TopAuto
-
Compteur de contenus
30 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par TopAuto
-
-
Oui AVG antivirus a déjà été desinstallé
Voilà le rapport généré par bitdefender
BitDefender Online ScannerRapport d'analyse généré à: Sun, Mar 09, 2008 - 16:02:56
Voie d'analyse: C:\;D:\;E:\;F:\;
Statistiques
Temps
00:30:22
Fichiers
80037
Directoires
10689
Secteurs de boot
4
Archives
1250
Paquets programmes
8120
Résultats
Virus identifiés
0
Fichiers infectés
0
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
0
Info sur les moteurs
Définition virus
986236
Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Analyse des plugins
16
Archive des plugins
41
Unpack des plugins
7
E-mail plugins
6
Système plugins
5
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;pp
t;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm
;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
Aucun virus trouvé.
voilà,
-
Bonour,
Voilà le rapport avec AVG antispyware:
---------------------------------------------------------AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 13:48:06 09/03/2008
+ Résultat de l'analyse:
HKU\S-1-5-21-2439484334-113813425-788527580-1009\Software\Microsoft\Internet Explorer\SearchScopes\{D49E9D35-254C-4c6a-9D17-95018D228FF5} -> Adware.Starware : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.113:C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.153:C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Laurence\Cookies\laurence@3.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Laurence\Cookies\laurence@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.122:C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.186:C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.74:C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.201:C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\Laurence\Cookies\laurence@idot[1].txt -> TrackingCookie.Idot : Nettoyé.
:mozilla.131:C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.132:C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
C:\Documents and Settings\Laurence\Cookies\laurence@france.real[2].txt -> TrackingCookie.Real : Nettoyé.
:mozilla.71:C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.72:C:\Documents and Settings\Laurence\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
C:\Documents and Settings\Laurence\Cookies\laurence@h.starware[1].txt -> TrackingCookie.Starware : Nettoyé.
C:\Documents and Settings\Laurence\Cookies\laurence@try.starware[2].txt -> TrackingCookie.Starware : Nettoyé.
C:\Documents and Settings\Laurence\Cookies\laurence@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Nettoyé.
Fin du rapport
voilà et le scan bitdefender en cours..
-
Tu as bien téléchargé AVG antispyware (et non antivirus) n'est-ce pas ?
Le lien 01net.com ne fonctionnait pas; je pense qu'il y a eu erreur effectivement (antivirus et pas antispyware)
:P bon on est reparti pour un scan sur AVG Antispyware cette fois ci
et scan bitdefender en cours
merci
-
Resultat AVG:
"L'Analyse ""Analyse complète"" est terminée.""Infections détectées :";"1"
"Objets infectés supprimés ou réparés";"1"
"Objets non supprimés ou réparés";"0"
"Spywares détectés :";"0"
"Spywares supprimés :";"0"
"Spywares non supprimés :";"0"
"Nombre d'avertissements :";"57"
"Nb d'informations :";"0"
"Analyse démarrée :";"samedi 8 mars 2008, 21:39:47"
"Total des objets analysés :";"650383"
"Temps d'analyse :";"1 heure(s) 13 minute(s) 11 seconde(s) "
"Erreurs détectées :";"0"
"Infections"
"Fichier";"Infection";"Résultat"
"C:\Documents and Settings\Admin\Local Settings\Temp\services.exe";"Virus identifié Win32/Heur";"Placé en quarantaine"
"Avertissements"
"Fichier";"Infection";"Résultat"
"HKLM\SOFTWARE\Classes\CLSID\{C7310572-AC80-11D1-8DF3-00C04FB6EF4F}\InprocServer32\\";"Détection de : Adware.RogueSuspect ";"Placé en quarantaine"
"HKLM\SOFTWARE\Classes\Interface\{63C642E0-CD37-11D1-9D47-00A0C9251384}\ProxyStubClsid\\";"Détection de : Adware.RogueSuspect ";"Placé en quarantaine"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{0EDC6C20-A31C-11DB-8AB9-0800200C9A66}";"Détection de : Adware.RogueSuspect ";"Placé en quarantaine"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3AAC4C68-AFC8-11DB-80EF-8AF955D89593}";"Détection de : Adware.RogueSuspect ";"Placé en quarantaine"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\estat.com.efda7a5a";"Détection de : Tracking cookie.Estat ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\overture.com.8e32a996";"Détection de : Tracking cookie.Overture ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\advertising.com.203aa218";"Détection de : Tracking cookie.Advertising ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\advertising.com.b624fa46";"Détection de : Tracking cookie.Advertising ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\bluestreak.com.bf396750";"Détection de : Tracking cookie.Bluestreak ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\2o7.net.6ee87ebe";"Détection de : Tracking cookie.2o7 ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\2o7.net.cfda91a2";"Détection de : Tracking cookie.2o7 ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\doubleclick.net.bf396750";"Détection de : Tracking cookie.Doubleclick ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\bs.serving-sys.com.5bf1f00f";"Détection de : Tracking cookie.Serving-sys ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\serving-sys.com.606c3d3b";"Détection de : Tracking cookie.Serving-sys ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\serving-sys.com.400f83f";"Détection de : Tracking cookie.Serving-sys ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\serving-sys.com.6a1cf9e8";"Détection de : Tracking cookie.Serving-sys ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\serving-sys.com.255d6f2f";"Détection de : Tracking cookie.Serving-sys ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\serving-sys.com.4b416ef8";"Détection de : Tracking cookie.Serving-sys ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\serving-sys.com.c9034af6";"Détection de : Tracking cookie.Serving-sys ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\bs.serving-sys.com.46763078";"Détection de : Tracking cookie.Serving-sys ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\revenue.net.bcf44ea1";"Détection de : Tracking cookie.Revenue ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\ad.yieldmanager.com.b68f2b7b";"Détection de : Tracking cookie.Yieldmanager ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\ad.yieldmanager.com.539b0606";"Détection de : Tracking cookie.Yieldmanager ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\ad.yieldmanager.com.e762f029";"Détection de : Tracking cookie.Yieldmanager ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\searchportal.information.com.3a8d7204";"Détection de : Tracking cookie.Information ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\tradedoubler.com.ba12c0e9";"Détection de : Tracking cookie.Tradedoubler ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\tradedoubler.com.eab0972e";"Détection de : Tracking cookie.Tradedoubler ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\atdmt.com.b3e33b5f";"Détection de : Tracking cookie.Atdmt ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\media.adrevolver.com.2be00b0";"Détection de : Tracking cookie.Adrevolver ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\media.adrevolver.com.57f415b5";"Détection de : Tracking cookie.Adrevolver ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\adrevolver.com.f6cfcad4";"Détection de : Tracking cookie.Adrevolver ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\media.adrevolver.com.5fed601d";"Détection de : Tracking cookie.Adrevolver ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\media.adrevolver.com.539b0606";"Détection de : Tracking cookie.Adrevolver ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\adrevolver.com.4a719aa9";"Détection de : Tracking cookie.Adrevolver ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\weborama.fr.30104bcb";"Détection de : Tracking cookie.Weborama ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\statse.webtrendslive.com.b4ca7df0";"Détection de : Tracking cookie.Webtrendslive ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\smartadserver.com.5550c4ed";"Détection de : Tracking cookie.Smartadserver ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\smartadserver.com.321a5cf8";"Détection de : Tracking cookie.Smartadserver ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\smartadserver.com.c5827141";"Détection de : Tracking cookie.Smartadserver ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\smartadserver.com.3e749ab9";"Détection de : Tracking cookie.Smartadserver ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\ehg-nokiafin.hitbox.com.7c89b3c9";"Détection de : Tracking cookie.Hitbox ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\hitbox.com.2b95f8a3";"Détection de : Tracking cookie.Hitbox ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\247realmedia.com.68087763";"Détection de : Tracking cookie.247realmedia ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\zedo.com.775ee79c";"Détection de : Tracking cookie.Zedo ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\zedo.com.c1dd09f2";"Détection de : Tracking cookie.Zedo ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt:\zedo.com.a5b6a132";"Détection de : Tracking cookie.Zedo ";"Réparé"
"C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\956d07tg.default\cookies.txt";"Détection de : Tracking cookie.Estat ";"Réparé"
"C:\Documents and Settings\Admin\Cookies\Admin@cpvfeed[2].txt:\cpvfeed.com.f83873ed";"Détection de : Tracking cookie.Cpvfeed ";"Placé en quarantaine"
"C:\Documents and Settings\Admin\Cookies\Admin@cpvfeed[2].txt:\cpvfeed.com.23f953b";"Détection de : Tracking cookie.Cpvfeed ";"Placé en quarantaine"
"C:\Documents and Settings\Admin\Cookies\Admin@cpvfeed[2].txt:\cpvfeed.com.5fac0bd5";"Détection de : Tracking cookie.Cpvfeed ";"Placé en quarantaine"
"C:\Documents and Settings\Admin\Cookies\Admin@cpvfeed[2].txt:\cpvfeed.com.225fb011";"Détection de : Tracking cookie.Cpvfeed ";"Placé en quarantaine"
"C:\Documents and Settings\Admin\Cookies\Admin@cpvfeed[2].txt";"Détection de : Tracking cookie.Cpvfeed ";"Placé en quarantaine"
"C:\Documents and Settings\Admin\Cookies\Admin@m.webtrends[2].txt:\m.webtrends.com.b4ca7df0";"Détection de : Tracking cookie.Webtrends ";"Placé en quarantaine"
"C:\Documents and Settings\Admin\Cookies\Admin@m.webtrends[2].txt";"Détection de : Tracking cookie.Webtrends ";"Placé en quarantaine"
"C:\Documents and Settings\Admin\Cookies\Admin@yadro[2].txt:\yadro.ru.a4842f54";"Détection de : Tracking cookie.Yadro ";"Placé en quarantaine"
"C:\Documents and Settings\Admin\Cookies\Admin@yadro[2].txt:\yadro.ru.c77afad5";"Détection de : Tracking cookie.Yadro ";"Placé en quarantaine"
"C:\Documents and Settings\Admin\Cookies\Admin@yadro[2].txt";"Détection de : Tracking cookie.Yadro ";"Placé en quarantaine"
-
File/Folder C:\DOCUME~1\ADMIN~1\LOCALS~1\Temp\services.exe not found.
File/Folder C:\WINDOWS\system32\real.txt not found.
OTMoveIt2 v1.0.20 log created on 03082008_202612
scans en cours, j'attends les résultats
-
Rebonjour,
MSNFix avait deja été utilisé plusieurs fois,
voici le nouveau rapport:
MSNFix 1.677C:\Documents and Settings\Admin\Bureau\MSNFix\MSNFix
Fix exécuté le 08/03/2008 - 16:00:42,62 By Admin
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\ADMIN~1\LOCALS~1\Temp\services.exe
... C:\WINDOWS\system32\real.txt
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
/!\ ... C:\DOCUME~1\ADMIN~1\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\system32\real.txt
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
/!\ ... C:\DOCUME~1\ADMIN~1\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\system32\real.txt
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier
08032008_16041898.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
-
Bonjour, bonsoir
Une amie s'est fait infecté par un virus diffusé sur MSN avec un lien qui apparait
"http://msn.images.isuisse.com/?photo=<nom>"
pouvez vous verifier ces logs:
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 00:23:31, on 08/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Admin\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://recherche.neuf.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://recherche.neuf.fr/ie/default.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\LOONYA~1\LOCALS~1\Temp\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -
{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program
files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program
Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar3.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} -
C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program
Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [VAIO Update 3] "C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP
Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader
8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [MSNFix] C:\Documents and Settings\Admin\Bureau\MSNFix\MSNFix\MSNFix.bat
/pass2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
(User 'Default user')
O4 - Startup: VAIO Launcher.lnk = C:\Program Files\Sony\VAIO Launcher\Launcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Post Image to Blog -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transfert par Image Converter 2 - C:\Program Files\Sony\Image
Converter 2\menu.htm
O8 - Extra context menu item: Transload Image to ImageShack -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack -
res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: http://toolbar.imageshack.us
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) -
http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) -
http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://loonyangel5.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) -
http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) -
http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {809A6301-7B40-4436-A02C-87B8D3D7D9E3} (ZPA_DMNO Object) -
http://zone.msn.com/bingame/zpagames/zpa_dmno.cab55579.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://cyclops.american.edu/activex/AxisCamControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -
http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) -
http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program
Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile
Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil
Software\Avast4\ashWebSv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop
Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google
Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation -
C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony
Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony
Shared\AVLib\PACSPTISVR.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner -
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program
Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers
communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers
communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers
communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program
Files\Fichiers communs\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment Task Scheduler - Sony Corporation - C:\Program Files\Sony\VAIO
Entertainment\VzTaskScheduler.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program
Files\Fichiers communs\Sony Shared\VAIO Entertainment
Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event
Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony
Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony
Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony
Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation -
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO
Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program
Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program
Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program
Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
--
End of file - 16419 bytes
ComboFix 08-03-07.3 - Admin 2008-03-08 0:46:58.1 - NTFSx86Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.105 [GMT 1:00]
Endroit: C:\Documents and Settings\Admin\Bureau\combofix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE
!!
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-07 to 2008-03-07
))))))))))))))))))))))))))))))))))))
.
2008-03-07 23:18 . 2008-03-07 23:18 9,296 --a------ C:\WINDOWS\system32\repbcd.exe
2008-03-07 22:54 . 2008-03-07 23:48 <REP> d-------- C:\Program Files\MSNFix
2008-02-09 13:43 . 2008-02-09 13:43 <REP> d-------- C:\Documents and
Settings\Laurence\Application Data\vlc
2008-02-09 10:54 . 2008-02-08 18:37 <REP> d-------- C:\Documents and
Settings\Laurence\Application Data\Dossier de téléchargement Share-to-Web
2008-02-08 18:37 . 2008-02-08 18:37 <REP> d-------- C:\Documents and
Settings\Laurence\Application Data\Dossier de téléchargement Share-to-Web
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M
))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 23:49 --------- d-----w C:\Documents and Settings\Admin\Application
Data\Skype
2008-03-07 23:34 --------- d-----w C:\Program Files\Windows Live
2008-03-07 23:02 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-03-07 22:14 --------- d-----w C:\Documents and Settings\All Users\Application
Data\Google Updater
2008-03-07 19:54 --------- d-----w C:\Documents and Settings\Admin\Application
Data\uTorrent
2008-02-06 18:29 --------- d-----w C:\Documents and Settings\Admin\Application
Data\Dossier de téléchargement Share-to-Web
2008-02-03 13:41 --------- d-----w C:\Documents and Settings\Admin\Application
Data\Dossier de téléchargement Share-to-Web
2008-02-03 13:40 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-03 13:39 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-02-03 13:35 --------- d-----w C:\Program Files\HP Photosmart 11
2008-01-23 21:13 --------- d-----w C:\Program Files\VideoLAN
2008-01-23 21:08 --------- d-----w C:\Program Files\DirectVobSub
2008-01-20 20:01 --------- d-----w C:\Program Files\iTunes
2008-01-20 20:00 --------- d-----w C:\Program Files\iPod
2008-01-20 19:57 --------- d-----w C:\Program Files\QuickTime
2007-12-11 19:46 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-12-11 19:46 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-12-11 19:45 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 19:45 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 19:43 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-07-11 15:14 284 ----a-w C:\Documents and Settings\Admin\Application
Data\ViewerApp.dat
2007-02-04 13:18 0 ----a-w C:\Documents and Settings\Admin\Application
Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg
)))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-03 22:19
68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2003-11-07 09:21 114688]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-09 08:56 6746112]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 05:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-04-29 06:56 45056]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 15:46 45056 C:\WINDOWS\system32\ico.exe]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-29 06:33 114688]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2005-05-15 04:51 184320]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 13:12 32768]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-29 06:33 94208]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-29 06:33 77824]
"VAIO Update 3"="C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe" [2007-01-25 20:41 546936]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Autoconfigurateur WiFi Neuf"="C:\Program Files\Neuf\Kit\WiFi\9wifi.exe" [2007-09-09 00:05 283888]
"HPHmon04"="C:\WINDOWS\system32\hphmon04.exe" [2002-06-20 19:33 339968]
"HPHUPD04"="C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 13:47
49152]
"Share-to-Web Namespace Daemon"="C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
[2002-04-17 10:42 69632]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10
19:51 39792]
"Flash Media"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
VAIO Launcher.lnk - C:\Program Files\Sony\VAIO Launcher\Launcher.exe [2007-01-15 16:46:37 778240]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04
83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-09-23 15:24 73728 C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GO333C~1\GOEC62~1.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List
]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\utorrent\\utorrent.exe"=
"C:\\Program Files\\Fichiers communs\\Sony Shared\\VAIO Entertainment Platform\\VCSW\\VCSW.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\DOCUME~1\\LOONYA~1\\LOCALS~1\\Temp\\services.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;C:\Program Files\Adobe\Photoshop Elements
3.0\PhotoshopElementsFileAgent.exe [2004-10-12 03:47]
R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL
Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 17:55]
R3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording
monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-04-05
13:06]
S3 MPManF70;MPMan-F70;C:\WINDOWS\system32\Drivers\MPManF70.sys [2002-05-02 02:02]
S3 sonypvs1;Sony Digital Imaging Video2;C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 22:41]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03
23:08]
S3 w300bus;Sony Ericsson W300 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\w300bus.sys
[2006-03-13 15:49]
S3 w300mdfl;Sony Ericsson W300 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w300mdfl.sys
[2006-03-13 15:50]
S3 w300mdm;Sony Ericsson W300 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w300mdm.sys
[2006-03-13 15:50]
S3 w300mgmt;Sony Ericsson W300 USB WMC Device Management Drivers
(WDM);C:\WINDOWS\system32\DRIVERS\w300mgmt.sys [2006-03-13 15:50]
S3 w300obex;Sony Ericsson W300 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\w300obex.sys
[2006-03-13 15:50]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-13 07:57:59 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 00:51:30
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
? [1316]
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-08 0:54:27
.
2008-02-16 21:55:02 --- E O F ---
Merci
-
Merci Babac pour cette parole "pratique"
Sacles, tes paroles sont sages certes,
te demandes-tu des fois si tu es né d'un résultat qui n'aurait pas dû arriver?
respectes-tu les limites de vitesse? moi généralement oui, des fois non; et là se trouve la clef, des fois on sort des limites car -pour certaines personnes- ces limites te font sentir + "vivant".
as-tu un PC ou un MAC, si tu as un PC, te rends-tu compte des risques que tu fais courir aux autres internautes?
Je n'ai pas pour prétention de connaitre grand chose en informatique (sinon je ne viendrais pas chercher de l'aide) ou dans la vie communautaire, mais ce que je sais c'est que aider c'est bien (et je t'en remercie beaucoup), faire la morale c'est lourd.
Merci à vous,
Je n'ai jamais été déçu en m'adressant a ce forum où je trouve toujours des solutions.
Bonne journée!
-
Bonjour,
Ouioui, j'utilise IE uniquement pour windows update.
A paremment ta méthode a solutionné mon problème, merci. Je verrais si je rencontre encore des problèmes en rapport avec ça, c'est bizarre quand meme que CCleaner n'arrive pas à les supprimer.
---
là je suis en demo 30jours avec AVG, donc oui bouclier resident.
---
je formate mon ordi si je veux
nan le truc c'est que cela fait 2ans qu'il tourne sans fomatage,
et les derniers mois j'ai subi plusieurs attaque de virus/trojan au point ou je me demandais si mon ordi était réelement "safe" apres avoir enlevé les virus de mon ordinateur; bref bref, je me suis dit qu'un formatage permettrais de repartir a zero, en faisant un peu de place sur mon ordi et eventuellement acroitre ses performances.
Merci encore
@+
-
Bonjour,
j'ai un piti "problème" avec CCleaner,
je viens de formater mon ordi et réinstaller windows (xp sp2)
et a chaque fois que j'exécute un néttoyage avec Ccleaner j'obtient ce résultat:
NETTOYAGE COMPLET - (2.957 secs)------------------------------------------------------------------------------------------
4,54KB supprimés.
------------------------------------------------------------------------------------------
Détails des fichiers effacés
------------------------------------------------------------------------------------------
C:\Documents and Settings\User\Cookies\User@h.live[1].txt 69 bytes
C:\Documents and Settings\User\Cookies\User@google[1].txt 131 bytes
C:\Documents and Settings\User\Cookies\User@doubleclick[1].txt 89 bytes
C:\Documents and Settings\User\Cookies\User@windowsmarketplace[2].txt 262 bytes
C:\Documents and Settings\User\Cookies\User@onlinestores.metaservices.microsoft[1].txt 147 bytes
C:\Documents and Settings\User\Cookies\User@rad.live[2].txt 700 bytes
C:\Documents and Settings\User\Cookies\User@login.live[2].txt 184 bytes
C:\Documents and Settings\User\Cookies\User@edt02[2].txt 314 bytes
C:\Documents and Settings\User\Cookies\User@hotmail.msn[1].txt 71 bytes
C:\Documents and Settings\User\Cookies\User@msn[2].txt 238 bytes
C:\Documents and Settings\User\Cookies\User@live[1].txt 536 bytes
C:\Documents and Settings\User\Cookies\User@atdmt[1].txt 104 bytes
C:\Documents and Settings\User\Cookies\User@zune[2].txt 234 bytes
C:\Documents and Settings\User\Cookies\User@mediaplex[1].txt 85 bytes
C:\Documents and Settings\User\Cookies\User@messenger.msn[1].txt 96 bytes
C:\Documents and Settings\User\Cookies\User@rad.msn[2].txt 690 bytes
C:\Documents and Settings\User\Cookies\User@p.live[1].txt 104 bytes
C:\Documents and Settings\User\Cookies\User@real[1].txt 512 bytes
C:\Documents and Settings\User\Cookies\User@realguide.real[1].txt 83 bytes
et meme en lançant le nettoyage plusieurs fois d'affilé je continu a avoir le meme résultat.
Autre chose que je ne comprends pas:
j'accède a "C:\Documents and Settings\User\"
et là je ne vois aucun dossier "Cookies"
(meme en affichant les fichiers et dossiers cachés)
Quelqu'un aurait-il une explication?
merci à vous
ps: j'ai norton antivirus et avg anti-spyware installés et mis a jour (et exécutés 1fois par semaine).
-
edit:
j'ai fait une restauration systeme pour annuler les modifs,
je ne sais pas si je doit vous conseiller de revoir le dossier...
@++
-
Bonsoir,
j'ai commencé a suivre les instructions "http://www.zebulon.fr/dossiers/30-6-fermer-ports-critiques.html"
et apres la commande "net stop netbt" mon ordi portable ne veut plus se connecter en wifi :/
il apparait uniquement le "lecture de l'adresse réseau" mais rien de +
pouvez vous m'aider?
merci
config: windows xp pro
-
T'inkiète pour les sauvegardes ca passe par 2 DDE + DVD lol
Oki pour les indications, dur de garder un forum bien ordonné?
@+ et bonnes fetes de fin d'année
-
edit: en fait te fatigue pas Bruce Lee,
Je vais formatter mon ordi dans les semaines qui viennent car j'ai aussi un probleme d'USB 2.0
(Code 10: Le périphérique ne peut pas être démarrer...)
Donc, comme ca fait 2ans que la bébête tourne sans avoir été formatté je pense que je vais lui offrir un cadeau de noël
Je reviendrais certainement sur ce post pour reconfigurer toute la sécurité de mon ordi et je te ferais part si jamais j'ai des problèmes.. et si cela ne te gène pas de les résoudre
Merci Monsieur!
-
Re!
Lors d'un scan rapide sur: http://www.pcflank.com
il m'affiche cela:
Browser privacy checkThe test checked if your web browser reveals any private information while you visit Web sites. Usually such information is: the last site visited, your locale and who your Internet Service Provider is.
Danger!
Danger!
While visiting web sites your browser reveals private information about you and your computer. It sends information about previous sites you have visited. It may also save special cookies on your hard drive that have the purpose of directing advertising or finding out your habits while web surfing.
Ou peut on modifier ces paramètres :/
Merci Bruce Lee ^^
-
Oki, merci pour ces reponses bruce lee.
Avec mon PC ça à l'air d'aller, juste un peu lent des fois, je ferais une défragmentation...
Si tout est clean je te remercie encore pour le temps que tu m'as consacré
Bonne journée!
-
cela me semble clean
les fichiers lockés posent-ils un problème de securité ou c'est normal et il n'y a pas de danger?
Rapport:
-------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER REPORT
Sunday, December 16, 2007 4:35:55 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/12/2007
Kaspersky Anti-Virus database records: 484174
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 112710
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:46:10
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-08222007-153617.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-16_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\Application Data\3M\PSNotes\PSNData Object is locked skipped
C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{FC62E2D5-335C-4F34-AC3A-981222B052BC} Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\topautoemail@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\topautoemail@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Historique\History.IE5\MSHist012007121620071217\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFDC5E.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFE923.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFE932.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFF752.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFF7AD.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Admin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{79B29818-20A7-4826-B27A-B466E3AB767E}\RP612\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_37c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Merci Bruce Lee
EDIT:
Bruce Lee, peux-tu me dire par la suite quels sont les logiciels que je désinstalle? Hijackthis, combofix et kaspersky online dans un premier temps,
mais AVG Antispyware... est ce que c'est l'outils le + performant actuellement? peut-il etre utilisé en parallèle avec Norton Antivirus, Windows Defender et Ad-Aware sans risque de conflit? l'utiliser en freeware c'est suffisament efficace?
Merci
-
Hello,
voila le rapport
-------------------------------------------------------------------------------KASPERSKY ONLINE SCANNER REPORT
Saturday, December 15, 2007 7:09:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/12/2007
Kaspersky Anti-Virus database records: 483409
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 113206
Number of viruses found: 3
Number of infected objects: 13
Number of suspicious objects: 0
Duration of the scan process: 02:07:46
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-08222007-153617.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-12-15_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\Application Data\3M\PSNotes\PSNData Object is locked skipped
C:\Documents and Settings\Admin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{31DAAB45-43CF-42D5-8FC1-728DB430E3F6} Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\topautoemail@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Application Data\Microsoft\Windows Live Contacts\topautoemail@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DF9D6F.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFAB5F.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFADE7.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFF371.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temp\~DFF55A.tmp Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Admin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Admin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Fichiers communs\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\1BA166F0 Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\Program Files\Norton AntiVirus\Quarantine\29EB1737.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\Program Files\Norton AntiVirus\Quarantine\2A7D7895.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\Program Files\Norton AntiVirus\Quarantine\2B9A3D5D.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\Program Files\Norton AntiVirus\Quarantine\2BBE0B35.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\Program Files\Norton AntiVirus\Quarantine\2BF87EF4.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C3D70A9.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\Program Files\Norton AntiVirus\Quarantine\2C64687E.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bjc skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\oredauem.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\qoobox\Quarantine\catchme2007-12-13_104825.56.zip/nnnmnop.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\qoobox\Quarantine\catchme2007-12-13_104825.56.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{79B29818-20A7-4826-B27A-B466E3AB767E}\RP606\A0089905.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.ao skipped
C:\System Volume Information\_restore{79B29818-20A7-4826-B27A-B466E3AB767E}\RP606\A0089911.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.azt skipped
C:\System Volume Information\_restore{79B29818-20A7-4826-B27A-B466E3AB767E}\RP610\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{88245FBE-88CE-41F1-9D66-477B509FB153}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TEMP\Perflib_Perfdata_7bc.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
apres ce scan j'ai supprimé 12 fichiers dans le repertoire de quarantaine de Norton Antivirus (infectés par Vundo)
je ne sais pas où est ce qu'il y a les 3 virus et 13 fichiers infectés... ceux en quarantaine?
la suite?
-
Bon courage
Du courage il en fallait lol
2h30 d'analyse...
Bref, place aux rapports:
---------------------------------------------------------AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 16:24:12 14/12/2007
+ Résultat de l'analyse:
C:\WINDOWS\Downloaded Program Files\installer2.dll -> Adware.ClickMedia : Nettoyé.
C:\Documents and Settings\Admin\Cookies\admin@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Admin\Cookies\admin@atdmt[3].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Admin\Cookies\admin@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
Fin du rapport
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:32:05, on 14/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Post-it\PsnLite.exe
C:\PROGRA~1\Post-it\PSNGive.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\Post-it\PsnLite.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://topauto.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://aumail4.american.edu/dwa7W.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by120fd.bay120.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 13373 bytes
-
Besoin d'un rapport Hijackthis avec ça Bruce Lee?
-
Rebonsoir,
voila le rapport:
ComboFix 07-12-12.3 - Admin 2007-12-13 15:27:59.6 - NTFSx86Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.15 [GMT -5:00]
Running from: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Admin\Bureau\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\kkuaqkwr.ini
C:\WINDOWS\system32\lyvibhit.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pypbpwqb.ini
C:\WINDOWS\system32\rfuaogdg.ini
C:\WINDOWS\system32\rychvkrk.ini
C:\WINDOWS\system32\vreckjvb.ini
C:\WINDOWS\system32\wxqohdbw.ini
C:\WINDOWS\system32\ydtchhgk.ini
C:\WINDOWS\winmech\NTSERV~1\srunner.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\secdrv.sys
C:\WINDOWS\system32\kkuaqkwr.ini
C:\WINDOWS\system32\lyvibhit.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pypbpwqb.ini
C:\WINDOWS\system32\rfuaogdg.ini
C:\WINDOWS\system32\rychvkrk.ini
C:\WINDOWS\system32\vreckjvb.ini
C:\WINDOWS\system32\wxqohdbw.ini
C:\WINDOWS\system32\ydtchhgk.ini
C:\WINDOWS\winmech\NTSERV~1\srunner.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_WINMECH
-------\winmech
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))))))))
.
2007-12-13 10:52 . <REP> C:\Documents and Settings\InvitÚ\Local Settings
2007-12-13 10:52 . <REP> C:\Documents and Settings\InvitÚ\Local Settings
2007-12-12 20:01 . 2007-12-12 21:49 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-12 19:53 . 2007-12-12 19:54 <REP> d-------- C:\Program Files\RogueRemover
2007-12-05 22:43 . 2007-12-05 22:44 <REP> d-------- C:\Program Files\cam2pc
2007-12-05 22:20 . 2007-12-05 22:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nabocorp
2007-11-22 10:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-22 10:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-22 10:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-21 23:03 . 2007-11-21 23:03 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-21 19:22 . 2007-11-21 19:22 <REP> d-------- C:\Documents and Settings\Admin\Application Data\DivX
2007-11-21 15:00 . 2007-11-21 15:00 0 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-11-21 14:50 . 2007-11-21 14:50 <REP> d-------- C:\Program Files\DivXCodec
2007-11-21 11:39 . 2007-11-21 11:51 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-21 11:38 . 2007-12-13 12:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-13 17:02 --------- d-----w C:\Program Files\Windows Live
2007-12-12 15:39 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-09 15:00 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-08 20:09 --------- d-----w C:\Documents and Settings\Admin\Application Data\Skype
2007-12-08 05:53 --------- d-----w C:\Program Files\Google
2007-12-08 04:47 --------- d-----w C:\Documents and Settings\Admin\Application Data\MSNInstaller
2007-11-22 00:21 --------- d-----w C:\Program Files\DivX
2007-11-21 16:54 --------- d-----w C:\Program Files\MSN Messenger
2007-11-20 19:25 --------- d-----w C:\Program Files\Winamp
2007-11-15 04:01 --------- d-----w C:\Program Files\Verizon
2007-11-15 03:59 --------- d-----w C:\Program Files\AC3Filter
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.
((((((((((((((((((((((((((((( snapshot@2007-12-13_10.50.40.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-13 17:08:41 29,926 ----a-r C:\WINDOWS\Installer\{BADF6744-3787-48F6-B8C9-4C4995401D65}\MsblIco.Exe
+ 2007-12-13 20:36:35 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_31c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-19 14:40]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 03:12 C:\WINDOWS\AGRSMMSG.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 02:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 05:41]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 06:24]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 11:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 11:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 04:27]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-11-19 02:14]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-21 10:29]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-10 14:48]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-24 04:02]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 04:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-13 20:39:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-02 03:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Admin.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 15:37:52
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?8?7?0??p???? ?4?B?????????????hLC? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-13 15:41:01 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-13 10:52
.
2007-12-12 16:08:39 --- E O F ---
-
Resultat:
Fichier srunner.exe reçu le 2007.12.13 20:42:41 (CET)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.12.14.10 2007.12.13 Win-AppCare/ServiceRunner.63488
AntiVir 7.6.0.45 2007.12.13 -
Authentium 4.93.8 2007.12.13 -
Avast 4.7.1098.0 2007.12.13 Win32:Trojan-gen {VC}
AVG 7.5.0.503 2007.12.13 -
BitDefender 7.2 2007.12.13 Spyware.Hcktl.Exe.285
CAT-QuickHeal 9.00 2007.12.13 RiskWare.Tool.SRu (Not a Virus)
ClamAV 0.91.2 2007.12.13 -
DrWeb 4.44.0.09170 2007.12.13 Tool.SrvRunner
eSafe 7.0.15.0 2007.12.13 -
eTrust-Vet 31.3.5373 2007.12.13 -
Ewido 4.0 2007.12.13 -
FileAdvisor 1 2007.12.13 High threat detected
Fortinet 3.14.0.0 2007.12.13 HackerTool/Srunner
F-Prot 4.4.2.54 2007.12.12 -
F-Secure 6.70.13030.0 2007.12.13 -
Ikarus T3.1.1.15 2007.12.13 HackTool.Win32.Srunner
Kaspersky 7.0.0.125 2007.12.13 -
McAfee 5185 2007.12.13 potentially unwanted program Tool-SRunner
Microsoft 1.3007 2007.12.13 -
NOD32v2 2721 2007.12.13 -
Norman 5.80.02 2007.12.13 -
Panda 9.0.0.4 2007.12.13 HackTool/SRunner.A
Prevx1 V2 2007.12.13 Generic.Malware
Rising 20.22.32.00 2007.12.13 -
Sophos 4.24.0 2007.12.13 -
Sunbelt 2.2.907.0 2007.12.13 -
Symantec 10 2007.12.13 SRunner
TheHacker 6.2.9.158 2007.12.13 -
VBA32 3.12.2.5 2007.12.10 -
VirusBuster 4.3.26:9 2007.12.13 -
Webwasher-Gateway 6.6.2 2007.12.13 Riskware.Hcktl.Exe.285.2
Information additionnelle
File size: 63488 bytes
MD5: 909e7ca4d03201593529c12f7b8a19b9
SHA1: 47a250b785403fd9eb3fa7a9cd265e012c6e61c7
PEiD: InstallShield 2000
Bit9 info: http://fileadvisor.bit9.com/services/extin...529c12f7b8a19b9
Prevx info: http://info.prevx.com/aboutprogramtext.asp...589C400BEB45EBB
-
Rebonjour,
voila le rapport:
ComboFix 07-12-12.3 - Admin 2007-12-13 10:35:14.5 - NTFSx86Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.105 [GMT -5:00]
Running from: C:\Documents and Settings\Admin\Bureau\ComboFix.exe
* Created a new restore point
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Temp\bkR11
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\awvvv.dll
C:\WINDOWS\system32\daSgo02
C:\WINDOWS\system32\nnnmnop.dll
C:\WINDOWS\system32\oredauem.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\vvvwa.ini
C:\WINDOWS\system32\vvvwa.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-13 to 2007-12-13 ))))))))))))))))))))))))))))))))))))
.
2007-12-12 20:01 . 2007-12-12 21:49 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-12 19:53 . 2007-12-12 19:54 <REP> d-------- C:\Program Files\RogueRemover
2007-12-12 17:34 . 2007-12-12 17:34 913,211 ---hs---- C:\WINDOWS\system32\lyvibhit.ini
2007-12-11 17:34 . 2007-12-12 17:34 917,073 ---hs---- C:\WINDOWS\system32\rychvkrk.ini
2007-12-11 14:19 . 2007-12-11 14:19 143 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-12-10 17:31 . 2007-12-11 11:01 858,893 ---hs---- C:\WINDOWS\system32\kkuaqkwr.ini
2007-12-09 15:08 . 2007-12-09 21:26 834,160 ---hs---- C:\WINDOWS\system32\ydtchhgk.ini
2007-12-09 00:50 . 2007-12-09 00:50 834,460 ---hs---- C:\WINDOWS\system32\wxqohdbw.ini
2007-12-08 00:49 . 2007-12-09 00:50 834,400 ---hs---- C:\WINDOWS\system32\vreckjvb.ini
2007-12-06 17:53 . 2007-12-07 23:40 834,280 ---hs---- C:\WINDOWS\system32\rfuaogdg.ini
2007-12-06 13:18 . 2007-12-06 13:18 831,417 ---hs---- C:\WINDOWS\system32\pypbpwqb.ini
2007-12-05 22:43 . 2007-12-05 22:44 <REP> d-------- C:\Program Files\cam2pc
2007-12-05 22:20 . 2007-12-05 22:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nabocorp
2007-11-22 10:48 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-22 10:48 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-22 10:48 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-21 23:03 . 2007-11-21 23:03 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-21 19:22 . 2007-11-21 19:22 <REP> d-------- C:\Documents and Settings\Admin\Application Data\DivX
2007-11-21 15:00 . 2007-11-21 15:00 0 --a------ C:\WINDOWS\system32\lame_acm.xml
2007-11-21 14:50 . 2007-11-21 14:50 <REP> d-------- C:\Program Files\DivXCodec
2007-11-21 11:39 . 2007-11-21 11:51 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-11-21 11:38 . 2007-11-21 11:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-12 15:39 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-09 15:00 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-08 20:09 --------- d-----w C:\Documents and Settings\Admin\Application Data\Skype
2007-12-08 05:53 --------- d-----w C:\Program Files\Google
2007-12-08 04:48 --------- d-----w C:\Program Files\Windows Live
2007-12-08 04:47 --------- d-----w C:\Documents and Settings\Admin\Application Data\MSNInstaller
2007-11-22 00:21 --------- d-----w C:\Program Files\DivX
2007-11-21 16:54 --------- d-----w C:\Program Files\MSN Messenger
2007-11-20 19:25 --------- d-----w C:\Program Files\Winamp
2007-11-15 04:01 --------- d-----w C:\Program Files\Verizon
2007-11-15 03:59 --------- d-----w C:\Program Files\AC3Filter
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-25 15:26 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-01-19 14:40]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 03:12 C:\WINDOWS\AGRSMMSG.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 02:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 05:41]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 06:24]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 11:40]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 11:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 04:27]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-11-19 02:14]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-21 10:29]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-10 14:48]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-11-24 04:02]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 19:29]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 04:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R2 winmech;Security Services Internet;C:\WINDOWS\winmech\NTSERV~1\srunner.exe
R3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys
S3 PhilCam8116_XP;Logitech QuickCam Pro 3000(PID_08B1);C:\WINDOWS\system32\DRIVERS\CamDrL20.sys
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-13 15:50:57 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-12-02 03:00:00 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur - Admin.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/task:
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-13 10:49:16
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?8?7?0??`???? ?4?B?????????????hLC? ??????
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-12-13 10:52:18 - machine was rebooted
.
2007-12-12 16:08:39 --- E O F ---
-
Bonsoir/ Bonjour,
Une fois de + je suis infecté (cf. http://forum.zebulon.fr/index.php?showtopic=132762 )
mais par un autre virus/trojan qui a l'air d'etre répendu en cette période...
J'ai le probleme du "BrowserModifier:Win32/Fotomoto"
Détecté par Windows Defender
Apres un scan de BitDefender sur le net je n'ai a parement plus ce probleme mais je reste encore infecté par la bestiole qui ouvre des pages IE de pubs
et essaye a tout prix de m'infester avec "Vundo"
mais là Norton Antivirus intervient à chaque fois pour bloquer.
Bitfender a également détecté et supprimé plusieurs fichiers infecté par différentes versions de fotomoto et vundo.
Infected with: Backdoor.Agent.AHJInfected with: Trojan.Vundo.DRT
Infected with: Trojan.Vundo.DSJ
Infected with: Trojan.Fotomoto.H
J'ai fais un scan avec VundoFix (de Symantec) et il n'a rien trouvé.
config:
Windows XP Pro SP2 à jour,Avec Norton Antivirus à jour,
Ad-Aware SE Personal à jour,
CCleaner utilisé régulièrement,
et Windows Defender à jour également.
(je précise que j'ai un abonnement payant Norton donc ne souhaite pas changer tout de suite d'antivirus
)Autre info: les fichiers suivants semblent impliqués dans l'affaire:
C:\WINDOWS\system32\oekrguln.exe (infecté par Vundo > détecté par Norton, bloqué, mais impossible à supprimer)
et
C:\WINDOWS\system32\nnnmnop.dll ( "Infected with: Trojan.Vundo.DSF"; n'a pas été supprimé)
Bon place au rapport Hijack:
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:41:27, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\oekrguln.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\winmech\NTSERV~1\srunner.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Post-it\PsnLite.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Post-it\PSNGive.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [intelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\Post-it\PsnLite.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Post Image to Blog - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5003
O8 - Extra context menu item: Tag This Image - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5002
O8 - Extra context menu item: Transload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5004
O8 - Extra context menu item: Upload All Images to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5000
O8 - Extra context menu item: Upload Image to ImageShack - res://C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll/5001
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.m6video.fr/1click/install/files/installer2.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://topauto.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://aumail4.american.edu/dwa7W.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by120fd.bay120.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\oekrguln.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Security Services Internet (winmech) - Unknown owner - C:\WINDOWS\winmech\NTSERV~1\srunner.exe
--
End of file - 12884 bytes
Merci à vous et bonjour à Malekal_morte si il passe par là
EDIT:
Ayant remarqué que oekrguln.exe faisait parti des processus actifs je l'ai arreté..
Norton est intervenu et a supprimé le fichier
"C:\WINDOWS\system32\oekrguln.exe" > plus rien.
bonne solution? pas sur... ^^
Infection http://msn.images.isuisse.com/?photo=
dans Analyses et éradication malwares
Posté(e)
Et bien pour l'instant tout remarche parfaitement
Merci beaucoup