Aller au contenu

louloutez

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    49

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par louloutez

  1. louloutez
    bonsoir, depuis que j'ai telecharger ati j'ai un message erreur 0x7927f26e que faire Cordialement louloutez
  2. louloutez

    A l'aide pour décompresser

    louloutez a répondu à un(e) sujet de louloutez dans Software

    Bonsoir oui j'ai essayé de le décompresser avec winzip est ça ne marche pas Cordialement louloutez
  3. louloutez
    Bonjours voici le precesseur graphique : Propriétés du processeur graphique: Carte vidéo Sapphire Radeon 9000 Atlantis Nom de code RV250 (AGP 4x 1002 / 4966, Rev 01) Vitesse d'horloge 250 MHz (original: 250 MHz) Horloge mémoire 200 MHz (original: 200 MHz) Cordialement louloutez
  4. louloutez
    Bonjour, je suis débutante et je voudrais installer le jeu de colin mrae rally3. L'installation cest bien déroulée mais dès que je veux lancer le jeu il me dit que ma carte graphique n'est pas assez importante. Carte graphique 3D ** compatible Direct x9 Carte son compatible Direct X9 Mise à jour des pilotes des carte graphique et son reommandée. J'ai windows xp. Proccesseur pentium 4 je pense Merci d'avance de votre aide. Cordialement Louloutez
  5. louloutez
    Bonjours, je n'arrive pas à décompresser ce fichier Asi.db Fichier de la base de données (Repertoire racine de l'archive) 32 ko crc32 : 782709EB Merci d'avance de votre aide Cordialement louloutez
  6. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    Excuse moi voici le rapport de hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:27:48, on 15/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\PollingModule.exe C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\WINDOWS\System32\msiexec.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\documents and settings\jeep\application data\setup_fr[2].exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Cccs] "C:\WINDOWS\system32\YSTEM~1\msconfig.exe" -vt yazb O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: efccabb - efccabb.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe -- End of file - 6976 bytes Cordialement louloutez
  7. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    Excuse moi de cet erreur, voici le rapport de hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:27:48, on 15/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\PollingModule.exe C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\WINDOWS\System32\msiexec.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\documents and settings\jeep\application data\setup_fr[2].exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Cccs] "C:\WINDOWS\system32\YSTEM~1\msconfig.exe" -vt yazb O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: efccabb - efccabb.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe -- End of file - 6976 bytes Cordialement louloutez
  8. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    Rebonjour, voici le nouveau rapport de hijackthis : Bonjour, C'est bien mieux. Cochez ces lignes dans Hijackthis, puis fix checked: C:\WINDOWS\SOUNDMAN.EXE => Realtek Avance Logic Sound O2 - BHO: (no name) - {337B1013-900F-4A37-9E62-826DED4406D5} - C:\WINDOWS\system32\jsutxfsf.dll (file missing) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: (no name) - {6A11553E-7737-4DA8-8FFD-B6842B415702} - C:\WINDOWS\system32\efccabb.dll (file missing) O2 - BHO: (no name) - {ECCD4B69-2D0A-4DDE-A072-D1538133EC4E} - (no file) O2 - BHO: (no name) - {F85AC80B-348B-4F03-AAFD-37CDAEFE0A98} - C:\WINDOWS\System32\mlljh.dll (file missing) O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe => Ahead Nero Burning Rom O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) Processus inutiles au démarrage du système C:\Program Files\Microsoft Office\Office\FINDFAST.EXE => Microsoft Windows NT O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R => Creative MediaSource Detector O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') => Microsoft Windows NT O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') => Microsoft Windows NT O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') => Microsoft Windows NT O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') => Microsoft Windows NT O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE => Microsoft Windows NT Pour supprimer Ctfmon: Panneau de configuration->Options Régionales et linguistiques->Désactiver Langues d'Extrême Orient Java n'est pas à jour,donc moins sécurisé. Rendez vous là: http://www.download.com/Java-Runtime-Envir...4-10009607.html Java Runtime Environment (JRE) 6 Update 5 Download Now S'ouvre une bouvelle page. Vous descendrez là: Java Runtime Environment (JRE) 6 Update 5 Clic sur Download Nouvelle page. Sélectionnez votre platform->Windows Cochez "I agree to the java..." clic sur continue Nouvelle page Cochez: Windows Online Installation Cochez la flèche orange " Cochez ici"jre-6u5-windows-i586-p-iftw.exe Cela fait, supprimez les installations java antérieures par "Ajout/Suppression de Programmes" Postez un nouvel hijackthis,svp Cordialement louloutez
  9. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    Bonjour, je vous joint le rapport de Anitivir : AntiVir PersonalEdition Classic Report file date: vendredi 14 mars 2008 19:10 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: jeep Computer name: LAURENT-119DE43 Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi 14 mars 2008 19:10 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '36' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry1.zip [DETECTION] Contains suspicious code HEUR/PwdZIP [iNFO] The file was moved to '483bc03d.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip [DETECTION] Contains suspicious code HEUR/PwdZIP [iNFO] The file was moved to '4854c032.qua'! C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip [DETECTION] Contains suspicious code HEUR/PwdZIP [iNFO] The file was moved to '4854c035.qua'! C:\VundoFix Backups\jsutxfsf.dll.bad [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '484fc40d.qua'! C:\WINDOWS\b138.0xe [DETECTION] Is the Trojan horse TR/Dldr.Agent.22016.4 [iNFO] The file was moved to '480dc3d8.qua'! C:\WINDOWS\system32\ѕystem\msconfig.0xe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '483dc93d.qua'! End of the scan: vendredi 14 mars 2008 19:49 Used time: 38:57 min The scan has been done completely. 3299 Scanning directories 127335 Files were scanned 2 viruses and/or unwanted programs were found 4 Files were classified as suspicious: 0 files were deleted 0 files were repaired 6 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 127333 Files not concerned 1216 Archives were scanned 1 Warnings 0 Notes Le rapport de Avg : --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 21:16:53 14/03/2008 + Résultat de l'analyse: C:\SDFix\backups\backups.zip/backups/Image50.zip/Image50.JPEG-www.myspace.com -> Backdoor.Poison.k : Nettoyé. C:\SDFix\backups\backups.zip/backups/photo34.zip/photo34.JPEG-www.myspace.com -> Backdoor.Poison.k : Nettoyé. C:\SDFix\backups\backups.zip/backups/photo35.zip/photo35.JPEG-www.myspace.com -> Backdoor.Poison.k : Nettoyé. C:\WINDOWS\b154.0xe -> Downloader.Agent.kha : Nettoyé. C:\SDFix\backups\backups.zip/backups/NoDNS.0xe -> Downloader.Agent.kji : Nettoyé. :mozilla.394:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.395:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.396:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.128:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.265:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.277:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.7:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.8:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.9:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.485:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.486:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.11:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.12:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.13:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.14:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.15:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.156:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé. :mozilla.10:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.51:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.442:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé. :mozilla.443:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé. :mozilla.433:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.434:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.435:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.436:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.437:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.438:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.439:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé. :mozilla.96:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.97:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.98:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.315:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé. :mozilla.17:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.20:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.131:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé. :mozilla.132:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé. :mozilla.196:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.197:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.198:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.199:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.191:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.211:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.494:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.507:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.531:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.88:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé. :mozilla.386:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.387:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.240:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.241:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\jeep\Cookies\jeep@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé. :mozilla.24:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.25:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.29:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.141:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Safer-networking : Nettoyé. :mozilla.100:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.101:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.102:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.103:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.104:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.105:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.106:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.99:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.56:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.57:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.58:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.59:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.203:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé. :mozilla.432:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.440:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.441:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.114:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.115:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.116:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.117:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.263:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé. :mozilla.123:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.124:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.125:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.126:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.452:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé. :mozilla.92:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé. :mozilla.173:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.174:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.175:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.176:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.177:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.178:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\jeep\Cookies\jeep@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\jeep\Cookies\jeep@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.215:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.216:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.217:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.218:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.219:C:\Documents and Settings\jeep\Application Data\Mozilla\Firefox\Profiles\sqzf64z9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. C:\Documents and Settings\jeep\Cookies\jeep@CAIRWT2R.txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport Et le rapport de Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:35:24, on 15/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\PollingModule.exe C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\WINDOWS\system32\wuauclt.exe C:\HiJackThis\HijackThis.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {337B1013-900F-4A37-9E62-826DED4406D5} - C:\WINDOWS\system32\jsutxfsf.dll (file missing) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing) O2 - BHO: (no name) - {6A11553E-7737-4DA8-8FFD-B6842B415702} - C:\WINDOWS\system32\efccabb.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {ECCD4B69-2D0A-4DDE-A072-D1538133EC4E} - (no file) O2 - BHO: (no name) - {F85AC80B-348B-4F03-AAFD-37CDAEFE0A98} - C:\WINDOWS\System32\mlljh.dll (file missing) O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\documents and settings\jeep\application data\setup_fr[2].exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Cccs] "C:\WINDOWS\system32\YSTEM~1\msconfig.exe" -vt yazb O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O20 - Winlogon Notify: efccabb - efccabb.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe -- End of file - 8355 bytes Merci d'avance, cordialement Louloutez
  10. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    Bonsoir, je vous joins le rapport de sdfix : SDFix: Version 1.157 Run by jeep on 14/03/2008 at 18:09 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\Program Files\JavaCore\UnInstall.exe - Deleted C:\Program Files\NoDNS\NoDNS.0xe - Deleted C:\Program Files\NoDNS\UnInstall.exe - Deleted C:\DOCUME~1\jeep\LOCALS~1\Temp\Image50.zip - Deleted C:\DOCUME~1\jeep\LOCALS~1\Temp\photo029.zip - Deleted C:\DOCUME~1\jeep\LOCALS~1\Temp\photo34.zip - Deleted C:\DOCUME~1\jeep\LOCALS~1\Temp\photo35.zip - Deleted C:\Program Files\.autoreg - Deleted Folder C:\Program Files\JavaCore - Removed Folder C:\Program Files\NoDNS - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-14 18:13:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 35 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Thu 7 Feb 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Thu 7 Feb 2008 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv13.bak" Thu 14 Feb 2008 7,318 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\BurD4.tmp" Thu 14 Feb 2008 1,558 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Fav160.tmp" Sun 24 Feb 2008 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off2.tmp" Finished! Merci d'avance, cordialement louloutez
  11. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    Bonsoir, merci de bien vouloir me répondre à la question : C'est quoi, svp? une suite de protection ?Symantec ? Je ne sais pas ce que ça ve dire????????????????, Je vous joint le rapport de Vundofix : VundoFix V7.0.3 Scan started at 20:53:17 12/03/2008 Listing files found while scanning.... C:\WINDOWS\system32\jsutxfsf.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\jsutxfsf.dll C:\WINDOWS\system32\jsutxfsf.dll Has been deleted! Performing Repairs to the registry. Done! Ainsi que le rapport de Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:42:44, on 12/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\ATI-CPanel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\FSGK32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Orange\AntivirusFirewall\Common\FSMB32.EXE C:\Program Files\Orange\AntivirusFirewall\Common\FCH32.EXE C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsqh.exe C:\Program Files\Orange\AntivirusFirewall\Common\FAMEH32.EXE C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fssm32.exe C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsus.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsav32.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Microsoft Office\Office\WINWORD.EXE C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Windows Pool Setup] poolmc.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [NI.UGESV_0001_N122M0303] "C:\documents and settings\jeep\application data\setup_fr[2].exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe O4 - HKCU\..\Run: [sfKg6w] C:\Documents and Settings\jeep\Application Data\Microsoft\Windows\ioanv.exe O4 - HKCU\..\Run: [Cccs] "C:\WINDOWS\system32\YSTEM~1\msconfig.exe" -vt yazb O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe -- End of file - 6846 bytes et encore merci cordialement louloutez
  12. louloutez
    Bonjours à tous, j'ai un 3 virus sur mon disque dur ainsi que 2 spywares. Je vous joins le rapport de l'antivirus Firewall ci dessous : Rapport d'analyse mercredi 12 mars 2008 15:27:11 - 16:24:37 Nom de l'ordinateur: LAURENT-119DE43 Type d'analyse: Analyse des disques durs Cible : C:\ -------------------------------------------------------------------------------- Résultat: 5 antiprogramme(s) détecté(s) Vous devez redémarrer le système pour terminer les actions de nettoyage ! Backdoor.Win32.IRCBot.bug (virus) C:\Documents and Settings\jeep\Local Settings\Temp\NewPicture0023.zip\MyPic0023.JPEG_www.uploadz.com C:\Documents and Settings\jeep\Local Settings\Temp\NewPicture0028.zip\MyPic0028.JPEG_www.uploads.com C:\Documents and Settings\jeep\Local Settings\Temp\photo029.zip\photo029.JPG-www.myspace.com AdWare.Win32.Virtumonde (adware) C:\WINDOWS\system32\efccabb.dll Action : ECHEC C:\WINDOWS\system32\mlljh.dll Action : ECHEC -------------------------------------------------------------------------------- Statistiques Analysés: Fichiers: 83473 Non analysés: 27 Résultat: Virus: 3 Spyware: 2 Eléments suspects: 0 Programme à risque: 0 Actions: Nettoyés: 0 Renommés: 0 Supprimés: 0 Quarantaine: 2 Echec: 0 Secteurs d'amorçage: Analysés: 1 Infectés: 0 Eléments suspects: 0 Nettoyés: 0 Fichiers non analysés: Erreur d'ouverture du fichier (cliquez ici pour plus d'infos) . C:\PAGEFILE.SYS Erreur d'ouverture du fichier (cliquez ici pour plus d'infos) . C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Impossible d'ouvrir le fichier dans l'archive C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\40DB0132.DLL. Impossible de lire le fichier C:\Documents and Settings\jeep\Local Settings\Temporary Internet Files\Content.IE5\STUV85YR\frfr[1].js\frfr[1]. [F-Secure Libra] Impossible d'ouvrir le fichier dans l'archive C:\DOCUMENTS AND SETTINGS\JEEP\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\0SKUMW6P\MSGRCONFIG[1].XML. L'analyse de C:\Documents and Settings\jeep\Local Settings\Temp\Répertoire temporaire 2 pour need_for_speed_prostreet_demo_JeuxVideo.com_13454.zip\need_for_speed_prostreet_demo_JeuxVideo.com_13454.exe a été interrompue. [F-Secure AVP] L'analyse de C:\Documents and Settings\jeep\Local Settings\Temp\Répertoire temporaire 1 pour need_for_speed_prostreet_demo_JeuxVideo.com_13454.zip\need_for_speed_prostreet_demo_JeuxVideo.com_13454.exe a été interrompue. [F-Secure AVP] Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry.zip\sbRecovery.reg est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry1.zip\xpupdate.exe est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ClickspringOuterInfo.zip\sbRecovery.reg est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MalwareAlarm.zip\sbRecovery.reg est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip\sbRecovery.ini est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip\sbRecovery.ini est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip\sbRecovery.reg est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde1.zip\sbRecovery.reg est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde2.zip\sbRecovery.reg est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde3.zip\removalfile.bat est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll.zip\pxyjmdrr.dll est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip\sbRecovery.reg est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl1.zip\mrofinu2000201.exe.tmp est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Wintouch.zip\sbRecovery.reg est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Wintouch1.zip\sbRecovery.reg est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Wintouch2.zip\sbRecovery.reg est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Wintouch3.zip\sbRecovery.ini est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Wintouch4.zip\wintouch.cfg est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle.zip\Yazzle1560OinAdmin.exe est crypté. Le fichier C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Yazzle1.zip\Yazzle1560OinUninstaller.exe est crypté. -------------------------------------------------------------------------------- Options Version des définitions: Virus: 2008-03-12_07 Spyware: 2008-03-12_07 Moteurs d'analyse : F-Secure AVP: 7.00.171, 2008-03-12 F-Secure Libra: 2.04.01, 2008-03-12 F-Secure Orion: 1.02.37, 2008-03-12 F-Secure Draco: 1.00.35, 2006-09-19 Options d'analyse : Analyser les fichiers définis : COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ANI AVB BAT CEO CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR TGZ ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX Analyser le contenu des archives Actions: Virus: Interroger après analyse Spyware: Interroger après analyse -------------------------------------------------------------------------------- Erreur d'informations Une erreur "Impossible d'ouvrir le fichier" s'est produite : Le message d'erreur "Impossible d'ouvrir le fichier" signifie que le moteur d'analyse n'a pas pu ouvrir de fichier et que ce dernier n'a pas pu être analysé. Vous pouvez généralement ignorer ce message d'erreur car il peut être dû à de nombreuses causes autres qu'une menace de sécurité, notamment : Le fichier est un fichier système. Par principe, les fichiers système sont protégés par le système d'exploitation. Dans ce cas, ignorez le message. Vous n'êtes pas autorisé à lire le fichier. Pour analyser le fichier, connectez-vous avec un compte utilisateur disposant des autorisations suffisantes (le compte administrateur de l'ordinateur par exemple) et réexécutez l'analyse. Le fichier était utilisé par une application pendant la tentative d'analyse. Pour l'analyser, fermez toutes les applications et réessayez. -------------------------------------------------------------------------------- Copyright © 1998-2007 Assistance produit | Envoi d'un échantillon de virus à F-Secure F-Secure n'assume aucune responsabilité quant au matériel créé ou publié par une tierce partie et référencé par un lien dans les pages Web de F-Secure. Sauf mention contraire explicite, vous acceptez qu'en soumettant du matériel sur l'un de nos serveurs, par exemple via courrier électronique ou formulaire CGI de F-Secure, le matériel mis à disposition peut dès lors être publié sur les pages Web de F-Secure ou sur support papier. Vous accéderez au site web public de F-Secure en cliquant sur les liens soulignés. Ainsi, votre accès est enregistré dans nos statistiques privées avec votre nom de domaine. Ces informations ne sont communiquées à aucune tierce partie. Vous vous engagez à ne pas intenter de procédure judiciaire contre notre société en relation avec le matériel soumis. Sauf mention contraire explicite, F-Secure peut inclure dans ses propres produits/publications tout concept relatif au matériel mis à sa disposition, sans aucun engagement de responsabilité. Merci d'avance, cordialement louloutez
  13. louloutez
    Bonsoir j'ai fait une analyse de mon disque dur avec l'antvirus norton. Est ce que je peux utiliser antivir sachant que l'analyse faite n'a pas trouvé de virus. Cordialement louloutez
  14. louloutez
    Bonsoir, je vous envoie le rapport smitfraudfix : SmitFraudFix v2.292 Rapport fait à 19:51:31,20, 20/02/2008 Executé à partir de C:\Documents and Settings\HP_Administrateur\Mes documents\Nouveau dossier (2)\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\arservice.exe C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dllhost.exe C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\RTHDCPL.EXE C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\ErrorSafe Free\uerscw.exe C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe C:\Program Files\WinAntiSpyware 2006 Free\was6.exe C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\Program Files\Fichiers communs\DriveCleaner Free\dcsm.exe C:\Program Files\DriveCleaner Free\UDC.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\DriveCleaner Free\udc6cw.exe C:\Program Files\Fichiers communs\DriveCleaner Free\dnse.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PVSW\Bin\w3dbsmgr.exe c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrateur »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrateur\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="http://perso.wanadoo.fr/fairyworld/francais/geraint_fichiers/title3p42.png"'>http://perso.wanadoo.fr/fairyworld/francais/geraint_fichiers/title3p42.png" "SubscribedURL"="http://perso.wanadoo.fr/fairyworld/francais/geraint_fichiers/title3p42.png" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 16.92.3.242 DNS Server Search Order: 16.92.3.243 DNS Server Search Order: 16.81.3.243 DNS Server Search Order: 16.118.3.243 Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 DNS Server Search Order: 0.0.0.0 HKLM\SYSTEM\CCS\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7B193754-0ABE-4583-B3CA-1DC161A7D270}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS1\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7B193754-0ABE-4583-B3CA-1DC161A7D270}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS3\Services\Tcpip\..\{1CEDAE29-FA41-4AE6-BD3D-D3CBBA6A701C}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7B193754-0ABE-4583-B3CA-1DC161A7D270}: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Cordialement louloutez
  15. louloutez
    Bonjours, pouvez-vous analyser ce rapport et me donner des nouvelles. Je pense qu'il y a des espions. Merci de me tenir informer. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:40:02, on 20/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\RTHDCPL.EXE C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\HP\HP Software Update\HPwuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE C:\Program Files\Picasa2\PicasaMediaDetector.exe C:\Program Files\ErrorSafe Free\uerscw.exe C:\Program Files\WinAntiSpyware 2006 Free\was6.exe C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Fichiers communs\DriveCleaner Free\dcsm.exe C:\Program Files\DriveCleaner Free\UDC.exe C:\Program Files\DriveCleaner Free\udc6cw.exe C:\Program Files\Fichiers communs\DriveCleaner Free\dnse.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\AOL 9.0a\aoltray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PVSW\Bin\w3dbsmgr.exe C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\arservice.exe C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE C:\Program Files\Securitoo\Av_Fw\backweb\8520111\Program\fspex.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguiexe.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Windows Live Toolbar\msn_sl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe" O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [uerscw] C:\Program Files\ErrorSafe Free\uerscw.exe -c O4 - HKLM\..\Run: [WinAntiSpyware 2006 Free] "C:\Program Files\WinAntiSpyware 2006 Free\was6.exe" /min O4 - HKLM\..\Run: [uwas6cw] "C:\Program Files\WinAntiSpyware 2006 Free\uwas6cw.exe" -c O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [MDRV_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrmdr.exe" O4 - HKLM\..\Run: [DC6V_Check] "C:\Program Files\Fichiers communs\SystemDoctor\usdrdc.exe" O4 - HKLM\..\Run: [salestart] "C:\Program Files\Fichiers communs\DriveCleaner Free\dcsm.exe" O4 - HKLM\..\Run: [DriveCleaner Free] C:\Program Files\DriveCleaner Free\UDC.exe /min O4 - HKLM\..\Run: [udc6cw] "C:\Program Files\DriveCleaner Free\udc6cw.exe" -c O4 - HKLM\..\Run: [dnse] "C:\Program Files\Fichiers communs\DriveCleaner Free\dnse.exe" -c O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\Bin\w3dbsmgr.exe O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game11.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: Securitoo Antivirus Firewall (BackWeb Plug-in - 8520111) - Unknown owner - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\8520111\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\8520111\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe O24 - Desktop Component 0: (no name) - http://perso.wanadoo.fr/fairyworld/francai...s/title3p42.png -- End of file - 13292 bytes Cordialement Louloutez
  16. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    Bonsoir pear, je voudrais un conseil je n'arrive pas à supprimer ctfmon J'ai voulu alléger le démarrage mais je n'ai plus d'icone à droite de windows xp pour antivir (je ne sais pas s'il est actif tout le temps ou pas) Est ce qu'il existe antivir en français car l'anglais et moi sa fait deux Je ne comprend pas ce que je dois faire avec ce lien : http://speedweb1.free.fr/frames2.php?page=service4 Pour nettoyer xp je peux utiliser outils option internet et supprimer l'historique, les cookies, etc excuse moi encore de te déranger Cordialement louloutez
  17. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    Bonsoir, Je vous envoie le rapport d'antivir AntiVir PersonalEdition Classic Report file date: samedi 9 février 2008 15:38 Scanning for 1096761 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: OEMCOMPUTER Computer name: OEMCOMPU-KF918X Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 21:10:40 ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 21:10:40 ANTIVIR3.VDF : 7.0.2.114 2048 Bytes 08/02/2008 21:10:40 AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 08/02/2008 21:10:44 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 08/02/2008 21:10:45 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: samedi 9 février 2008 15:38 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '43' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\OEMCOMPUTER\Mes documents\SmitfraudFix.zip [0] Archive type: ZIP --> SmitfraudFix/Reboot.exe [DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program --> SmitfraudFix/restart.exe [DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program [iNFO] The file was moved to '4816c23c.qua'! C:\Documents and Settings\OEMCOMPUTER\Mes documents\SmitfraudFix\SmitfraudFix\Reboot.exe [DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program [iNFO] The file was moved to '480fc83f.qua'! C:\Documents and Settings\OEMCOMPUTER\Mes documents\SmitfraudFix\SmitfraudFix\restart.exe [DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program [iNFO] The file was moved to '4820c842.qua'! End of the scan: samedi 9 février 2008 18:11 Used time: 2:33:09 min The scan has been done completely. 6944 Scanning directories 444606 Files were scanned 4 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 3 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 444602 Files not concerned 4041 Archives were scanned 1 Warnings 1 Notes Le raport de AVG AS --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 19:30:40 09/02/2008 + Résultat de l'analyse: C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@cmpmedica.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@fnac.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@mistergooddeal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@www.abcsearch[1].txt -> TrackingCookie.Abcsearch : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@adviva[1].txt -> TrackingCookie.Adviva : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@stat.dealtime[1].txt -> TrackingCookie.Dealtime : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@enhance[2].txt -> TrackingCookie.Enhance : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@estat[1].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@findwhat[1].txt -> TrackingCookie.Findwhat : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@hit.gemius[1].txt -> TrackingCookie.Gemius : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@goclick[2].txt -> TrackingCookie.Goclick : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@ehg-quechoisir.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@searchportal.information[2].txt -> TrackingCookie.Information : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@ivwbox[2].txt -> TrackingCookie.Ivwbox : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@overture[2].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@pro-market[2].txt -> TrackingCookie.Pro-market : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@questionmarket[1].txt -> TrackingCookie.Questionmarket : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@sexlist[1].txt -> TrackingCookie.Sexlist : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@counter11.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@counter16.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@counter2.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@counter8.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@h.starware[2].txt -> TrackingCookie.Starware : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@try.starware[1].txt -> TrackingCookie.Starware : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@trafic[1].txt -> TrackingCookie.Trafic : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\OEMCOMPUTER\Cookies\oemcomputer@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé. Fin du rapport Et le rapport de Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:42:23, on 09/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Works\WksSb.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\MMTray.exe C:\WINDOWS\system32\MMTray2k.exe C:\WINDOWS\system32\MMTrayLSI.exe C:\WINDOWS\system32\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\TF1Vision\TF1vision.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tele2.fr/redirect/welcome/adsl/fra R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ccelerationEnabled R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_2_0_4_9.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O24 - Desktop Component 0: (no name) - http://www.augrandbazar.com/Noel/Images/pnoel10.gif -- End of file - 9205 bytes Cordialement Louloutez
  18. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    [bonsoir, Aucun souci pour supprimer les fichiers. Je vous joint le nouveau rapport de Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:48:17, on 08/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft Works\WksSb.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\MMTray.exe C:\WINDOWS\system32\MMTray2k.exe C:\WINDOWS\system32\MMTrayLSI.exe C:\WINDOWS\system32\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\TF1Vision\TF1vision.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tele2.fr/redirect/welcome/adsl/fra R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ccelerationEnabled R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_2_0_4_9.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O24 - Desktop Component 0: (no name) - http://www.augrandbazar.com/Noel/Images/pnoel10.gif -- End of file - 8918 bytes Cordialement Louloutez
  19. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    Re bonjours, voici le rapport de Smtfraudfix : SmitFraudFix v2.281 Rapport fait à 10:37:16,46, 08/02/2008 Executé à partir de C:\Documents and Settings\OEMCOMPUTER\Mes documents\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Works\WksSb.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\MMTray.exe C:\WINDOWS\system32\MMTray2k.exe C:\WINDOWS\system32\MMTrayLSI.exe C:\WINDOWS\system32\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\windows\system32\qzkdyel.exe C:\Program Files\TF1Vision\TF1vision.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\OEMCOMPUTER »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\OEMCOMPUTER\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\OEMCOM~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="http://www.augrandbazar.com/Noel/Images/pnoel10.gif"'>http://www.augrandbazar.com/Noel/Images/pnoel10.gif" "SubscribedURL"="http://www.augrandbazar.com/Noel/Images/pnoel10.gif" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DBEF5A4-60F4-431D-92D1-18C781C2ACA0}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0DBEF5A4-60F4-431D-92D1-18C781C2ACA0}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{0DBEF5A4-60F4-431D-92D1-18C781C2ACA0}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Cordialement louloutez
  20. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    Bonjours, je n'ai pas réussi à supprimer ce fichier : c:\program files\fichiers communs\protectionassuree\stmon.exe Je n'ai pas retrouver ce fichier : c:\program files\video add-on\isfmntr.exe Je vous envoi le rapport d'antivir : AntiVir PersonalEdition Classic Report file date: jeudi 7 février 2008 21:33 Scanning for 835736 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: OEMCOMPUTER Computer name: OEMCOMPU-KF918X Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55 ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04 ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13 AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: jeudi 7 février 2008 21:33 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '43' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\OEMCOMPUTER\Application Data\Sun\Java\Deployment\cache\6.0\32\7836d960-653519ef [0] Archive type: ZIP --> BnnnnBaa.class [DETECTION] Is the Trojan horse TR/Java.Downloader.Gen --> VaannnaaBaa.class [DETECTION] Is the Trojan horse TR/ClassLoader [iNFO] The file was moved to '47de6fa6.qua'! C:\Program Files\eMule\Incoming\Find_sacre charlemagne_using_emule_multimedia_toolbar.exe [DETECTION] Is the Trojan horse TR/Drop.HotWebBar.A [iNFO] The file was moved to '48197da6.qua'! C:\Program Files\Screensavers.com\SSSInst\bin\sinstaller2.exe [DETECTION] Contains detection pattern of the dropper DR/Comet.AC.1 [iNFO] The file was moved to '48198538.qua'! End of the scan: jeudi 7 février 2008 23:50 Used time: 2:17:47 min The scan has been done completely. 6959 Scanning directories 440225 Files were scanned 3 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 3 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 440222 Files not concerned 4027 Archives were scanned 1 Warnings 0 Notes et je vous envoie le rapport de hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:10:25, on 08/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Works\WksSb.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\MMTray.exe C:\WINDOWS\system32\MMTray2k.exe C:\WINDOWS\system32\MMTrayLSI.exe C:\WINDOWS\system32\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\TF1Vision\TF1vision.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tele2.fr/redirect/welcome/adsl/fra R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ccelerationEnabled R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [salestart] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com ad=http://moncontenuassistant.com sd=http://paylogs.moncontenuassistant.com O4 - HKCU\..\Run: [salestart(1)] "C:\Program Files\Fichiers communs\ProtectionAssuree\stmon.exe" dm=http://protectionassuree.com; ad=http://protectionassuree.com O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_2_0_4_9.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O24 - Desktop Component 0: (no name) - http://www.augrandbazar.com/Noel/Images/pnoel10.gif -- End of file - 9236 bytes Cordialement louloutez
  21. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    Bonsoir, Il ne m'a pas poser de question sur le fix déterminera si le fichier wininet.dll est infecté. Par contre il m'a fait un nettoyage du disque. Voici le raport de smitfraudfix : SmitFraudFix v2.281 Rapport fait à 21:23:07,89, 06/02/2008 Executé à partir de C:\Documents and Settings\OEMCOMPUTER\Mes documents\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DBEF5A4-60F4-431D-92D1-18C781C2ACA0}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0DBEF5A4-60F4-431D-92D1-18C781C2ACA0}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{0DBEF5A4-60F4-431D-92D1-18C781C2ACA0}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin louloutez
  22. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    Re bonsoir merci de bien vouloir m'aider pour supprimer tous mon bordelle. Je vous joins le rapport de smitfraudfix SmitFraudFix v2.281 Rapport fait à 20:21:18,09, 06/02/2008 Executé à partir de C:\Documents and Settings\OEMCOMPUTER\Mes documents\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Microsoft Works\WksSb.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\MMTray.exe C:\WINDOWS\system32\MMTray2k.exe C:\WINDOWS\system32\MMTrayLSI.exe C:\WINDOWS\system32\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\windows\system32\qzkdyel.exe C:\Program Files\TF1Vision\TF1vision.exe C:\Program Files\Fichiers communs\ProtectionAssuree\stmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\zcwlnic.dll PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\OEMCOMPUTER »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\OEMCOMPUTER\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\OEMCOM~1\Favoris C:\DOCUME~1\OEMCOM~1\Favoris\Online Security Test.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Video Add-on\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="http://www.microsoft.com/France/windows/plus/images/TH_Aqua.jpg"'>http://www.microsoft.com/France/windows/plus/images/TH_Aqua.jpg" "SubscribedURL"="http://www.microsoft.com/France/windows/plus/images/TH_Aqua.jpg" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="http://www.augrandbazar.com/Images/Simpsons.gif"'>http://www.augrandbazar.com/Images/Simpsons.gif" "SubscribedURL"="http://www.augrandbazar.com/Images/Simpsons.gif" "FriendlyName"="" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2] "Source"="http://www.augrandbazar.com/Noel/Images/pnoel10.gif"'>http://www.augrandbazar.com/Noel/Images/pnoel10.gif" "SubscribedURL"="http://www.augrandbazar.com/Noel/Images/pnoel10.gif" "FriendlyName"="" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{d66c22b6-2217-4d1a-9a90-1a54de1fc706}"="edgers" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{0DBEF5A4-60F4-431D-92D1-18C781C2ACA0}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{0DBEF5A4-60F4-431D-92D1-18C781C2ACA0}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{0DBEF5A4-60F4-431D-92D1-18C781C2ACA0}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin louloutez
  23. louloutez

    virus

    louloutez a répondu à un(e) sujet de louloutez dans Analyses et éradication malwares

    MERCI DE TA REPONSE JE T ENVOI COMME CONVENU LE RAPORT DE HIJACKTHIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:47:24, on 06/02/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Microsoft Works\WksSb.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\MMTray.exe C:\WINDOWS\system32\MMTray2k.exe C:\WINDOWS\system32\MMTrayLSI.exe C:\WINDOWS\system32\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\TF1Vision\TF1vision.exe C:\Program Files\Fichiers communs\ProtectionAssuree\stmon.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\Google\Google Updater\GoogleUpdater.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.tele2.fr/redirect/welcome/adsl/fra R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ccelerationEnabled R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - C:\Program Files\Video Add-on\isfmdl.dll (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe" O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [e-TF1] C:\Program Files\TF1Vision\TF1vision.exe O4 - HKLM\..\Run: [salestart] "C:\Program Files\Fichiers communs\ProtectionAssuree\stmon.exe" dm=http://protectionassuree.com; ad=http://protectionassuree.com O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [salestart] "C:\Program Files\Fichiers communs\MonContenuassistant\mc.exe" dm=http://moncontenuassistant.com ad=http://moncontenuassistant.com sd=http://paylogs.moncontenuassistant.com O4 - HKCU\..\Run: [salestart(1)] "C:\Program Files\Fichiers communs\ProtectionAssuree\stmon.exe" dm=http://protectionassuree.com; ad=http://protectionassuree.com O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKLM\..\Policies\Explorer\Run: [start] C:\Program Files\Video Add-on\isfmntr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_2_0_4_9.cab O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab O22 - SharedTaskScheduler: edgers - {d66c22b6-2217-4d1a-9a90-1a54de1fc706} - (no file) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O24 - Desktop Component 0: (no name) - http://www.microsoft.com/France/windows/pl...ges/TH_Aqua.jpg O24 - Desktop Component 1: (no name) - http://www.augrandbazar.com/Images/Simpsons.gif O24 - Desktop Component 2: (no name) - http://www.augrandbazar.com/Noel/Images/pnoel10.gif -- End of file - 10213 bytes LOULOUTEZ
  24. louloutez
    Bonjours, j'ai avast comme antivirus et je suis infectés. Pouvez-vous m'aider à les enlever svp. Voici la liste : 06/02/2008 14:05 Analyse de tous les lecteurs locaux Fichier C:\System Volume Information\_restore{E8C1BEFE-8EA2-4044-9D73-42DB827067DA}\RP841\A0129534.dll est infecté par Win32:Zlob-AQC [Trj], Réparer: Erreur 42060 {Le fichier n'a pas été réparé.}, Réparer: Erreur 42060 {Le fichier n'a pas été réparé.}, Réparer: Erreur 42060 {Le fichier n'a pas été réparé.}, Mis en quarantaine Fichier C:\System Volume Information\_restore{E8C1BEFE-8EA2-4044-9D73-42DB827067DA}\RP841\A0129543.exe est infecté par Win32:Adware-gen [Adw], Mis en quarantaine Fichier C:\System Volume Information\_restore{E8C1BEFE-8EA2-4044-9D73-42DB827067DA}\RP841\A0129551.dll est infecté par Win32:Zlob-AQC [Trj], Mis en quarantaine Fichier C:\System Volume Information\_restore{E8C1BEFE-8EA2-4044-9D73-42DB827067DA}\RP841\A0129562.dll est infecté par Win32:Zlob-AQC [Trj], Mis en quarantaine Fichier C:\System Volume Information\_restore{E8C1BEFE-8EA2-4044-9D73-42DB827067DA}\RP841\A0129566.exe est infecté par Win32:Zlob-AJZ [Trj], Mis en quarantaine Fichier C:\System Volume Information\_restore{E8C1BEFE-8EA2-4044-9D73-42DB827067DA}\RP841\A0129574.dll est infecté par Win32:Zlob-AQC [Trj], Mis en quarantaine Fichier C:\System Volume Information\_restore{E8C1BEFE-8EA2-4044-9D73-42DB827067DA}\RP841\A0129586.dll est infecté par Win32:Zlob-AQC [Trj], Mis en quarantaine Fichier C:\System Volume Information\_restore{E8C1BEFE-8EA2-4044-9D73-42DB827067DA}\RP841\A0129590.exe est infecté par Win32:Zlob-AKN [Trj], Mis en quarantaine Fichier C:\System Volume Information\_restore{E8C1BEFE-8EA2-4044-9D73-42DB827067DA}\RP879\A0147827.exe est infecté par Win32:Adware-gen [Adw], Mis en quarantaine Fichier C:\System Volume Information\_restore{E8C1BEFE-8EA2-4044-9D73-42DB827067DA}\RP887\A0150477.exe est infecté par Win32:Adware-gen [Adw], Mis en quarantaine Fichier C:\System Volume Information\_restore{E8C1BEFE-8EA2-4044-9D73-42DB827067DA}\RP902\A0155818.dll est infecté par Win32:Agent-QFH [Trj], Mis en quarantaine Nombre de dossiers parcourus : 7234 Nombre de fichiers analysés : 100817 Nombre de fichiers infectés : 11 Merci de me répondre
×
×
  • Créer...