Aller au contenu

elef

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    98

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    francais

elef's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. elef

    Virus tetu..

    elef a répondu à un(e) sujet de elef dans Analyses et éradication malwares

    Bonjour Pear, Et bien on en apprends tous les jours, merci pour les infos sur avast.Je lui laisse antivir et j'vais lui dire qu'il n'aille pas trop trainer sur les sites chauds. Antivir a donc trouvé de nouveaux objets suspects qu'il a supprimé,voici le rapport : AntiVir PersonalEdition Classic Report file date: dimanche 8 juin 2008 12:08 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Laurent Computer name: UNICORNI-388923 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: repair Secondary action.................: delete Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 8 juin 2008 12:08 Starting search for hidden objects. '29096' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lxdccoms.exe' - '1' Module(s) have been scanned Scan process 'BTNtService.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'ObjectDock.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wbload.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 27 processes with 27 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '25' files ). Starting the file scan: Begin scan in 'C:\' <Disk> C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Laurent\Mes documents\EmoticonesAnimaux.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '48bab06a.qua'! Begin scan in 'D:\' Search path D:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: dimanche 8 juin 2008 12:55 Used time: 47:33 min The scan has been done completely. 2524 Scanning directories 83141 Files were scanned 0 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 83141 Files not concerned 575 Archives were scanned 1 Warnings 0 Notes 29096 Objects were scanned with rootkit scan 0 Hidden objects were found Et voici resultat Kaperski: ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT dimanche 8 juin 2008 13:16:24 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 8/06/2008 Kaspersky Anti-Virus database records: 839091 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\ Scan Statistics: Total number of scanned objects: 31366 Number of viruses found: 6 Number of infected objects: 28 / 0 Number of suspicious objects: 0 Duration of the scan process: 00:38:12 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\LOGFILES\AVSCAN-20080608-120814-27D8F7D6.LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\TEMP\AVSCAN-20080608-120814-27D6EC22\AVSCAN-000074F6 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\Laurent\.housecall6.6\Quarantine\yjohijoz.exe.bac_a03840 Infected: Trojan.Win32.Obfuscated.gx skipped C:\Documents and Settings\Laurent\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Laurent\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Laurent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Laurent\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Laurent\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Laurent\Local Settings\Historique\History.IE5\MSHist012008060820080609\index.dat Object is locked skipped C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Laurent\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Laurent\NTUSER.DAT.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP10\change.log Object is locked skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008357.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008358.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008359.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008360.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008361.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008362.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008363.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008364.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008365.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008366.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008367.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008368.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008369.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008370.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008371.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0008372.sys Infected: Trojan-Downloader.Win32.Mutant.adi skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0010383.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012449.dll Infected: Trojan.Win32.Vapsup.gcc skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012454.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012456.dll Infected: Trojan.Win32.Vapsup.gbp skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012458.exe Infected: Trojan.Win32.Vapsup.gcc skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012465.dll Infected: Trojan.Win32.Vapsup.gcc skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012478.dll Infected: Trojan.Win32.Vapsup.gbp skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012479.dll Infected: Trojan-Downloader.Win32.Mutant.adg skipped C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP8\A0012481.exe Infected: Trojan.Win32.Vapsup.gcc skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{A62E321A-42EE-44E7-BE66-3DBBE50F0C1B}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\drivers\Winfl63.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped C:\WINDOWS\system32\drivers\Winqy64.sys Infected: Trojan-Dropper.Win32.Agent.shb skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. Ca ressemble a ceux qu'il avait deja trouvé nan..? Pourquoi il saute au lieu de supprimer..?
  2. elef

    Virus tetu..

    elef a répondu à un(e) sujet de elef dans Analyses et éradication malwares

    Bonsoir Pear, Wow comment se fait-ce qu'il reste autant de trucs infectés dans le pc..? j'te renvoie les deux resultats de scan,dis moi s'il reste des manips a faire . Malwarebytes' Anti-Malware 1.15 Version de la base de données: 838 22:41:49 07/06/2008 mbam-log-6-7-2008 (22-41-49).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 60717 Temps écoulé: 14 minute(s), 31 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 22 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 49 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10f0c2a9-8e38-43e3-204d-45524c494e20} (Rogue.PCAntispyware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{09797a7f-36ba-468b-bc71-b65e061783de} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{5e5c9077-0e64-4a3c-bd42-f9d8fc2b6dd7} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{5b886f01-527a-4f05-90e2-14eacd2f8870} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Internet Explorertoolbar (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AllFilesystemObjects\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\pcsd (Rogue.PC-Cleaner) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{10b5e5c2-8901-4e3c-bf61-ac6e11039292} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\WINDOWS\system32smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\System Volume Information\_restore{0B4C9D97-4730-471C-9999-B19A8B61E514}\RP3\A0000004.scr (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\ekaf.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32akttzn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32anticipator.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32awtoolb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32bdn.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32bsva-egihsg52.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32dpcproxy.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32emesx.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32h@tkeysh@@k.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32hoproxy.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32hxiwlgpm.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32hxiwlgpm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32medup012.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32medup020.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32msgp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32msnbho.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32mssecu.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32msvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32mtr2.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32mwin32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32netode.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32newsd32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ps1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32psof1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32psoft1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32regc64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32regm64.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32Rundl1.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32sncntr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ssurf022.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ssvchost.com (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32ssvchost.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32sysreq.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32taack.dat (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32taack.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32temp#01.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32thun.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32thun32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32VBIEWER.OCX (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32vbsys2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32vcatchpi.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32winlogonpc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\System32WINWGPX.EXE (Fake.Dropped.Malware) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jhauambmz_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\jhauambmz_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:43:57, on 07/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\lxdccoms.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Documents and Settings\Laurent\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189440919828 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_12.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing) -- End of file - 4581 bytes Voila j'espere que j'ai rien oublié . @ bientot..
  3. elef

    Virus tetu..

    elef a répondu à un(e) sujet de elef dans Analyses et éradication malwares

    Bonsoir Pear, Tout d'abord merci de t'etre occupé de mon cas J'ai donc fait les manips et a priori ca tient le coup j'suis pas resté longtps sur le net avec le portable mais avast s'est mis a jour et il n'y a pas eu d'alertes ; Je te poste les rapports pour avoir confirmation, Sdfix: SDFix: Version 1.188 Run by Laurent on 05/06/2008 at 19:02 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\.protected - Deleted C:\WINDOWS\.protected - Deleted C:\WINDOWS\system32\drivers\etc\.protected - Deleted C:\WINDOWS\mslagent\2_mslagent.dll - Deleted C:\WINDOWS\mslagent\mslagent.exe - Deleted C:\WINDOWS\mslagent\uninstall.exe - Deleted C:\Program Files\Inet Delivery\inetdl.exe - Deleted C:\Program Files\Inet Delivery\intdel.exe - Deleted C:\WINDOWS\a.bat - Deleted C:\WINDOWS\atfxqogp.dll - Deleted C:\WINDOWS\base64.tmp - Deleted C:\WINDOWS\bdn.com - Deleted C:\WINDOWS\FVProtect.exe - Deleted C:\WINDOWS\iTunesMusic.exe - Deleted C:\WINDOWS\mssecu.exe - Deleted C:\WINDOWS\system32\WinCtrl32.dll - Deleted C:\WINDOWS\userconfig9x.dll - Deleted C:\WINDOWS\vregfwlx.dll - Deleted C:\WINDOWS\winsystem.exe - Deleted C:\WINDOWS\xmpstean.exe - Deleted C:\WINDOWS\zip1.tmp - Deleted C:\WINDOWS\zip2.tmp - Deleted C:\WINDOWS\zip3.tmp - Deleted C:\WINDOWS\zipped.tmp - Deleted Could Not Remove C:\WINDOWS\system32smp Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed Folder C:\Program Files\Inet Delivery - Removed Folder C:\WINDOWS\mslagent - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 19:24:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40] scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup" "C:\\Documents and Settings\\Laurent\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Laurent\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Disabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Disabled:IncrediMail" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eChanblard" "C:\\WINDOWS\\system32\\lxdccoms.exe"="C:\\WINDOWS\\system32\\lxdccoms.exe:*:Enabled:Lexmark Communications System" "C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"="C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe:*:Enabled:Lexmark Device Monitor" "C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"="C:\\Program Files\\Lexmark 1300 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer" "C:\\Program Files\\Panzer Elite Action\\Panzer Elite Action\\pea.exe"="C:\\Program Files\\Panzer Elite Action\\Panzer Elite Action\\pea.exe:*:Enabled:Panzer Elite Action" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Lexmark 1300 Series\\app4r.exe"="C:\\Program Files\\Lexmark 1300 Series\\app4r.exe:*:Enabled:BorgListener" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : C:\WINDOWS\system32smp Found File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 21 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 20 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT2.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2A.tmp" Sat 23 Sep 2006 1,055,594 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\download\BIT83.tmp" Finished! Mbam: SDFix: Version 1.188 Run by Laurent on 05/06/2008 at 19:02 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Default HomePage Value Restoring Default Desktop Components Value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\WINDOWS\system32\rqRkJAPf.dll - Deleted C:\.protected - Deleted C:\WINDOWS\.protected - Deleted C:\WINDOWS\system32\drivers\etc\.protected - Deleted C:\WINDOWS\mslagent\2_mslagent.dll - Deleted C:\WINDOWS\mslagent\mslagent.exe - Deleted C:\WINDOWS\mslagent\uninstall.exe - Deleted C:\Program Files\Inet Delivery\inetdl.exe - Deleted C:\Program Files\Inet Delivery\intdel.exe - Deleted C:\WINDOWS\a.bat - Deleted C:\WINDOWS\atfxqogp.dll - Deleted C:\WINDOWS\base64.tmp - Deleted C:\WINDOWS\bdn.com - Deleted C:\WINDOWS\FVProtect.exe - Deleted C:\WINDOWS\iTunesMusic.exe - Deleted C:\WINDOWS\mssecu.exe - Deleted C:\WINDOWS\system32\WinCtrl32.dll - Deleted C:\WINDOWS\userconfig9x.dll - Deleted C:\WINDOWS\vregfwlx.dll - Deleted C:\WINDOWS\winsystem.exe - Deleted C:\WINDOWS\xmpstean.exe - Deleted C:\WINDOWS\zip1.tmp - Deleted C:\WINDOWS\zip2.tmp - Deleted C:\WINDOWS\zip3.tmp - Deleted C:\WINDOWS\zipped.tmp - Deleted Could Not Remove C:\WINDOWS\system32smp Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed Folder C:\Program Files\Inet Delivery - Removed Folder C:\WINDOWS\mslagent - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-05 19:24:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40] scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil" "C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup" "C:\\Documents and Settings\\Laurent\\Local Settings\\Temp\\Nero Web\\SetupXu.exe"="C:\\Documents and Settings\\Laurent\\Local Settings\\Temp\\Nero Web\\SetupXu.exe:*:Enabled:Nero ProductSetup" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Disabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Disabled:IncrediMail" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eChanblard" "C:\\WINDOWS\\system32\\lxdccoms.exe"="C:\\WINDOWS\\system32\\lxdccoms.exe:*:Enabled:Lexmark Communications System" "C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"="C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe:*:Enabled:Lexmark Device Monitor" "C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"="C:\\Program Files\\Lexmark 1300 Series\\App4R.exe:*:Enabled:Lexmark Imaging Studio" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer" "C:\\Program Files\\Panzer Elite Action\\Panzer Elite Action\\pea.exe"="C:\\Program Files\\Panzer Elite Action\\Panzer Elite Action\\pea.exe:*:Enabled:Panzer Elite Action" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Lexmark 1300 Series\\app4r.exe"="C:\\Program Files\\Lexmark 1300 Series\\app4r.exe:*:Enabled:BorgListener" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : C:\WINDOWS\system32smp Found File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 21 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Sun 20 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT2.tmp" Thu 24 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT2A.tmp" Sat 23 Sep 2006 1,055,594 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e2ee6701f2679c24dd339050a068b193\download\BIT83.tmp" Finished! Voila j'espere que tout va bien.. Merci a toi Pear @ bientot
  4. elef
    Bonjour a vous la zebulon family's me revoila avec nouveau soucis. J'ai un pote qui m'a demandé de regarder son pc portable parcequ'a chaque fois qu'il se connecte a internet dans les 20 secondes qui suivent Avast ne cesse d'indiquer des alertes concernant l'envoi repetitif de mails et bloque par la suite tout acces a son pc,alors j'en ai trouvé quelques uns et les ai supprimés mais il en reste et j'arrive pas a les trouver,j'ai fait plusieurs scans (Avast,Avg,nettoyé avec Ccleaner ) mais rien n'y fait ca persiste. Pour gagner un peu de tps voici le scan de Hijack Alors comme toujours c'est là que je me mets a pleurer et a vous demander de l'aide.. Merci Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:53:18, on 05/06/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\system32\lxdccoms.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Laurent\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {10B5E5C2-8901-4E3C-BF61-AC6E11039292} - C:\WINDOWS\system32\rqRkJAPf.dll O2 - BHO: (no name) - {10F0C2A9-8E38-43e3-204D-45524C494E20} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189440919828 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...on_2_0_4_12.cab O20 - Winlogon Notify: rqRkJAPf - C:\WINDOWS\SYSTEM32\rqRkJAPf.dll O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll O21 - SSODL: vltdfabw - {B81B6C37-BA75-4F89-9AB9-473638B8E2CE} - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing) -- End of file - 4999 bytes
  5. elef

    conexion net impossible

    elef a répondu à un(e) sujet de elef dans Internet & Réseaux

    Probleme resolu, j'ai arreté les services de norton au demarrage et j'ai pu me connecter au net.
  6. elef

    conexion net impossible

    elef a répondu à un(e) sujet de elef dans Internet & Réseaux

  7. elef
    Zebulon's family bonsoir, J'ai de nouveau besoin de vos lumieres,moi je seche.. une amie a moi m'a demandé de jeter un oeil sur son pc parceque depuis trois jours elle n'arrive pas a seconnecter a internet,par contre Msn lui se connecte et elle peut dialer avec ses contacts.. J'ai fais un peu de nettoyage en supprimant norton(me manque juste la connexion pour finir la desinstallation) et en mettant avast,j'ai fais un coup de Ccleaner et Avg et le prob. est tjrs là...Chaque fois que j'ouvre une page internet ca essaie d'ouvrir tjrs la mm page"Go microsoft blabla...."( je crois que c'est la page de mise a jour microsoft) j'ai eu beau changer l'adresse pour la page d'accueil mais il n'en tiens pas compte... Je seche je sais plus quoi faire.. D'avance merci pour votre aide..
  8. elef

    Probleme d'installation XP

    elef a répondu à un(e) sujet de elef dans Software

    Salut Micgre, Alors c'est toujours pareil meme sans la batterie,crois tu vraiment que ce soit la fin..juste a cause du changement de barettes memoire j'ai bouzillé le pc..?!! c'est un truc de ouf quand meme le pc a à peine plus d'un an... Si j'l'emmene chez les chinois(ou si tu connais quelqu'un sur paris..) penses tu qu'ils vont trouver mon probleme..? Merci
  9. elef

    Probleme d'installation XP

    elef a répondu à un(e) sujet de elef dans Software

    Bonsoir Micgre, J'ai essayé de le brancher sur mon vieil ecran et ca n'a rien donné non plus,si ca peut aider (j'en doute ..) meme le lecteur de cd ne tourne pas je ne peux meme pas l'ouvrir en appuyant sur le bouton... Aie aie j'sui mal parti hein..? Tu m'as pas repondu pour l'echange de barettes est ce que tu crois que j'aie pu flinguer ..?
  10. elef

    Probleme d'installation XP

    elef a répondu à un(e) sujet de elef dans Software

  11. elef

    Probleme d'installation XP

    elef a répondu à un(e) sujet de elef dans Software

    Bonsoir Micgre, C'est un ecran noir comme si il etait pas allumé je vois les leds(sauf celle du lecteur de cd) com quoi il est allumé mais ne bouge pas,je n'ai pas acces au bios non plus, tout a l'heure quand j'ai essayé de booter avec le CD XP j'ai été obligé pour inserer le disque, d'ouvrir le lecteur avec la petite tige en metal qui est vendue avec tous les graveurs au cas ou y aurait un cd qui se coince dedans. Donc c'est plutot mal parti,le fait juste d'avoir mis d'autre barettes aurait pu tuer le pc comme ca..!? tu crois..? Help,help..
  12. elef

    Probleme d'installation XP

    elef a répondu à un(e) sujet de elef dans Software

    Bonsoir a tous,bonsoir Micgre, Alors je vous tiens au courant de mes manipulations. J'ai emmené le pc au travail (j'avais un peu de tps) et j'ai fais un test avec d'autres barettes memoire en relancant l'installation mais l'ecran est resté tout noir(sans curseur),j'ai eteints et remis les anciennes barettes et Grrrr de nouveau l'ecran noir,je viens de rentrer chez moi j'ai ouvert et interverti les barettes des fois que et toujours rien,ecran noir encore...(tjrs sans curseur..) Je viens d'essayer de le lancer avec le CD XP mais rien.. Je crois que là j'ai flingué le pc,j'suis degouté j'vais etre bon pour lui en repayer un neuf.. Dites moi c'que vous en pensez,j'attends vos suggestions.. Merci
  13. elef

    Probleme d'installation XP

    elef a répondu à un(e) sujet de elef dans Software

    Bonsoir Micgre, Alors j'ai pensé a la meme chose que toi et ai essayer d'utiliser memtest,j'ai fait l'image iso,j'ai demarré avec le cd dans le lecteur et là ca me mets "CALDERA...che plus quoi...DOS" avec le curseur qui clignote en dessous, j'ai attendu un peu et j'ai vu que ca faisait rien alors j'ai arreté..je crosi que j'aurais pas dû, c'est ca..? J'ai lu la "notice" de memtest mais je crois que j'ai pas tout compris,j'ai pas de menus comme ils disent..doit y avoir un truc que j'fais pas bien sans doute..tu peux m'eclairer ? Merci Micgre..
  14. elef

    Probleme d'installation XP

    elef a répondu à un(e) sujet de elef dans Software

    Merci, C'est deja fait et il est accepté mais je crois qu'il s'est arreté pdt que j'avais le dos tourné et il a repris l'install. mais pas là ou elle s'etait arretée et recommencé la moitié des operations jusqu'a me redemander la clé...
  15. elef

    Probleme d'installation XP

    elef a posté un sujet dans Software

    Zebulon's family bonsoir, 10 jours sans soucis c'est deja bien..! Je reviens a la charge avec cette fois ci un truc dans lequel j'aurais peut etre pas dû m'embarquer,j'expose : Un pote a moi m'a demandé de jeter un oeil sur son pc portable (Acer Aspire 5100,sans anti virus ni de pare feu activé) parcequ'il le trouvait super lent,comme il ecoutait de la musque c'etait hachuré et il avait sans cesse des pop up qui surgissaient comme il surfait sur le net. Je l'ai donc pris et commencé par un scan avec Avg,il m'a trouvé 101 "chevaux de troie"... j'ai halluciné comme j'ai vu le chiffre,j'ai fait les nettoyages appropriés et ai redemarré le pc là je l'ai trouvé avec les memes symptomes qu'au depart.J'ai essayé de l'alleger le plus possible en retirant les programmes superflus mais rien a faire toujours pareil,ca m'a pris la tete...j'decide alors de repartir a zero et de formater (avec l'accord de mon pote) avec un CD d'install. XP juste pour avoir le systeme d'exploitation mais c là que vient le probleme je crois que j'ai fait une boulette en supprimant toutes les partitions du disque pour n'en faire qu'une seule,maintenant comme j'essaye d'installer XP (que ce soit avec mon CD ou le CD Acer) il me mettait des messages d'erreur sur fond bleu..jamais les memes !! Pendant que j'etais entrain d'ecrire j'ai commencé une nouvelle installation pour voir et là il a commencé a installer sauf que ca fait deux fois qu'il me demande le nom a mettre pour l'ordi et sa clé de licence..il tourne en rond je sais plus quoi faire .. Merci pour votre aide
×
×
  • Créer...