Aller au contenu

Moumoune

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    14

  • Inscription

  • Dernière visite

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Sexe
    Female
  • Localisation
    Region parisienne

Autres informations

  • Mes langues
    Francais

Moumoune's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Moumoune
    Merci Thanos pour toute la procédure, c est super sympa. En ce moment je suis surbooké, et je ne pourrais m'y consacrer correctement que ce week end au pire. J ai dèja vérifié les controles actives X, c' etait comme tu me l as demandé. Juste que j ai constaté que télécharger les actives X non signés étaient à demander, j ai donc rectifié et mis à désactiver. Par contre le bouton appliquer est grisé. Et merci encore. Dès que possible je poste.
  2. Moumoune
    Bonjour, il m est impossible d ouvrir www.google.fr voir même www.microsoft.com que ce soit par internet explorer ou par firefox. quelqu un peut il m aider? voici un rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:51:25, on 01/04/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\Documents and Settings\USER\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: {42c4f8db-c38c-28db-1be4-91e161ab8860} - {0688ba16-1e19-4eb1-bd82-c83cbd8f4c24} - (no file) O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file) O2 - BHO: (no name) - {25394D4D-C6A0-4D8A-87D9-08D4FCFBCD93} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O2 - BHO: (no name) - {F9816433-3DA9-4C17-B8EF-8A9514B02E62} - (no file) O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe O4 - HKCU\..\Policies\Explorer\Run: [prov] prov.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O15 - Trusted Zone: http://www.angel2005.be O15 - Trusted Zone: http://www.aufeminin.com O15 - Trusted Zone: http://www.blackvelvetdreamz.com O15 - Trusted Zone: http://*.bxnxg.net O15 - Trusted Zone: http://www.distrigame.com O15 - Trusted Zone: http://www.fnac.com O15 - Trusted Zone: http://www.google.fr O15 - Trusted Zone: http://play.hoylegames.com O15 - Trusted Zone: http://www.ideesmaison.com O15 - Trusted Zone: http://cgi8.igl.net O15 - Trusted Zone: http://hoylegames.igl.net O15 - Trusted Zone: http://www.igl.net O15 - Trusted Zone: http://www3.igl.net O15 - Trusted Zone: http://www.images-passions.com O15 - Trusted Zone: http://www.madwin.com O15 - Trusted Zone: http://www.milimel.com O15 - Trusted Zone: http://www.msn-astuce.com O15 - Trusted Zone: http://webmessenger.msn.com O15 - Trusted Zone: http://www.myleague.com O15 - Trusted Zone: http://*.myleague.com O15 - Trusted Zone: http://www.orange.fr O15 - Trusted Zone: http://www.prizee.com O15 - Trusted Zone: http://*.salfantasia.us O15 - Trusted Zone: http://www.secuser.com O15 - Trusted Zone: http://www.shinemsn.com O15 - Trusted Zone: http://hoylegames.sierra.com O15 - Trusted Zone: http://www.telechargementz.org O15 - Trusted Zone: http://www.wanadoo.fr O15 - Trusted Zone: http://www.zonejeux.com O15 - Trusted IP range: http://8.5.0.53 O15 - Trusted IP range: http://8.5.0.58 O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/eng/boards_2_0_0_33.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1169625738312 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/eng/poker_2_0_0_44.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} - http://hoylegames.igl.net/cab/WONWebLauncherControl.cab O16 - DPF: {A9ED6AA2-D9D4-4D71-9586-E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) - http://67.15.101.3/g_bin/eng/marbles_2_0_0_30.cab O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (M6music player) - http://sib1.od2.com/common/musicmanager/in...nagerPlugin.CAB O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/Gam...ronGameHost.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- End of file - 11092 bytes Merci
  3. Moumoune
    Au fait la console de récupération . On attend un peu ou on la vire et si oui comment ?
  4. Moumoune
    Ok c est fait Merci de ton aide
  5. Moumoune
    Ok c est fait Merci de ton aide
  6. Moumoune
    Hello , Voila le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:43:59, on 14/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\AMD\PowerNow!\GemServ.exe C:\Program Files\AMD\PowerNow!\gemback.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\IEEE 802.11g Wireless LAN Utility\WLANUTL.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe O4 - Global Startup: IEEE 802.11g Wireless LAN Utility.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O15 - Trusted Zone: http://*.aufeminin.com O15 - Trusted Zone: http://hoylegames.sierra.com O16 - DPF: {00000000-0000-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int20.exe O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst_fr.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154872230061 O20 - AppInit_DLLs: 303169590.dll O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: AMD PowerNow! Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 5458 bytes
  7. Moumoune
    Salut Voici le rapport : WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP ?dition familiale" /fastdetect /NoExecute=OptIn C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons Tu m as donné les deux possibilités de démarrage mais tu ne m as pas dit laquelle je devais faire a te lire
  8. Moumoune
    Re voici le rapport combofix ComboFix 08-03-10.1 - Moumoune 2008-03-12 21:57:22.1 - NTFSx86 MINIMAL Endroit: C:\Documents and Settings\Moumoune\Bureau\ComboFix.exe AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Serge\Application Data\Hotbar_Icons C:\Documents and Settings\Serge\Application Data\Hotbar_Icons\3bSoftware_icon_1.ico C:\Documents and Settings\Serge\Application Data\Hotbar_Icons\Registryrepair.ico C:\Documents and Settings\Serge\Application Data\Hotbar_Icons\wallpapere1.ico C:\Program Files\Fichiers communs\{6CE91~1 C:\WINDOWS\BM6fda29cf.xml C:\WINDOWS\cookies.ini C:\WINDOWS\pskt.ini C:\WINDOWS\system32\awttr.dll C:\WINDOWS\system32\btwsbwhy.ini C:\WINDOWS\system32\dlmubgfe.dll C:\WINDOWS\system32\efgbumld.ini C:\WINDOWS\system32\guard.tmp C:\WINDOWS\system32\jpyouzkgq.dat C:\WINDOWS\system32\jpyouzkgq_nav.dat C:\WINDOWS\system32\jpyouzkgq_navps.dat C:\WINDOWS\system32\kknnn.ini C:\WINDOWS\system32\kknnn.ini2 C:\WINDOWS\system32\pfelcopv.ini C:\WINDOWS\system32\rttwa.ini C:\WINDOWS\system32\rttwa.ini2 C:\WINDOWS\system32\uiynkpyt.ini C:\WINDOWS\system32\wabay.ini C:\WINDOWS\system32\wabay.ini2 C:\WINDOWS\system32\wwxoouky.ini C:\WINDOWS\system32\xupcvmjj.ini C:\WINDOWS\system32\xvufdgrv.ini C:\WINDOWS\system32\yesvailc.dll C:\WINDOWS\TW91bW91bmU\ . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_CMDSERVICE -------\LEGACY_NETWORK_MONITOR -------\cmdService ((((((((((((((((((((((((((((( Fichiers créés 2008-02-12 to 2008-03-12 )))))))))))))))))))))))))))))))))))) . 2008-03-12 21:14 . 2008-03-12 21:14 <REP> d-------- C:\Program Files\Trend Micro 2008-03-12 18:19 . 2003-05-16 16:27 20,992 --a------ C:\WINDOWS\system32\CGLBar.exe 2008-03-12 18:09 . 2008-03-12 18:03 691,545 --a------ C:\WINDOWS\unins000.exe 2008-03-12 18:09 . 2008-03-12 18:09 2,548 --a------ C:\WINDOWS\unins000.dat 2008-03-12 06:14 . 2007-08-01 22:47 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys 2008-03-12 05:14 . 2008-03-12 06:24 <REP> d-------- C:\Documents and Settings\Moumoune\.housecall6.6 2008-03-12 05:04 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-03-12 04:32 . 2008-03-12 04:32 <REP> d-------- C:\WINDOWS\system32\LogFiles 2008-03-12 00:46 . 2008-03-12 00:46 15 --a------ C:\WINDOWS\system32\6ce908dd 2008-03-12 00:12 . 2008-03-12 13:54 2,442 --a------ C:\WINDOWS\system32\tmp.reg 2008-03-12 00:08 . 2008-03-12 02:54 <REP> d-------- C:\SmitfraudFix 2008-03-11 16:44 . 2008-03-11 16:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-03-11 16:07 . 2008-03-11 17:28 <REP> d-------- C:\Documents and Settings\Moumoune\Download 2008-03-11 10:17 . 2008-03-11 16:11 2,396,308 ---hs---- C:\WINDOWS\system32\yopnvwrb.ini 2008-03-09 11:22 . 2008-03-11 10:15 1,307,861 ---hs---- C:\WINDOWS\system32\onvrismx.ini 2008-03-08 11:16 . 2008-03-09 11:16 1,307,741 ---hs---- C:\WINDOWS\system32\exqopmkf.ini 2008-02-28 18:24 . 2006-08-21 10:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys 2008-02-28 18:24 . 2006-08-21 10:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe 2008-02-28 18:24 . 2006-08-21 13:26 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll 2008-02-28 15:41 . 2007-07-09 14:11 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll 2008-02-28 12:07 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS 2008-02-28 12:05 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\ixaqykhfrnil.sys 2008-02-28 11:43 . 2008-02-28 11:43 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2008-02-28 11:43 . 2008-02-28 11:43 1,406 --a------ C:\WINDOWS\system32\Help.ico . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-12 20:52 --------- d-----w C:\Program Files\Google 2008-03-12 18:51 --------- d-----w C:\Documents and Settings\Moumoune\Application Data\OpenOffice.org2 2008-03-12 16:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-03-12 10:57 --------- d-----w C:\Program Files\Unlocker 2008-03-12 04:04 --------- d-----w C:\Program Files\Java 2008-03-11 13:46 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-28 11:56 --------- d-----w C:\Program Files\Webshots 2008-02-28 11:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-28 11:55 --------- d-----w C:\Program Files\PrintKey 2000 Fr 2008-02-28 11:48 --------- d-----w C:\Program Files\Messenger Plus! 3 2008-01-19 09:33 --------- d-----w C:\Program Files\Fichiers communs\AOL . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-12 19:41 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TWCU"="C:\Program Files\TP-LINK\TWCU\TWCU.exe" [2005-07-14 10:40 413696] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "SoundMan"="SOUNDMAN.EXE" [2003-12-19 09:53 65024 C:\WINDOWS\SOUNDMAN.EXE] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "MessengerPlus3"="C:\Program Files\Messenger Plus! 3\MsgPlus.exe" [2005-10-09 13:53 190024] "Creative WebCam Tray"="C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE" [2002-07-17 01:30 53248] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872] "MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-19 15:10 160768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "Config Loader"="" [] "Registry Loader"="" [] "MS Config Loader"="" [] "Microsoft Office"="" [] "Microsoft Office Start"="" [] "Windows Update"="" [] "Windows Backup Configuration"="" [] "Microsoft Windows Updater"="" [] "Config Loader2"="" [] "Office Startup"="" [] "Quicktime Pro 3.0"="" [] "Svhost Loader"="" [] "MS Security Hotfix"="" [] "Windows Communicator"="" [] "Config Loader for Microsoft Windows"="" [] "System Loaderav"="" [] "ConfiggLoader"="" [] "Sound Loader"="" [] "Windows Config Manager"="" [] "Windows Loader"="" [] "Service Controller"="" [] "Ms Task"="" [] "Windows Explorer"="" [] "Mixer"="" [] "System Loaderap"="" [] "Norton Live Updater"="" [] "Windows Update Service"="" [] "Update"="" [] "Configuration Loading"="" [] "MS Config Stream"="" [] "Win Init"="" [] "Windows Startup"="" [] "Windows Media Player"="" [] "WindowsFS"="" [] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=303169590.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= S1 gemwdm;AMD PowerNow! Technology;C:\WINDOWS\system32\DRIVERS\gemwdm.sys [2001-11-14 13:13] S2 P0250BUK;Creative PC-CAM 550 (Still);C:\WINDOWS\system32\Drivers\p0250Buk.sys [2002-04-09 02:00] S3 D500M;D500M;C:\WINDOWS\system32\DRIVERS\D500M.sys [2004-09-16 19:11] S3 D500U;D500U;C:\WINDOWS\system32\DRIVERS\D500U.sys [2005-01-10 18:03] S3 EPUSBSTOR;EPSON USB Storage Driver;C:\WINDOWS\system32\DRIVERS\epusbsto.sys [2001-09-10 00:00] S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2004-09-13 13:11] S3 P0250VID;Creative PC-CAM 550 (Video);C:\WINDOWS\system32\DRIVERS\p0250v2k.sys [2002-11-15 02:00] S3 WLAN_DCB;IEEE 802.11g Wireless LAN CardBus Driver;C:\WINDOWS\system32\DRIVERS\WLANDCB.sys [2003-06-20 06:45] . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-12 22:05:06 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-03-12 22:08:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-12 21:08:15 . 2008-03-12 10:53:55 --- E O F --- ___________________________________________________________________________ Je sais pas si il est complet je fais un rapport d hijackthis ou je dois recommencer combofix? ___________________________________________________________________________ Bon je te mets le rapport Hijackthis n ayant pas de nouvelle, tu dois être sous la couette Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:04:36, on 13/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\AMD\PowerNow!\GemServ.exe C:\Program Files\AMD\PowerNow!\gemback.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\IEEE 802.11g Wireless LAN Utility\WLANUTL.exe C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe O4 - Global Startup: IEEE 802.11g Wireless LAN Utility.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O15 - Trusted Zone: http://*.aufeminin.com O15 - Trusted Zone: http://hoylegames.sierra.com O16 - DPF: {00000000-0000-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int20.exe O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst_fr.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154872230061 O20 - AppInit_DLLs: 303169590.dll O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: AMD PowerNow! Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 5329 bytes Bye Bye et à demain
  9. Moumoune
    Re Lien rag, les détections successives ne me permettaient pas de telecharger sur ce PC d 'ou la desinstallation d antivir malgré la désactivation d'Avira? OUI le PC se bloquait et a l ouverture avant le chargement complet de la session les detections apparaissaient , et je ne pouvais désactiver Antivir. Arrachage de cheveux, au bout 1 heure j ai craqué et desinstallation d antivir. J ai deux questions : le scan combofix a commencé, cool, ensuite il a redémarré j ai eu un log et je l ai enregistré, et là ecran noir avec indication mode sans echec --> Je ne sais que faire, j ai peut être fait une betise ? Par ailleurs le rapport hijackthis en mode normal ou sans échec ? En attendant des précisions , toujours écran noir
  10. Moumoune
    Bonsoir lien Rag, Comme je te l ai noté dans un précédent message les détections successives ne me permettaient pas de telecharger sur ce PC d 'ou la desinstallation d antivir. J assure par clef USB entre les 2 PC. Voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:15:03, on 12/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\AMD\PowerNow!\GemServ.exe C:\Program Files\AMD\PowerNow!\gemback.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IEEE 802.11g Wireless LAN Utility\WLANUTL.exe C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [6ce91a53] rundll32.exe "C:\WINDOWS\system32\dlmubgfe.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-1054399380-2116445722-1688842310-1009\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Serge') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe O4 - Global Startup: IEEE 802.11g Wireless LAN Utility.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O15 - Trusted Zone: http://*.aufeminin.com O15 - Trusted Zone: http://hoylegames.sierra.com O16 - DPF: {00000000-0000-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int20.exe O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst_fr.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154872230061 O20 - AppInit_DLLs: 303169590.dll O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW91bW91bmU\command.exe (file missing) O23 - Service: AMD PowerNow! Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 5183 bytes Et Merci encore
  11. Moumoune
    Bonjour, En premier lieu : excusez les fautes J ai omis de préciser hier que j ai bien désinstallé Avast J ai enfin réussit a démarrer en mode sans échec. En fait hier j avais omis par msconfig de cocher le safeboot dans boot.ini J ai du désinstallé aussi antivir, je n arrivais à rien faire sur le pc. J avais systématiquement une détection awttr.dll J’ai aussi fait un scan en ligne trend micro, qui n’ a pas pu désinsfecter C/windows/system32/awttr.dll et HKLM/sofware/Microsoft/windows/current Controlset/services :cmdservices/ J’ai passé Ccleaner et Spybot J’ai supprimé les fichiers temporaires , désinstallé hijackthis et smitfraudfix. Je les ai réistallé et voici les rapports. Rapport Hijacthis : Logfile of HijackThis v1.99.1 Scan saved at 13:07:40, on 12/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\AMD\PowerNow!\GemServ.exe C:\Program Files\AMD\PowerNow!\gemback.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe C:\Program Files\IEEE 802.11g Wireless LAN Utility\WLANUTL.exe C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\Program Files\Hijackthis Version Française\hijackthis vf.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {6E311DED-7CCE-4316-8129-02BC4FB8ADA9} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: (no name) - {B345485C-9BF6-4A89-A073-80F9E5DF31C7} - C:\WINDOWS\system32\awttr.dll O2 - BHO: (no name) - {B605FEB1-F0C3-412A-9F64-56F486CE056F} - (no file) O2 - BHO: {109b8101-5b91-003b-3474-591a536a010d} - {d010a635-a195-4743-b300-19b51018b901} - C:\WINDOWS\system32\yesvailc.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [6ce91a53] rundll32.exe "C:\WINDOWS\system32\dlmubgfe.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe O4 - Global Startup: IEEE 802.11g Wireless LAN Utility.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O15 - Trusted Zone: http://*.aufeminin.com O15 - Trusted Zone: http://hoylegames.sierra.com O16 - DPF: {00000000-0000-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int20.exe O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst_fr.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154872230061 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: 303169590.dll O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\r6r6lg9s16.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW91bW91bmU\command.exe (file missing) O23 - Service: AMD PowerNow! Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe Voici le rapport Smitfraudfix en mode normal : SmitFraudFix v2.301 Rapport fait à 13:31:53,08, 12/03/2008 Executé à partir de C:\Documents and Settings\Moumoune\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\AMD\PowerNow!\GemServ.exe C:\Program Files\AMD\PowerNow!\gemback.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe C:\Program Files\IEEE 802.11g Wireless LAN Utility\WLANUTL.exe C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\WINDOWS\explorer.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\xpupdate.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Moumoune »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Moumoune\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Moumoune\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="303169590.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: TP-LINK 11b/g Wireless Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 DNS Server Search Order: 194.98.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{60D41BCE-4A63-4BAE-82CD-A1A772AF98CD}: DhcpNameServer=192.168.1.1 194.98.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{60D41BCE-4A63-4BAE-82CD-A1A772AF98CD}: DhcpNameServer=192.168.1.1 194.98.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 194.98.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 194.98.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Voici le rapport Smitfraudfix en mode sans échec : SmitFraudFix v2.301 Rapport fait à 13:43:36,78, 12/03/2008 Executé à partir de C:\Documents and Settings\Moumoune\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\xpupdate.exe supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{60D41BCE-4A63-4BAE-82CD-A1A772AF98CD}: DhcpNameServer=192.168.1.1 194.98.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{60D41BCE-4A63-4BAE-82CD-A1A772AF98CD}: DhcpNameServer=192.168.1.1 194.98.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 194.98.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 194.98.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Merci d’avance de prendre du temps pour m aider
  12. Moumoune
    Re Désolée j ai été longue je suis sur le pc fixe pour poster car je n arrivais pas mon pc se bloquait; j ai fait les deux rapports comme tu m as demandé. lors du premier rapport tout c est bien passé. pour le 2eme en faisant F8 pour le mode sans échec je suis tombé sur un ecran tout en anglais alors j ai quitté j ai fait msconfig et j ai démarré en mode diagnostic. Je pensais que c etait la meme chose mais il ne semble pas le rapport dis mode normal. J en profite pour te poser une question. A l ouverture du pc j ai trois possibilités avant la mire windows XP F2 Bios setup F12 Boot setup Escap Skip Boot logo Est ce une de ses touches que je devais choisir pour le mode sans echec? Pour récupérer les rapports, comme les trojans s affolait avant meme d avoir la possibilité de recup les 2 rapports j ai supprimer la connexion Internet et apres x tentatives j ai reussit a désactiver antivir. Voici le 1er rapport : SmitFraudFix v2.301 Rapport fait à 0:12:12,10, 12/03/2008 Executé à partir de C:\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AMD\PowerNow!\GemServ.exe C:\Program Files\AMD\PowerNow!\gemback.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MalwareAlarm\pv.exe C:\Program Files\IEEE 802.11g Wireless LAN Utility\WLANUTL.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe C:\PROGRA~1\Webshots\webshots.scr C:\Documents and Settings\Moumoune\Bureau\HijackThis.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\keyboard1.dat PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Moumoune »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Moumoune\Application Data C:\Documents and Settings\Moumoune\Application Data\Install.dat PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Moumoune\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="303169590.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: TP-LINK 11b/g Wireless Adapter - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 DNS Server Search Order: 194.98.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{60D41BCE-4A63-4BAE-82CD-A1A772AF98CD}: DhcpNameServer=192.168.1.1 194.98.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{60D41BCE-4A63-4BAE-82CD-A1A772AF98CD}: DhcpNameServer=192.168.1.1 194.98.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{60D41BCE-4A63-4BAE-82CD-A1A772AF98CD}: DhcpNameServer=192.168.1.1 194.98.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 194.98.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 194.98.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 194.98.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Voici le 2eme rapport : SmitFraudFix v2.301 Rapport fait à 0:34:18,64, 12/03/2008 Executé à partir de C:\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\keyboard1.dat supprimé C:\Documents and Settings\Moumoune\Application Data\Install.dat supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Et merci beaucoup pour ton aide
  13. Moumoune
    Bonsoir, Voici le rapport que tu m as demandé Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:42:18, on 11/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\acs.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AMD\PowerNow!\GemServ.exe C:\Program Files\AMD\PowerNow!\gemback.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\Messenger Plus! 3\MsgPlus.exe C:\Program Files\TP-LINK\TWCU\TWCU.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MalwareAlarm\pv.exe C:\Program Files\IEEE 802.11g Wireless LAN Utility\WLANUTL.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.exe C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe C:\PROGRA~1\Webshots\webshots.scr C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Moumoune\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\PC-CAM Center\CAMTRAY.EXE O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TWCU\TWCU.exe" -nogui O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [xpha5f2d] RUNDLL32.EXE w069137f.dll,n 002a5f2b0000000a069137f O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Startup: PrintKey 2000 Fr.lnk = C:\Program Files\PrintKey 2000 Fr\Printkey 2000 Fr.exe O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe O4 - Global Startup: IEEE 802.11g Wireless LAN Utility.lnk = ? O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O15 - Trusted Zone: http://*.aufeminin.com O15 - Trusted Zone: http://hoylegames.sierra.com O16 - DPF: {00000000-0000-0000-0000-000330050660} - http://207.234.185.217/aboxinst_int20.exe O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab O16 - DPF: {1A26F07F-0D60-4835-91CF-1E1766A0EC56} (WebInstall Class) - http://scanner2.malware-scan.com/setup/webinst_fr.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154872230061 O20 - AppInit_DLLs: 303169590.dll O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TW91bW91bmU\command.exe (file missing) O23 - Service: AMD PowerNow! Technology Service (GemServ) - Advanced Micro Devices - C:\Program Files\AMD\PowerNow!\GemServ.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe -- End of file - 5618 bytes
  14. Moumoune
    Bonjour, J ai le PC portable qui est infecté. N arrivant pas à m'en sortir, j ai installé antivir. Avast était mon antivirus jusqu'a ce jour et bien qu il ma informé de trojans, ils reviennent systematiquement, et le PC rame voit se bloque J ai vraiment besoin d aide Voici ma configuration Systeme : Microsoft Windows XP Edition Familiale Version 2002 Service Pack 2 Utilisateur Moumoune 55639-OEM-0011903-00117 Fujitsu Siemens Computer Mobile Mobile AMD Athlon XP-M 2600+ 1,99GHz, 480 MO de Ram Navigateur internet ie7 J ai fait un scan antivir dont voici le rapport : AntiVir PersonalEdition Classic Report file date: mardi 11 mars 2008 17:52 Scanning for 1142431 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: GADIS Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 15:51:12 ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 15:51:12 ANTIVIR3.VDF : 7.0.3.16 76800 Bytes 11/03/2008 15:51:12 AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 11/03/2008 15:51:13 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 11/03/2008 15:51:13 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 11 mars 2008 17:52 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'webshots.scr' - '1' Module(s) have been scanned Scan process 'Printkey 2000 Fr.exe' - '1' Module(s) have been scanned Scan process 'soffice.bin' - '1' Module(s) have been scanned Scan process 'soffice.exe' - '1' Module(s) have been scanned Scan process 'reader_sl.exe' - '1' Module(s) have been scanned Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned Scan process 'pv.exe' - '1' Module(s) have been scanned Scan process 'MalwareAlarm.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'ashDisp.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'TWCU.exe' - '1' Module(s) have been scanned Scan process 'MsgPlus.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'slserv.exe' - '1' Module(s) have been scanned Scan process 'gemback.exe' - '1' Module(s) have been scanned Scan process 'GemServ.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'acs.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'ashServ.exe' - '1' Module(s) have been scanned Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 46 processes with 46 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. C:\WINDOWS\system32\brwvnpoy.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '484db965.qua'! C:\WINDOWS\system32\brwvnpoy.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen C:\WINDOWS\system32\uhuxruhg.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '484bb95e.qua'! C:\WINDOWS\system32\uhuxruhg.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen The registry was scanned ( '28' files ). Starting the file scan: Begin scan in 'C:\' <SYSTEM> C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Moumoune\Local Settings\Temp\_bm1fcmlkcmFkaXBfbWFfa3cxX21hNWZycw_dmlydXM_bm1fNjg1NjRfMzZmMDM2YWViODYyMTF kYzhhNWRmNjg1NjRlZmZmZmZfOGE1ZGJlMDE4Y2M1NGRlYTg0M2ZlYWYyMDhmZmYxZjQ_.exe [DETECTION] Is the Trojan horse TR/Peed.A.74 [iNFO] The file was moved to '4843bb97.qua'! C:\Documents and Settings\Moumoune\Local Settings\Temp\_bm1fcmlkcmFkaXBfbWFfa3cxX21hNWZycw_ZG93bmxvYWQ_bm1fNjg1NjRfMzZmMDM2YWViODY yMTFkYzhhNWRmNjg1NjRlZmZmZmZfOGE1ZGJlMDE4Y2M1NGRlYTg0M2ZlYWYyMDhmZmYxZjQ_.exe [DETECTION] Is the Trojan horse TR/Peed.A.74 [iNFO] The file was moved to '4843bb9e.qua'! C:\Documents and Settings\Moumoune\Local Settings\Temp\_bm1fcmlkX21hX2t3MV9tYTVmcnM_c29mdA_bm1fNjg1NjRfMzZmMDM2YWViODYyMTFkYzhhNWR mNjg1NjRlZmZmZmZfOGE1ZGJlMDE4Y2M1NGRlYTg0M2ZlYWYyMDhmZmYxZjQ_.exe [DETECTION] Is the Trojan horse TR/Peed.A.74 [iNFO] The file was moved to '4843bba3.qua'! C:\Documents and Settings\Moumoune\Local Settings\Temporary Internet Files\Content.IE5\LP4PSD1O\CA6P318K [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '480cbba1.qua'! C:\Documents and Settings\Moumoune\Local Settings\Temporary Internet Files\Content.IE5\RJT3MEX7\CAEJ4TQF [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '481bbbe9.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP668\A0130254.vbs [DETECTION] Is the Trojan horse TR/Small.WY [iNFO] The file was moved to '4807c4a7.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP669\A0130274.exe [DETECTION] Contains detection pattern of the dropper DR/MartShop.2 [iNFO] The file was moved to '4807c4c1.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP680\A0132985.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c594.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP683\A0135064.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c5bc.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP683\A0135077.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c5bf.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP684\A0135102.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c5c5.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP685\A0136546.exe [DETECTION] Is the Trojan horse TR/Peed.A.74 [iNFO] The file was moved to '4807c6e0.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP686\A0137147.exe [DETECTION] Is the Trojan horse TR/Peed.A.74 [iNFO] The file was moved to '4807c6e7.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP686\A0137176.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c6ee.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP686\A0137177.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c6f2.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP686\A0137178.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c6f5.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP686\A0137180.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c6f8.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP686\A0137182.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c6fc.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP686\A0137200.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c700.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP686\A0137201.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c703.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP686\A0137203.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c706.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP686\A0138357.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c74a.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP686\A0138358.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c74d.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP687\A0138409.exe [DETECTION] Is the Trojan horse TR/Peed.A.74 [iNFO] The file was moved to '4807c756.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP687\A0138438.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c75a.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP687\A0138439.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c75c.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP687\A0138440.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c75e.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP687\A0138442.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c760.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP687\A0138444.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c762.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP687\A0138462.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c765.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP687\A0138463.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c767.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP687\A0138465.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c769.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP687\A0139618.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c7b0.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP687\A0139619.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c7b2.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP687\A0139667.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '4807c7b7.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP688\A0141658.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c7bd.qua'! C:\System Volume Information\_restore{F52AFF6A-D3C5-474B-930A-91214A130311}\RP688\A0141659.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4807c7c0.qua'! C:\WINDOWS\xpupdate.exe [DETECTION] Is the Trojan horse TR/Peed.A.74 [iNFO] The file was moved to '484bc816.qua'! C:\WINDOWS\Downloaded Program Files\webinst.dll [WARNING] 'Is the Trojan horse TR/Peed.A.74'. This detection is probably an error. Please send us this file immediately for further analysis. C:\WINDOWS\system32\atuupoey.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '484bcc97.qua'! C:\WINDOWS\system32\awttr.dll [DETECTION] Is the Trojan horse TR/Vundo.EBV [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003 [WARNING] The file could not be deleted! C:\WINDOWS\system32\baxoqkay.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '484ecce0.qua'! C:\WINDOWS\system32\cmaslthb.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003 [WARNING] The file could not be deleted! C:\WINDOWS\system32\jkklk.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4841cd29.qua'! C:\WINDOWS\system32\loqpkrgw.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4847cd37.qua'! C:\WINDOWS\system32\oxfmdyys.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '483ccd74.qua'! C:\WINDOWS\system32\pjxjabmj.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '484ecd6e.qua'! C:\WINDOWS\system32\qaaqrujb.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '4837cd69.qua'! C:\WINDOWS\system32\yayxv.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '484fcdb7.qua'! End of the scan: mardi 11 mars 2008 19:22 Used time: 1:30:16 min The scan has been done completely. 5085 Scanning directories 370115 Files were scanned 49 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 48 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 370066 Files not concerned 8053 Archives were scanned 4 Warnings 11 Notes Merci d avance
×
×
  • Créer...