans Internet & Réseaux

    Ok, merci encore paulk69 Bonne fin de journée à tous.
  23. Lina

    Questions sur les serveurs

    Lina a répondu à un(e) sujet de Lina dans Internet & Réseaux

    Très bien, merci de vos réponses... Un dernière question car vous n'avez pas encore répondu : Les informations, que nos serveurs ont, sont supprimées au bout de combien de temps ? Après, promis, je m'en vais
  24. Lina

    Questions sur les serveurs

    Lina a répondu à un(e) sujet de Lina dans Internet & Réseaux

    Ces infos ne sont donc pas surveillées sauf demande de la justice ? Pourquoi les policiers n'utilisent pas ce moyen pour déceler ceux qui téléchargent illégalement ? (à moins qu'ils ne le fassent déjà )
  25. Lina

    Questions sur les serveurs

    Lina a répondu à un(e) sujet de Lina dans Internet & Réseaux

    Merci de ta réponse. Les informations, que nos serveurs ont, sont supprimées au bout de combien de temps ?
×
×
  • Créer...