Aller au contenu

jojo2186

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    142

  • Inscription

  • Dernière visite

Profile Information

  • Sexe
    Male
  • Localisation
    Dijon

Autres informations

  • Mes langues
    francais

jojo2186's Achievements

Power Member

Power Member (5/12)

0

Réputation sur la communauté

  1. jojo2186
    merci de votre aide.....
  2. jojo2186
    Personne pour trouver une solution à mon problème??
  3. jojo2186
    Oui, oui il n'y a que le wifi qui déconnecte, l'ordinateur en éthernet est toujours connecté. Je perd ma connection internet et après quelques minutes, mon pc branché en wifi se reconnecte. Quelqu'un peut m'aider svp?
  4. jojo2186
    Bonjour, cela fait plusieurs semaines que mon problème persiste. Je fonctionne sous Vista avec Eset smart Nod32. Je pers ma connexion internet sans raison apparente, c'est désagréable surtout quand on est sur Skype ou Msn, je suis très souvent déconnecté. Je n'utilise pas de logiciel P2P, le navigateur internet que j'utilise le plus souvent est Mozilla. Pour information je suis branché en Wifi et je capte presque au maximum et j'ai un second ordinateur branché en Ethernet. Quelqu'un pourrait'il m'aider svp? Merci d'avance^
  5. jojo2186
    Bonsoir, Merci beaucoup pour votre aide. Pour outlook j'ai réinitialiser et ça remarche. Sinon plus aucun signe de fichiers infectés. Pour ce qui concerne la lenteur je vais suivre vos instructions. Bonne continuation et peut être a une autre fois sur ce forum. Bien amicalement
  6. jojo2186
    Bonjour, voici le rapport Image Name PID Services ========================= ====== ============================================= System Idle Process 0 N/A System 4 N/A smss.exe 664 N/A csrss.exe 712 N/A winlogon.exe 744 N/A services.exe 788 Eventlog, PlugPlay lsass.exe 800 PolicyAgent, ProtectedStorage, SamSs ati2evxx.exe 952 Ati HotKey Poller svchost.exe 964 DcomLaunch, TermService svchost.exe 1060 RpcSs svchost.exe 1152 AudioSrv, Browser, CryptSvc, Dhcp, ERSvc, EventSystem, FastUserSwitchingCompatibility, helpsvc, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, srservice, TapiSrv, Themes, TrkWks, W32Time, winmgmt, wscsvc, wuauserv, WZCSVC svchost.exe 1208 Dnscache svchost.exe 1268 LmHosts, SSDPSRV explorer.exe 1612 N/A spoolsv.exe 1644 Spooler opwareSE2.exe 1784 N/A winampa.exe 1792 N/A egui.exe 1800 N/A jusched.exe 1820 N/A hpqtra08.exe 1900 N/A svchost.exe 524 WebClient AppleMobileDeviceService. 556 Apple Mobile Device ekrn.exe 592 ekrn svchost.exe 612 hpqcxs08, hpqddsvc jqs.exe 636 JavaQuickStarterService svchost.exe 992 Net Driver HPZ12 svchost.exe 1188 Pml Driver HPZ12 slserv.exe 832 SLService SMAgent.exe 1464 SoundMAX Agent Service (default) svchost.exe 1532 stisvc wdfmgr.exe 1596 UMWdf alg.exe 3460 ALG hpqste08.exe 3628 N/A hpqbam08.exe 3672 N/A hpqgpc01.exe 3700 N/A dwwin.exe 476 N/A firefox.exe 1768 N/A dumprep.exe 2604 N/A dwwin.exe 3984 N/A cmd.exe 1316 N/A mmc.exe 2248 N/A cmd.exe 2676 N/A tasklist.exe 456 N/A wmiprvse.exe 2692 N/A
  7. jojo2186
    Bonjour, Avec mbam quand je lance la suppression, pas de réponse. Voici le rapport avec otm All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== c:\WINDOWS\system32\wsnpoema.exe.vir moved successfully. File/Folder c:\windows\system32\reset5c.dll not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\reset5c\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Patrick ->Temp folder emptied: 76398794 bytes File delete failed. C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 34068 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 33514004 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes File delete failed. C:\WINDOWS\temp\$$$dq3e scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\$$yt7.$$ scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\$67we.$ scheduled to be deleted on reboot. Windows Temp folder emptied: 413888 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 105,28 mb OTM by OldTimer - Version 3.0.0.5 log created on 07202009_085850 Files moved on Reboot... File move failed. C:\WINDOWS\temp\$$$dq3e scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\$$yt7.$$ scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\$67we.$ scheduled to be moved on reboot. Registry entries deleted on Reboot...
  8. jojo2186
    Bonsoir, Pc lent et pas de réception ni d'envoi avec outlook Voici un rapport mbam Malwarebytes' Anti-Malware 1.38 Version de la base de données: 2297 Windows 5.1.2600 Service Pack 3 19/07/2009 21:06:59 mbam-log-2009-07-19 (21-06-49).txt Type de recherche: Examen rapide Eléments examinés: 90595 Temps écoulé: 7 minute(s), 17 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\WINDOWS\system32\wsnpoema.exe.vir (Trojan.Agent) -> No action taken.
  9. jojo2186
  10. jojo2186
    Bonsoir, Voici les rapport demandés Rapport OTM All processes killed ========== PROCESSES ========== No active process named explorer.exe was found! ========== FILES ========== C:\Program Files\Bonjour moved successfully. DllUnregisterServer procedure not found in c:\windows\system32\reset5c.dll c:\windows\system32\reset5c.dll NOT unregistered. c:\windows\system32\reset5c.dll moved successfully. ========== SERVICES/DRIVERS ========== Service\Driver Bonjour Service deleted successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\reset5c\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 49286 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Patrick ->Temp folder emptied: 172267694 bytes File delete failed. C:\Documents and Settings\Patrick\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 62389519 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 39097 bytes %systemroot%\System32 .tmp files removed: 3072 bytes File delete failed. C:\WINDOWS\temp\$$$dq3e scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\$$yt7.$$ scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\$67we.$ scheduled to be deleted on reboot. Windows Temp folder emptied: 386751 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 224,31 mb OTM by OldTimer - Version 3.0.0.5 log created on 07192009_190845 Rapport TOOLSCLEANER2 [ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\Combofix.txt: trouvé ! C:\avenger: trouvé ! C:\Qoobox: trouvé ! C:\_OTM: trouvé ! C:\Toolbar SD: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé ! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé ! C:\Documents and Settings\Patrick\Bureau\HijackThis.lnk: trouvé ! C:\Documents and Settings\Patrick\Bureau\Rapports du 18.07.09\cleannavi.txt: trouvé ! C:\Documents and Settings\Patrick\Bureau\Rapports du 18.07.09\Rapport\TB.txt: trouvé ! C:\Documents and Settings\Patrick\Bureau\Rapports du 19.07.09\hijackthis.log: trouvé ! C:\Documents and Settings\Patrick\Bureau\Telechargement\OTM.exe: trouvé ! C:\Documents and Settings\Patrick\Bureau\Telechargement\Navilog1.exe: trouvé ! C:\Documents and Settings\Patrick\Bureau\Telechargement\ComboFix.exe: trouvé ! C:\Documents and Settings\Patrick\Bureau\Telechargement\HJTInstall.exe: trouvé ! C:\Documents and Settings\Patrick\Bureau\Telechargement\ToolBarSD.exe: trouvé ! C:\Program Files\Navilog1: trouvé ! C:\Program Files\Navilog1\Navilog1.bat: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! Rapport RootRepeal ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/07/19 19:56 Program Version: Version 1.3.2.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: 1394BUS.SYS Image Path: C:\WINDOWS\System32\DRIVERS\1394BUS.SYS Address: 0xF7597000 Size: 57344 File Visible: - Signed: - Status: - Name: ABP480N5.SYS Image Path: ABP480N5.SYS Address: 0xF774F000 Size: 23552 File Visible: - Signed: - Status: - Name: ACPI.sys Image Path: ACPI.sys Address: 0xF7437000 Size: 188672 File Visible: - Signed: - Status: - Name: ACPI_HAL Image Path: \Driver\ACPI_HAL Address: 0x804D7000 Size: 2191104 File Visible: - Signed: - Status: - Name: adpu160m.sys Image Path: adpu160m.sys Address: 0xF73BE000 Size: 101888 File Visible: - Signed: - Status: - Name: aeaudio.sys Image Path: C:\WINDOWS\system32\drivers\aeaudio.sys Address: 0xF79B9000 Size: 4384 File Visible: - Signed: - Status: - Name: afd.sys Image Path: C:\WINDOWS\System32\drivers\afd.sys Address: 0xB2DED000 Size: 138496 File Visible: - Signed: - Status: - Name: agp440.sys Image Path: agp440.sys Address: 0xF75C7000 Size: 42368 File Visible: - Signed: - Status: - Name: agpCPQ.sys Image Path: agpCPQ.sys Address: 0xF75D7000 Size: 44928 File Visible: - Signed: - Status: - Name: aha154x.sys Image Path: aha154x.sys Address: 0xF789F000 Size: 12800 File Visible: - Signed: - Status: - Name: aic78u2.sys Image Path: aic78u2.sys Address: 0xF74E7000 Size: 55168 File Visible: - Signed: - Status: - Name: aic78xx.sys Image Path: aic78xx.sys Address: 0xF74B7000 Size: 56960 File Visible: - Signed: - Status: - Name: aliide.sys Image Path: aliide.sys Address: 0xF798B000 Size: 5248 File Visible: - Signed: - Status: - Name: alim1541.sys Image Path: alim1541.sys Address: 0xF75A7000 Size: 42752 File Visible: - Signed: - Status: - Name: amdagp.sys Image Path: amdagp.sys Address: 0xF75B7000 Size: 43008 File Visible: - Signed: - Status: - Name: amsint.sys Image Path: amsint.sys Address: 0xF78AB000 Size: 12032 File Visible: - Signed: - Status: - Name: arp1394.sys Image Path: C:\WINDOWS\System32\DRIVERS\arp1394.sys Address: 0xF7255000 Size: 60800 File Visible: - Signed: - Status: - Name: asc.sys Image Path: asc.sys Address: 0xF771F000 Size: 26496 File Visible: - Signed: - Status: - Name: asc3350p.sys Image Path: asc3350p.sys Address: 0xF7757000 Size: 22400 File Visible: - Signed: - Status: - Name: asc3550.sys Image Path: asc3550.sys Address: 0xF78AF000 Size: 14848 File Visible: - Signed: - Status: - Name: atapi.sys Image Path: atapi.sys Address: 0xF73D7000 Size: 96512 File Visible: - Signed: - Status: - Name: ati2cqag.dll Image Path: C:\WINDOWS\System32\ati2cqag.dll Address: 0xBFA0C000 Size: 229376 File Visible: - Signed: - Status: - Name: ati2dvag.dll Image Path: C:\WINDOWS\System32\ati2dvag.dll Address: 0xBF9D5000 Size: 225280 File Visible: - Signed: - Status: - Name: ati2mtag.sys Image Path: C:\WINDOWS\System32\DRIVERS\ati2mtag.sys Address: 0xF6AAA000 Size: 856064 File Visible: - Signed: - Status: - Name: ati3duag.dll Image Path: C:\WINDOWS\System32\ati3duag.dll Address: 0xBFA44000 Size: 2101248 File Visible: - Signed: - Status: - Name: atisgkaf.sys Image Path: atisgkaf.sys Address: 0xF78BF000 Size: 13088 File Visible: - Signed: - Status: - Name: ativvaxx.dll Image Path: C:\WINDOWS\System32\ativvaxx.dll Address: 0xBFC45000 Size: 512000 File Visible: - Signed: - Status: - Name: audstub.sys Image Path: C:\WINDOWS\System32\DRIVERS\audstub.sys Address: 0xF7AA1000 Size: 3072 File Visible: - Signed: - Status: - Name: Beep.SYS Image Path: C:\WINDOWS\System32\Drivers\Beep.SYS Address: 0xF79C5000 Size: 4224 File Visible: - Signed: - Status: - Name: BOOTVID.dll Image Path: C:\WINDOWS\system32\BOOTVID.dll Address: 0xF7897000 Size: 12288 File Visible: - Signed: - Status: - Name: Cap7134.sys Image Path: C:\WINDOWS\System32\DRIVERS\Cap7134.sys Address: 0xF69F9000 Size: 349056 File Visible: - Signed: - Status: - Name: cbidf2k.sys Image Path: cbidf2k.sys Address: 0xF78B7000 Size: 13952 File Visible: - Signed: - Status: - Name: cd20xrnt.sys Image Path: cd20xrnt.sys Address: 0xF7995000 Size: 7680 File Visible: - Signed: - Status: - Name: Cdfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Cdfs.SYS Address: 0xF7215000 Size: 63744 File Visible: - Signed: - Status: - Name: cdrom.sys Image Path: C:\WINDOWS\System32\DRIVERS\cdrom.sys Address: 0xF6E4F000 Size: 62976 File Visible: - Signed: - Status: - Name: CLASSPNP.SYS Image Path: C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS Address: 0xF7547000 Size: 53248 File Visible: - Signed: - Status: - Name: cmdide.sys Image Path: cmdide.sys Address: 0xF798D000 Size: 6656 File Visible: - Signed: - Status: - Name: cpqarray.sys Image Path: cpqarray.sys Address: 0xF789B000 Size: 14976 File Visible: - Signed: - Status: - Name: dac2w2k.sys Image Path: dac2w2k.sys Address: 0xF7392000 Size: 179584 File Visible: - Signed: - Status: - Name: dac960nt.sys Image Path: dac960nt.sys Address: 0xF78A7000 Size: 14720 File Visible: - Signed: - Status: - Name: disk.sys Image Path: disk.sys Address: 0xF7537000 Size: 36352 File Visible: - Signed: - Status: - Name: dpti2o.sys Image Path: dpti2o.sys Address: 0xF775F000 Size: 20192 File Visible: - Signed: - Status: - Name: drmk.sys Image Path: C:\WINDOWS\system32\drivers\drmk.sys Address: 0xF6E0F000 Size: 61440 File Visible: - Signed: - Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB2C24000 Size: 98304 File Visible: No Signed: - Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF79D5000 Size: 8192 File Visible: No Signed: - Status: - Name: Dxapi.sys Image Path: C:\WINDOWS\System32\drivers\Dxapi.sys Address: 0xB2FA0000 Size: 12288 File Visible: - Signed: - Status: - Name: dxg.sys Image Path: C:\WINDOWS\System32\drivers\dxg.sys Address: 0xBF9C3000 Size: 73728 File Visible: - Signed: - Status: - Name: dxgthk.sys Image Path: C:\WINDOWS\System32\drivers\dxgthk.sys Address: 0xF7B1D000 Size: 4096 File Visible: - Signed: - Status: - Name: eamon.sys Image Path: C:\WINDOWS\system32\DRIVERS\eamon.sys Address: 0xB24EB000 Size: 315392 File Visible: - Signed: - Status: - Name: easdrv.sys Image Path: C:\WINDOWS\system32\DRIVERS\easdrv.sys Address: 0xF7235000 Size: 61440 File Visible: - Signed: - Status: - Name: el90Xbc5.SYS Image Path: C:\WINDOWS\System32\DRIVERS\el90Xbc5.SYS Address: 0xF69E6000 Size: 74240 File Visible: - Signed: - Status: - Name: epfw.sys Image Path: C:\WINDOWS\system32\DRIVERS\epfw.sys Address: 0xB2AA8000 Size: 81920 File Visible: - Signed: - Status: - Name: Epfwndis.sys Image Path: C:\WINDOWS\system32\DRIVERS\Epfwndis.sys Address: 0xF6DFF000 Size: 45056 File Visible: - Signed: - Status: - Name: epfwtdi.sys Image Path: C:\WINDOWS\system32\DRIVERS\epfwtdi.sys Address: 0xB2E37000 Size: 73728 File Visible: - Signed: - Status: - Name: fdc.sys Image Path: C:\WINDOWS\System32\DRIVERS\fdc.sys Address: 0xF784F000 Size: 27392 File Visible: - Signed: - Status: - Name: Fips.SYS Image Path: C:\WINDOWS\System32\Drivers\Fips.SYS Address: 0xF76F7000 Size: 44672 File Visible: - Signed: - Status: - Name: fltmgr.sys Image Path: fltmgr.sys Address: 0xF7372000 Size: 129792 File Visible: - Signed: - Status: - Name: Fs_Rec.SYS Image Path: C:\WINDOWS\System32\Drivers\Fs_Rec.SYS Address: 0xF79C3000 Size: 7936 File Visible: - Signed: - Status: - Name: ftdisk.sys Image Path: ftdisk.sys Address: 0xF7407000 Size: 126080 File Visible: - Signed: - Status: - Name: hal.dll Image Path: C:\WINDOWS\system32\hal.dll Address: 0x806EE000 Size: 131840 File Visible: - Signed: - Status: - Name: hpn.sys Image Path: hpn.sys Address: 0xF776F000 Size: 25952 File Visible: - Signed: - Status: - Name: HPZid412.sys Image Path: C:\WINDOWS\system32\DRIVERS\HPZid412.sys Address: 0xF7205000 Size: 49920 File Visible: - Signed: - Status: - Name: HPZipr12.sys Image Path: C:\WINDOWS\system32\DRIVERS\HPZipr12.sys Address: 0xB2FBC000 Size: 16224 File Visible: - Signed: - Status: - Name: HPZius12.sys Image Path: C:\WINDOWS\system32\DRIVERS\HPZius12.sys Address: 0xF77E7000 Size: 21568 File Visible: - Signed: - Status: - Name: HTTP.sys Image Path: C:\WINDOWS\System32\Drivers\HTTP.sys Address: 0xB1C88000 Size: 264832 File Visible: - Signed: - Status: - Name: i2omgmt.SYS Image Path: C:\WINDOWS\System32\Drivers\i2omgmt.SYS Address: 0xF7199000 Size: 8576 File Visible: - Signed: - Status: - Name: i2omp.sys Image Path: i2omp.sys Address: 0xF772F000 Size: 18560 File Visible: - Signed: - Status: - Name: i8042prt.sys Image Path: C:\WINDOWS\System32\DRIVERS\i8042prt.sys Address: 0xF6E2F000 Size: 54144 File Visible: - Signed: - Status: - Name: imapi.sys Image Path: C:\WINDOWS\System32\DRIVERS\imapi.sys Address: 0xF6E5F000 Size: 42112 File Visible: - Signed: - Status: - Name: ini910u.sys Image Path: ini910u.sys Address: 0xF78B3000 Size: 16000 File Visible: - Signed: - Status: - Name: intelide.sys Image Path: intelide.sys Address: 0xF7993000 Size: 5504 File Visible: - Signed: - Status: - Name: intelppm.sys Image Path: C:\WINDOWS\System32\DRIVERS\intelppm.sys Address: 0xF6E6F000 Size: 40576 File Visible: - Signed: - Status: - Name: ipnat.sys Image Path: C:\WINDOWS\System32\DRIVERS\ipnat.sys Address: 0xB2D2C000 Size: 152832 File Visible: - Signed: - Status: - Name: ipsec.sys Image Path: C:\WINDOWS\System32\DRIVERS\ipsec.sys Address: 0xB2EA2000 Size: 75264 File Visible: - Signed: - Status: - Name: isapnp.sys Image Path: isapnp.sys Address: 0xF7487000 Size: 37632 File Visible: - Signed: - Status: - Name: kbdclass.sys Image Path: C:\WINDOWS\System32\DRIVERS\kbdclass.sys Address: 0xF7857000 Size: 25216 File Visible: - Signed: - Status: - Name: KDCOM.DLL Image Path: C:\WINDOWS\system32\KDCOM.DLL Address: 0xF7987000 Size: 8192 File Visible: - Signed: - Status: - Name: ks.sys Image Path: C:\WINDOWS\System32\DRIVERS\ks.sys Address: 0xF6A4F000 Size: 143360 File Visible: - Signed: - Status: - Name: KSecDD.sys Image Path: KSecDD.sys Address: 0xF7349000 Size: 92288 File Visible: - Signed: - Status: - Name: mnmdd.SYS Image Path: C:\WINDOWS\System32\Drivers\mnmdd.SYS Address: 0xF79C7000 Size: 4224 File Visible: - Signed: - Status: - Name: Modem.SYS Image Path: C:\WINDOWS\System32\Drivers\Modem.SYS Address: 0xF7867000 Size: 30336 File Visible: - Signed: - Status: - Name: mouclass.sys Image Path: C:\WINDOWS\System32\DRIVERS\mouclass.sys Address: 0xF785F000 Size: 23680 File Visible: - Signed: - Status: - Name: MountMgr.sys Image Path: MountMgr.sys Address: 0xF7497000 Size: 42368 File Visible: - Signed: - Status: - Name: mraid35x.sys Image Path: mraid35x.sys Address: 0xF7727000 Size: 17280 File Visible: - Signed: - Status: - Name: mrxdav.sys Image Path: C:\WINDOWS\System32\DRIVERS\mrxdav.sys Address: 0xB2560000 Size: 180608 File Visible: - Signed: - Status: - Name: mrxsmb.sys Image Path: C:\WINDOWS\System32\DRIVERS\mrxsmb.sys Address: 0xB2D52000 Size: 455296 File Visible: - Signed: - Status: - Name: Msfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Msfs.SYS Address: 0xF77AF000 Size: 19072 File Visible: - Signed: - Status: - Name: msgpc.sys Image Path: C:\WINDOWS\System32\DRIVERS\msgpc.sys Address: 0xF7637000 Size: 35072 File Visible: - Signed: - Status: - Name: mssmbios.sys Image Path: C:\WINDOWS\System32\DRIVERS\mssmbios.sys Address: 0xF7967000 Size: 15488 File Visible: - Signed: - Status: - Name: Mtlmnt5.sys Image Path: C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys Address: 0xF68AE000 Size: 126688 File Visible: - Signed: - Status: - Name: Mup.sys Image Path: Mup.sys Address: 0xF7275000 Size: 105344 File Visible: - Signed: - Status: - Name: NDIS.sys Image Path: NDIS.sys Address: 0xF728F000 Size: 182656 File Visible: - Signed: - Status: - Name: ndistapi.sys Image Path: C:\WINDOWS\System32\DRIVERS\ndistapi.sys Address: 0xF795F000 Size: 10112 File Visible: - Signed: - Status: - Name: ndisuio.sys Image Path: C:\WINDOWS\System32\DRIVERS\ndisuio.sys Address: 0xB2B10000 Size: 14592 File Visible: - Signed: - Status: - Name: ndiswan.sys Image Path: C:\WINDOWS\System32\DRIVERS\ndiswan.sys Address: 0xF6897000 Size: 91520 File Visible: - Signed: - Status: - Name: NDProxy.SYS Image Path: C:\WINDOWS\System32\Drivers\NDProxy.SYS Address: 0xF7657000 Size: 40576 File Visible: - Signed: - Status: - Name: netbios.sys Image Path: C:\WINDOWS\System32\DRIVERS\netbios.sys Address: 0xF76B7000 Size: 34688 File Visible: - Signed: - Status: - Name: netbt.sys Image Path: C:\WINDOWS\System32\DRIVERS\netbt.sys Address: 0xB2E0F000 Size: 162816 File Visible: - Signed: - Status: - Name: nic1394.sys Image Path: C:\WINDOWS\System32\DRIVERS\nic1394.sys Address: 0xF76C7000 Size: 61824 File Visible: - Signed: - Status: - Name: Npfs.SYS Image Path: C:\WINDOWS\System32\Drivers\Npfs.SYS Address: 0xF77B7000 Size: 30848 File Visible: - Signed: - Status: - Name: Ntfs.sys Image Path: Ntfs.sys Address: 0xF72BC000 Size: 574976 File Visible: - Signed: - Status: - Name: ntoskrnl.exe Image Path: C:\WINDOWS\system32\ntoskrnl.exe Address: 0x804D7000 Size: 2191104 File Visible: - Signed: - Status: - Name: Null.SYS Image Path: C:\WINDOWS\System32\Drivers\Null.SYS Address: 0xF7BDE000 Size: 2944 File Visible: - Signed: - Status: - Name: ohci1394.sys Image Path: ohci1394.sys Address: 0xF7587000 Size: 61696 File Visible: - Signed: - Status: - Name: PartMgr.sys Image Path: PartMgr.sys Address: 0xF770F000 Size: 19712 File Visible: - Signed: - Status: - Name: pci.sys Image Path: pci.sys Address: 0xF7426000 Size: 68608 File Visible: - Signed: - Status: - Name: pciide.sys Image Path: pciide.sys Address: 0xF7A4F000 Size: 3328 File Visible: - Signed: - Status: - Name: PCIIDEX.SYS Image Path: C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS Address: 0xF7707000 Size: 28672 File Visible: - Signed: - Status: - Name: perc2.sys Image Path: perc2.sys Address: 0xF7767000 Size: 27296 File Visible: - Signed: - Status: - Name: perc2hib.sys Image Path: perc2hib.sys Address: 0xF7997000 Size: 5504 File Visible: - Signed: - Status: - Name: PhTVTune.sys Image Path: C:\WINDOWS\System32\DRIVERS\PhTVTune.sys Address: 0xF7787000 Size: 24608 File Visible: - Signed: - Status: - Name: PnpManager Image Path: \Driver\PnpManager Address: 0x804D7000 Size: 2191104 File Visible: - Signed: - Status: - Name: portcls.sys Image Path: C:\WINDOWS\system32\drivers\portcls.sys Address: 0xF6930000 Size: 147456 File Visible: - Signed: - Status: - Name: psched.sys Image Path: C:\WINDOWS\System32\DRIVERS\psched.sys Address: 0xF6886000 Size: 69120 File Visible: - Signed: - Status: - Name: ptilink.sys Image Path: C:\WINDOWS\System32\DRIVERS\ptilink.sys Address: 0xF7877000 Size: 17792 File Visible: - Signed: - Status: - Name: PxHelp20.sys Image Path: PxHelp20.sys Address: 0xF7557000 Size: 35712 File Visible: - Signed: - Status: - Name: ql1080.sys Image Path: ql1080.sys Address: 0xF7507000 Size: 40320 File Visible: - Signed: - Status: - Name: ql10wnt.sys Image Path: ql10wnt.sys Address: 0xF74C7000 Size: 33152 File Visible: - Signed: - Status: - Name: ql12160.sys Image Path: ql12160.sys Address: 0xF7527000 Size: 45312 File Visible: - Signed: - Status: - Name: ql1240.sys Image Path: ql1240.sys Address: 0xF74D7000 Size: 40448 File Visible: - Signed: - Status: - Name: ql1280.sys Image Path: ql1280.sys Address: 0xF7517000 Size: 49024 File Visible: - Signed: - Status: - Name: rasacd.sys Image Path: C:\WINDOWS\System32\DRIVERS\rasacd.sys Address: 0xF7195000 Size: 8832 File Visible: - Signed: - Status: - Name: rasl2tp.sys Image Path: C:\WINDOWS\System32\DRIVERS\rasl2tp.sys Address: 0xF6DEF000 Size: 51328 File Visible: - Signed: - Status: - Name: raspppoe.sys Image Path: C:\WINDOWS\System32\DRIVERS\raspppoe.sys Address: 0xF7617000 Size: 41472 File Visible: - Signed: - Status: - Name: raspptp.sys Image Path: C:\WINDOWS\System32\DRIVERS\raspptp.sys Address: 0xF7627000 Size: 48384 File Visible: - Signed: - Status: - Name: raspti.sys Image Path: C:\WINDOWS\System32\DRIVERS\raspti.sys Address: 0xF787F000 Size: 16512 File Visible: - Signed: - Status: - Name: RAW Image Path: \FileSystem\RAW Address: 0x804D7000 Size: 2191104 File Visible: - Signed: - Status: - Name: rdbss.sys Image Path: C:\WINDOWS\System32\DRIVERS\rdbss.sys Address: 0xB2DC2000 Size: 175744 File Visible: - Signed: - Status: - Name: RDPCDD.sys Image Path: C:\WINDOWS\System32\DRIVERS\RDPCDD.sys Address: 0xF79C9000 Size: 4224 File Visible: - Signed: - Status: - Name: RecAgent.sys Image Path: RecAgent.sys Address: 0xF78BB000 Size: 13824 File Visible: - Signed: - Status: - Name: redbook.sys Image Path: C:\WINDOWS\System32\DRIVERS\redbook.sys Address: 0xF6E3F000 Size: 58752 File Visible: - Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB1FB1000 Size: 49152 File Visible: No Signed: - Status: - Name: SCSIPORT.SYS Image Path: C:\WINDOWS\System32\DRIVERS\SCSIPORT.SYS Address: 0xF73EF000 Size: 98304 File Visible: - Signed: - Status: - Name: sisagp.sys Image Path: sisagp.sys Address: 0xF7567000 Size: 40960 File Visible: - Signed: - Status: - Name: slntamr.sys Image Path: C:\WINDOWS\System32\DRIVERS\slntamr.sys Address: 0xF68CD000 Size: 404768 File Visible: - Signed: - Status: - Name: SlWdmSup.sys Image Path: C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys Address: 0xF7957000 Size: 13152 File Visible: - Signed: - Status: - Name: smwdm.sys Image Path: C:\WINDOWS\system32\drivers\smwdm.sys Address: 0xF6954000 Size: 594048 File Visible: - Signed: - Status: - Name: sparrow.sys Image Path: sparrow.sys Address: 0xF7717000 Size: 19072 File Visible: - Signed: - Status: - Name: sr.sys Image Path: sr.sys Address: 0xF7360000 Size: 73600 File Visible: - Signed: - Status: - Name: srv.sys Image Path: C:\WINDOWS\System32\DRIVERS\srv.sys Address: 0xB23A9000 Size: 333952 File Visible: - Signed: - Status: - Name: STREAM.SYS Image Path: C:\WINDOWS\System32\DRIVERS\STREAM.SYS Address: 0xF6E1F000 Size: 53248 File Visible: - Signed: - Status: - Name: swenum.sys Image Path: C:\WINDOWS\System32\DRIVERS\swenum.sys Address: 0xF79BB000 Size: 4352 File Visible: - Signed: - Status: - Name: sym_hi.sys Image Path: sym_hi.sys Address: 0xF773F000 Size: 28384 File Visible: - Signed: - Status: - Name: sym_u3.sys Image Path: sym_u3.sys Address: 0xF7747000 Size: 30688 File Visible: - Signed: - Status: - Name: symc810.sys Image Path: symc810.sys Address: 0xF78A3000 Size: 16256 File Visible: - Signed: - Status: - Name: symc8xx.sys Image Path: symc8xx.sys Address: 0xF7737000 Size: 32640 File Visible: - Signed: - Status: - Name: sysaudio.sys Image Path: C:\WINDOWS\system32\drivers\sysaudio.sys Address: 0xB2BDC000 Size: 60800 File Visible: - Signed: - Status: - Name: tcpip.sys Image Path: C:\WINDOWS\System32\DRIVERS\tcpip.sys Address: 0xB2E49000 Size: 361600 File Visible: - Signed: - Status: - Name: TDI.SYS Image Path: C:\WINDOWS\System32\DRIVERS\TDI.SYS Address: 0xF786F000 Size: 20480 File Visible: - Signed: - Status: - Name: termdd.sys Image Path: C:\WINDOWS\System32\DRIVERS\termdd.sys Address: 0xF7647000 Size: 40704 File Visible: - Signed: - Status: - Name: toside.sys Image Path: toside.sys Address: 0xF798F000 Size: 4992 File Visible: - Signed: - Status: - Name: ultra.sys Image Path: ultra.sys Address: 0xF74F7000 Size: 36736 File Visible: - Signed: - Status: - Name: update.sys Image Path: C:\WINDOWS\System32\DRIVERS\update.sys Address: 0xF6828000 Size: 384768 File Visible: - Signed: - Status: - Name: usbccgp.sys Image Path: C:\WINDOWS\System32\DRIVERS\usbccgp.sys Address: 0xF778F000 Size: 32128 File Visible: - Signed: - Status: - Name: USBD.SYS Image Path: C:\WINDOWS\System32\DRIVERS\USBD.SYS Address: 0xF79C1000 Size: 8192 File Visible: - Signed: - Status: - Name: usbehci.sys Image Path: C:\WINDOWS\System32\DRIVERS\usbehci.sys Address: 0xF7847000 Size: 30208 File Visible: - Signed: - Status: - Name: usbhub.sys Image Path: C:\WINDOWS\System32\DRIVERS\usbhub.sys Address: 0xF7687000 Size: 59520 File Visible: - Signed: - Status: - Name: usbohci.sys Image Path: C:\WINDOWS\System32\DRIVERS\usbohci.sys Address: 0xF783F000 Size: 17152 File Visible: - Signed: - Status: - Name: USBPORT.SYS Image Path: C:\WINDOWS\System32\DRIVERS\USBPORT.SYS Address: 0xF6A72000 Size: 147456 File Visible: - Signed: - Status: - Name: usbprint.sys Image Path: C:\WINDOWS\System32\DRIVERS\usbprint.sys Address: 0xF77BF000 Size: 25856 File Visible: - Signed: - Status: - Name: usbscan.sys Image Path: C:\WINDOWS\System32\DRIVERS\usbscan.sys Address: 0xF793B000 Size: 15104 File Visible: - Signed: - Status: - Name: USBSTOR.SYS Image Path: C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS Address: 0xF7797000 Size: 26368 File Visible: - Signed: - Status: - Name: vga.sys Image Path: C:\WINDOWS\System32\drivers\vga.sys Address: 0xF77A7000 Size: 20992 File Visible: - Signed: - Status: - Name: viaagp.sys Image Path: viaagp.sys Address: 0xF7577000 Size: 42240 File Visible: - Signed: - Status: - Name: viaide.sys Image Path: viaide.sys Address: 0xF7991000 Size: 5376 File Visible: - Signed: - Status: - Name: VIDEOPRT.SYS Image Path: C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS Address: 0xF6A96000 Size: 81920 File Visible: - Signed: - Status: - Name: VolSnap.sys Image Path: VolSnap.sys Address: 0xF74A7000 Size: 53376 File Visible: - Signed: - Status: - Name: wanarp.sys Image Path: C:\WINDOWS\System32\DRIVERS\wanarp.sys Address: 0xF7265000 Size: 34560 File Visible: - Signed: - Status: - Name: watchdog.sys Image Path: C:\WINDOWS\System32\watchdog.sys Address: 0xF77C7000 Size: 20480 File Visible: - Signed: - Status: - Name: wdmaud.sys Image Path: C:\WINDOWS\system32\drivers\wdmaud.sys Address: 0xB283B000 Size: 83072 File Visible: - Signed: - Status: - Name: Win32k Image Path: \Driver\Win32k Address: 0xBF800000 Size: 1847296 File Visible: - Signed: - Status: - Name: win32k.sys Image Path: C:\WINDOWS\System32\win32k.sys Address: 0xBF800000 Size: 1847296 File Visible: - Signed: - Status: - Name: WMILIB.SYS Image Path: C:\WINDOWS\System32\DRIVERS\WMILIB.SYS Address: 0xF7989000 Size: 8192 File Visible: - Signed: - Status: - Name: WMIxWDM Image Path: \Driver\WMIxWDM Address: 0x804D7000 Size: 2191104 File Visible: - Signed: - Status: -
  11. jojo2186
    Voici enfin un rapport généré par Mbam. Malwarebytes' Anti-Malware 1.38 Version de la base de données: 2297 Windows 5.1.2600 Service Pack 3 19/07/2009 18:47:15 mbam-log-2009-07-19 (18-47-08).txt Type de recherche: Examen rapide Eléments examinés: 90857 Temps écoulé: 5 minute(s), 23 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\reset5c.dll (Trojan.Agent) -> No action taken. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\reset5c.dll (Trojan.Agent) -> No action taken. c:\WINDOWS\system32\wsnpoema.exe.vir (Trojan.Agent) -> No action taken.
  12. jojo2186
    Avec Mbam après avoir fait supprimer la sélection, le sablier reste actif et aucune fonction possible. Ci joint le rapport hijackthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:13:14, on 19/07/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\dwwin.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Malwarebytes' Anti-Malware\winlogon.exe C:\WINDOWS\system32\dwwin.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=1607 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing) O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Mémento.lnk = C:\quickenw\billmind.exe O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify: reset5c - C:\WINDOWS\SYSTEM32\reset5c.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 8544 bytes
  13. jojo2186
    Bonjour, Voici le rapport généré par combofix ComboFix 09-07-14.08 - Patrick 19/07/2009 14:35.1.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.383.142 [GMT 2:00] Running from: c:\documents and settings\Patrick\Bureau\Telechargement\ComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: Pare-feu personnel d'ESET *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Patrick\Application Data\wiaserva.log c:\recycler\S-1-5-21-4282460846-2908697428-2406450229-1003 c:\windows\Installer\13971.msi c:\windows\Installer\1398b.msi c:\windows\ld08.exe c:\windows\sonce122688.dat c:\windows\sonce122730.dat c:\windows\sonce123148.dat c:\windows\st_1243015120.exe c:\windows\system32\Ati2evxx.dll c:\windows\system32\drivers\wsnpoem.sys c:\windows\system32\wbem\proquota.exe c:\windows\system32\wsnpoema c:\windows\system32\wsnpoema\audio.dll c:\windows\system32\wsnpoema\audio.dll.cla c:\windows\system32\wsnpoema\video.dll c:\windows\system32\grpconv.exe . . . is missing!! c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WSNPOEM.SYS -------\Service_wsnpoem.sys ((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 ))))))))))))))))))))))))))))))) . 2009-07-19 12:41 . 2008-04-14 02:34 50688 ----a-w- c:\windows\system32\proquota.exe 2009-07-19 12:41 . 2008-04-14 02:34 50688 ----a-w- c:\windows\system32\dllcache\proquota.exe 2009-07-18 18:10 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-18 18:10 . 2009-07-19 08:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-18 18:10 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-18 17:43 . 2009-07-18 18:00 -------- d-----w- c:\program files\Navilog1 2009-07-18 16:38 . 2009-07-18 17:33 -------- d-----w- C:\ToolBar SD 2009-07-18 06:58 . 2009-07-18 06:58 -------- d-----w- c:\documents and settings\Patrick\Application Data\Malwarebytes 2009-07-18 06:58 . 2009-07-18 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-18 06:53 . 2009-07-18 06:53 -------- d-----w- c:\program files\Trend Micro 2009-07-17 15:50 . 2009-07-18 07:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-07 11:40 . 2008-04-14 02:34 8704 ----a-w- c:\windows\system32\reset5c.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-17 10:47 . 2008-11-10 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-07-15 15:30 . 2008-11-10 09:09 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-15 12:17 . 2008-09-16 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-07-14 11:02 . 2009-04-01 16:54 -------- d-----w- c:\documents and settings\Patrick\Application Data\HPAppData 2009-07-14 09:16 . 2008-09-13 10:20 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-13 19:36 . 2008-09-13 10:20 -------- d-----w- c:\program files\Fichiers communs\InstallShield 2009-07-13 19:33 . 2008-11-08 17:38 -------- d-----w- c:\program files\FrostWire 2009-06-19 06:23 . 2009-06-19 06:20 119515 ----a-w- c:\windows\hpqins00.dat 2009-06-16 14:40 . 2002-09-30 10:49 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-16 14:40 . 2002-09-30 10:49 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-13 20:16 . 2008-11-15 07:05 -------- d-----w- c:\program files\FlashGet 2009-06-03 19:10 . 2005-08-30 07:26 1297408 ----a-w- c:\windows\system32\quartz.dll 2009-05-07 15:33 . 2002-09-30 10:49 348672 ----a-w- c:\windows\system32\localspl.dll 2009-04-29 04:45 . 2006-06-23 11:28 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:45 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll 2008-09-19 11:55 . 2008-09-19 11:55 15397 ----a-w- c:\program files\settings.dat 2009-06-12 08:46 . 2008-09-13 11:56 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll 2008-04-14 02:33 . 2002-09-30 10:48 617472 --sha-w- c:\windows\system32\comctl32.dll 2008-04-14 02:33 . 2002-09-30 10:49 1028096 --sha-w- c:\windows\system32\mfc42.dll 2002-08-30 11:00 . 2002-09-30 10:49 57344 --sha-w- c:\windows\system32\mfc42loc.dll 2008-04-14 02:33 . 2002-09-30 10:49 413696 --sha-w- c:\windows\system32\msvcp60.dll 2008-04-14 02:33 . 2002-09-30 10:49 343040 --sha-w- c:\windows\system32\msvcrt.dll 2002-08-30 11:00 . 2002-09-30 10:49 253952 --sha-w- c:\windows\system32\msvcrt20.dll 2008-04-14 02:33 . 2008-09-13 10:22 30749 --sha-w- c:\windows\system32\vbajet32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-05 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 172544] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360] Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] M‚mento.lnk - c:\quickenw\billmind.exe [2008-9-13 25600] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\reset5c] 2008-04-14 02:34 8704 ----a-w- c:\windows\system32\reset5c.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "%windir%\\system32\\lsass.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6081:TCP"= 6081:TCP:RPC R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [18/08/2008 14:25 468224] R3 PhTVTune;ASUS WDM TV Tuner;c:\windows\system32\drivers\PhTVTune.sys [01/01/1980 24608] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2009-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file) HKLM-Run-brastia - brastia.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.ask.com?o=1607 mWindow Title = uInternet Settings,ProxyOverride = *.local IE: &Tout télécharger avec FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Télécharger avec FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html FF - ProfilePath - c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\1lhspziz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Live Search FF - prefs.js: browser.startup.homepage - http:/www.google.fr FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA2&q= FF - component: c:\documents and settings\Patrick\Application Data\Mozilla\Firefox\Profiles\1lhspziz.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true. ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-19 14:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime] "ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(744) c:\windows\system32\reset5c.dll - - - - - - - > 'lsass.exe'(800) c:\windows\system32\reset5c.dll c:\program files\Bonjour\mdnsNSP.dll - - - - - - - > 'explorer.exe'(2376) c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\windows\system32\wdfmgr.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\HP\Digital Imaging\bin\hpqbam08.exe c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe c:\windows\system32\dwwin.exe . ************************************************************************** . Completion time: 2009-07-19 14:53 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-19 12:52 Pre-Run: 121 696 342 016 octets libres Post-Run: 121 874 219 008 octets libres 193 --- E O F --- 2009-07-15 12:17
  14. jojo2186
    Bonjour, A la fin de l'analyse, MBAM a trouvé 22 fichiers infectés et est resté bloqué. Aucune suppression n'a été effectuée.
  15. jojo2186
    Bonsoir, et surtout merci beaucoup pour cette aide. Ci joint 3 rapports. Sur le 3éme rapport (Malware'bytes c'est bloquer quand j'ai cliqué sur suprimer la sélection) Rapport TOOLBAR -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz ) BIOS : BIOS Date: 04/08/04 16:18:42 Ver: 08.00.09 USER : Administrateur ( Administrator ) BOOT : Fail-safe boot Antivirus : ESET Smart Security 3.0 3.0 (Activated) Firewall : Pare-feu personnel d'ESET 3.0.672.0 (Activated) C:\ (Local Disk) - NTFS - Total:149 Go (Free:112 Go) D:\ (CD or DVD) E:\ (USB) F:\ (USB) G:\ (USB) H:\ (USB) "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 ) Option : [2] ( 18/07/2009|19:32 ) -----------\\ SUPPRESSION Supprime! - C:\Program Files\AskSBar\bar Supprime! - C:\Program Files\AskSBar\SrchAstt Supprime! - C:\Program Files\RXToolbar\graphics Supprime! - C:\Program Files\RXToolbar\HTML Supprime! - C:\Program Files\RXToolbar\rx.xml Supprime! - C:\Program Files\RXToolbar\rxtoolbar.cfg Supprime! - C:\Program Files\RXToolbar\rxwebsearches.xsl Supprime! - C:\Program Files\RXToolbar\sfcont.bin Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll Supprime! - C:\Program Files\AskSBar Supprime! - C:\Program Files\RXToolbar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (Patrick) - {0b38152b-1b20-484d-a11f-5e04a9b0661f} => winamptoolbar (Patrick) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\System32\\blank.htm" "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/"'>http://www.msn.com/" --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! 1 - "C:\ToolBar SD\TB_1.txt" - 18/07/2009|19:31 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 18/07/2009|19:33 - Option : [2] -----------\\ Fin du rapport a 19:33:41,15 Rapport NAVILOG Fix Navipromo version 4.0.1 commencé le 18/07/2009 19:44:31,54 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! Outil exécuté depuis C:\Program Files\navilog1 Mise à jour le 18.07.2009 à 11h00 par IL-MAFIOSO Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3 X86-based PC ( Uniprocessor Free : Intel® Pentium® 4 CPU 2.80GHz ) BIOS : BIOS Date: 04/08/04 16:18:42 Ver: 08.00.09 USER : Patrick ( Administrator ) BOOT : Normal boot Antivirus : ESET Smart Security 3.0 3.0 (Not Activated) Firewall : Pare-feu personnel d'ESET 3.0.672.0 (Activated) C:\ (Local Disk) - NTFS - Total:149 Go (Free:112 Go) D:\ (CD or DVD) E:\ (USB) F:\ (USB) G:\ (USB) H:\ (USB) Recherche executée en mode normal Nettoyage exécuté au redémarrage de l'ordinateur C:\Documents and Settings\Patrick\locals~1\applic~1\cqwku.dat supprimé ! C:\Documents and Settings\Patrick\locals~1\applic~1\cqwku_nav.dat supprimé ! C:\Documents and Settings\Patrick\locals~1\applic~1\cqwku_navps.dat supprimé ! Nettoyage contenu C:\WINDOWS\Temp effectué ! Nettoyage contenu C:\Documents and Settings\Patrick\locals~1\Temp effectué ! *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat OOO-Favorit supprimé ! *** Scan terminé 18/07/2009 20:00:13,42 *** RAPPORT MALWARE Malwarebytes' Anti-Malware 1.38 Version de la base de données: 2297 Windows 5.1.2600 Service Pack 3 18/07/2009 20:22:18 mbam-log-2009-07-18 (20-22-13).txt Type de recherche: Examen rapide Eléments examinés: 90416 Temps écoulé: 5 minute(s), 10 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 13 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\reset5c.dll (Trojan.Agent) -> No action taken. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wsnpoem.sys (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wsnpoem.sys (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wsnpoem.sys (Trojan.Agent) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastia (Trojan.FakeAlert) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\WINDOWS\system32\wsnpoema (Trojan.Agent) -> No action taken. Fichier(s) infecté(s): c:\WINDOWS\system32\wbem\proquota.exe (Trojan.Agent) -> No action taken. c:\WINDOWS\system32\wsnpoema\audio.dll (Trojan.Agent) -> No action taken. c:\WINDOWS\system32\wsnpoema\audio.dll.cla (Trojan.Agent) -> No action taken. c:\WINDOWS\system32\wsnpoema\video.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\reset5c.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\ld08.exe (Worm.Koobface) -> No action taken. c:\WINDOWS\st_1243015120.exe (Backdoor.Bot) -> No action taken. c:\WINDOWS\system32\wsnpoema.exe.vir (Trojan.Agent) -> No action taken. c:\WINDOWS\sonce122688.dat (Worm.KoobFace) -> No action taken. c:\WINDOWS\sonce122730.dat (Worm.KoobFace) -> No action taken. c:\WINDOWS\sonce123148.dat (Worm.KoobFace) -> No action taken. c:\documents and settings\Patrick\Application Data\wiaserva.log (Malware.Trace) -> No action taken. c:\WINDOWS\system32\drivers\wsnpoem.sys (Trojan.Agent) -> No action taken. A bientôt
×
×
  • Créer...