Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

spyware fantome ?

LONGBOW

Par LONGBOW
dans Analyses et éradication malwares

 Partager

Messages recommandés

LONGBOW Junior Member

LONGBOW

Posté(e)
Posté(e)

Bonjour à tous les Zebuloniens

 

je vous expose la sitauation en bref:Chaque samedi j'effectue un scan complet du micro avec AVAST jusque là tout va bien,un coup d'ADWARE :supression de 6 objets critiques nickel, au tour de SPYBOAT il affiche le probleme :HELLZ LITTLE SPY et avant la fin du scan l'ordinateur s'eteint tout seul.Je rallume et la passage obligatoire il scanne le disque C en FAT 32.Pas moyen de zapper cette sequence, je refait le scan avec SPYBOAT et rebelote l'ordinateur s'éteint tout seul,mais cette fois SPYBOAT n'a laissé aucune information.

J'ai donc telecharger HIJACKTHIS et je joins le rapport(du moins je vais essayer) et merci d'avance pour votre aide. Logfile of HijackThis v1.991

Scan saved at 16:25:27, on 28/01/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\acer\Acer eConsole\MediaServerService.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe

C:\Program Files\Acer\eRecovery\Monitor.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Acer\Acer eMode Management\AspireService.exe

C:\Program Files\Acer\Acer eConsole\MediaSync.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe

O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{554BB5AA-7DF0-4439-BF3F-A6188B2F5BD1}: NameServer = 212.216.212.112,212.216.172.62

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

LoGiC Full Patch Member

LoGiC

Posté(e)
Posté(e)

Salut

 

Si tu penses être infecté, commences par appliquer la procédure de -=Pré-Nettoyage d'un P.C infecté=-

 

Ensuite, postes les deux rapports qui en découleront (Antivir et HijackThis)

 

dans un nouveau post à la suite de CE topic.

 

Un conseillé en sécurité analysera ces rapports et te donneras la marche à suivre.

 

Bon nettoyage et tiens nous au courant !

LONGBOW Junior Member

LONGBOW

Posté(e)
  • Auteur
Posté(e)
Salut

 

Si tu penses être infecté, commences par appliquer la procédure de -=Pré-Nettoyage d'un P.C infecté=-

 

Ensuite, postes les deux rapports qui en découleront (Antivir et HijackThis)

 

dans un nouveau post à la suite de CE topic.

 

Un conseillé en sécurité analysera ces rapports et te donneras la marche à suivre.

 

Bon nettoyage et tiens nous au courant !

 

Bonjour GURONSAN et merci pour ton aide:

 

 

Jai imprime le topic telecharger ANTIVIR et HIJACKTHIS seulement voila il y a un hic:

 

Je peux pas passer ANTIVIR en mode sans echec,comme c'est ecrit dans le topic ,je l'ai fait en mode normal,faute de mieux, ANTIVIR a trouvé quatre objets que j'ai mis en quarantaine, par curiosite j'ai essaye d'activer SPYBOAT apres ça ,mais là encore l'ordinateur s'éteint tout seul en cours de scan.Suite à quoi je fais le scan d'hijackthis j'ai sauvegarder les rapports D'ANTIVIR et HIJACKTHIS que vous trouverez ci-après

 

 

 

AntiVir PersonalEdition Classic

Report file date: vendredi 2 février 2007 19:24

 

Scanning for 662365 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username:

Computer name:

 

Version information:

BUILD.DAT : 217 12749 Bytes 05/12/2006 17:00:00

AVSCAN.EXE : 7.0.3.5 208936 Bytes 01/02/2007 18:30:48

AVSCAN.DLL : 7.0.3.1 35880 Bytes 05/12/2006 16:00:24

LUKE.DLL : 7.0.3.2 143400 Bytes 31/10/2006 16:07:48

LUKERES.DLL : 7.0.2.0 9256 Bytes 05/12/2006 16:00:24

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 15:30:08

ANTIVIR1.VDF : 6.37.0.153 3131392 Bytes 12/01/2007 18:30:48

ANTIVIR2.VDF : 6.37.0.235 374784 Bytes 29/01/2007 18:30:48

ANTIVIR3.VDF : 6.37.1.26 106496 Bytes 02/02/2007 18:23:56

AVEWIN32.DLL : 7.3.1.34 2290176 Bytes 01/02/2007 18:30:48

AVPREF.DLL : 7.0.2.0 23592 Bytes 03/11/2006 10:53:46

AVREP.DLL : 6.37.1.1 1105960 Bytes 01/02/2007 18:30:48

AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30/03/2006 08:43:32

AVPACK32.DLL : 7.2.0.5 368680 Bytes 23/10/2006 15:21:32

AVREG.DLL : 7.0.1.2 30760 Bytes 01/02/2007 18:30:48

NETNT.DLL : No Information!

RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 08/11/2006 12:26:28

RCTEXT.DLL : 7.0.12.1 77864 Bytes 05/12/2006 16:00:22

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Skipped archive types............: BSD Mailbox, Netscape/Mozilla Mailbox, Eudora Mailbox, Squid cache, Pegasus Mailbox, MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Skipped files....................: C:\ATI,

Different risk categories........: +GAME,+JOKE,+PCK,+SPR,

Expanded search settings.........: 0x00007000

 

Start of the scan: vendredi 2 février 2007 19:24

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Modules have been scanned

Scan process 'avcenter.exe' - '1' Modules have been scanned

Scan process 'avgnt.exe' - '1' Modules have been scanned

Scan process 'wuauclt.exe' - '1' Modules have been scanned

Scan process 'msmsgs.exe' - '1' Modules have been scanned

Scan process 'ctfmon.exe' - '1' Modules have been scanned

Scan process 'jusched.exe' - '1' Modules have been scanned

Scan process 'qttask.exe' - '1' Modules have been scanned

Scan process 'E_FATIACE.EXE' - '1' Modules have been scanned

Scan process 'ashDisp.exe' - '1' Modules have been scanned

Scan process 'MediaSync.exe' - '1' Modules have been scanned

Scan process 'AspireService.exe' - '1' Modules have been scanned

Scan process 'PDVDServ.exe' - '1' Modules have been scanned

Scan process 'Monitor.exe' - '1' Modules have been scanned

Scan process 'NvMixerTray.exe' - '1' Modules have been scanned

Scan process 'Explorer.EXE' - '1' Modules have been scanned

Scan process 'alg.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'nvsvc32.exe' - '1' Modules have been scanned

Scan process 'CDANTSRV.EXE' - '1' Modules have been scanned

Scan process 'ashServ.exe' - '1' Modules have been scanned

Scan process 'aswUpdSv.exe' - '1' Modules have been scanned

Scan process 'avguard.exe' - '1' Modules have been scanned

Scan process 'sched.exe' - '1' Modules have been scanned

Scan process 'MediaServerService.exe' - '1' Modules have been scanned

Scan process 'spoolsv.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'lsass.exe' - '1' Modules have been scanned

Scan process 'services.exe' - '1' Modules have been scanned

Scan process 'winlogon.exe' - '1' Modules have been scanned

Scan process 'csrss.exe' - '1' Modules have been scanned

Scan process 'SMSS.EXE' - '1' Modules have been scanned

36 processes with 36 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'F:\'

[NOTE] In the drive 'F:\' no data medium is inserted!

Boot sector 'G:\'

[NOTE] In the drive 'G:\' no data medium is inserted!

Boot sector 'H:\'

[NOTE] In the drive 'H:\' no data medium is inserted!

Boot sector 'I:\'

[NOTE] In the drive 'I:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( 27 files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <ACER>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP127\A0053197.EXE

[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file

[iNFO] The file was moved to '45f38568.qua'!

Begin scan in 'D:\' <ACERDATA>

Begin scan in 'F:\'

The path F:\ could not be found!

Le périphérique n'est pas prêt.

 

Begin scan in 'G:\'

 

AntiVir PersonalEdition Classic

Report file date: vendredi 2 février 2007 19:24

 

Scanning for 662365 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username:

Computer name:

 

Version information:

BUILD.DAT : 217 12749 Bytes 05/12/2006 17:00:00

AVSCAN.EXE : 7.0.3.5 208936 Bytes 01/02/2007 18:30:48

AVSCAN.DLL : 7.0.3.1 35880 Bytes 05/12/2006 16:00:24

LUKE.DLL : 7.0.3.2 143400 Bytes 31/10/2006 16:07:48

LUKERES.DLL : 7.0.2.0 9256 Bytes 05/12/2006 16:00:24

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 15:30:08

ANTIVIR1.VDF : 6.37.0.153 3131392 Bytes 12/01/2007 18:30:48

ANTIVIR2.VDF : 6.37.0.235 374784 Bytes 29/01/2007 18:30:48

ANTIVIR3.VDF : 6.37.1.26 106496 Bytes 02/02/2007 18:23:56

AVEWIN32.DLL : 7.3.1.34 2290176 Bytes 01/02/2007 18:30:48

AVPREF.DLL : 7.0.2.0 23592 Bytes 03/11/2006 10:53:46

AVREP.DLL : 6.37.1.1 1105960 Bytes 01/02/2007 18:30:48

AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30/03/2006 08:43:32

AVPACK32.DLL : 7.2.0.5 368680 Bytes 23/10/2006 15:21:32

AVREG.DLL : 7.0.1.2 30760 Bytes 01/02/2007 18:30:48

NETNT.DLL : No Information!

RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 08/11/2006 12:26:28

RCTEXT.DLL : 7.0.12.1 77864 Bytes 05/12/2006 16:00:22

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Skipped archive types............: BSD Mailbox, Netscape/Mozilla Mailbox, Eudora Mailbox, Squid cache, Pegasus Mailbox, MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Skipped files....................: C:\ATI,

Different risk categories........: +GAME,+JOKE,+PCK,+SPR,

Expanded search settings.........: 0x00007000

 

Start of the scan: vendredi 2 février 2007 19:24

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Modules have been scanned

Scan process 'avcenter.exe' - '1' Modules have been scanned

Scan process 'avgnt.exe' - '1' Modules have been scanned

Scan process 'wuauclt.exe' - '1' Modules have been scanned

Scan process 'msmsgs.exe' - '1' Modules have been scanned

Scan process 'ctfmon.exe' - '1' Modules have been scanned

Scan process 'jusched.exe' - '1' Modules have been scanned

Scan process 'qttask.exe' - '1' Modules have been scanned

Scan process 'E_FATIACE.EXE' - '1' Modules have been scanned

Scan process 'ashDisp.exe' - '1' Modules have been scanned

Scan process 'MediaSync.exe' - '1' Modules have been scanned

Scan process 'AspireService.exe' - '1' Modules have been scanned

Scan process 'PDVDServ.exe' - '1' Modules have been scanned

Scan process 'Monitor.exe' - '1' Modules have been scanned

Scan process 'NvMixerTray.exe' - '1' Modules have been scanned

Scan process 'Explorer.EXE' - '1' Modules have been scanned

Scan process 'alg.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'nvsvc32.exe' - '1' Modules have been scanned

Scan process 'CDANTSRV.EXE' - '1' Modules have been scanned

Scan process 'ashServ.exe' - '1' Modules have been scanned

Scan process 'aswUpdSv.exe' - '1' Modules have been scanned

Scan process 'avguard.exe' - '1' Modules have been scanned

Scan process 'sched.exe' - '1' Modules have been scanned

Scan process 'MediaServerService.exe' - '1' Modules have been scanned

Scan process 'spoolsv.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'lsass.exe' - '1' Modules have been scanned

Scan process 'services.exe' - '1' Modules have been scanned

Scan process 'winlogon.exe' - '1' Modules have been scanned

Scan process 'csrss.exe' - '1' Modules have been scanned

Scan process 'SMSS.EXE' - '1' Modules have been scanned

36 processes with 36 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'F:\'

[NOTE] In the drive 'F:\' no data medium is inserted!

Boot sector 'G:\'

[NOTE] In the drive 'G:\' no data medium is inserted!

Boot sector 'H:\'

[NOTE] In the drive 'H:\' no data medium is inserted!

Boot sector 'I:\'

[NOTE] In the drive 'I:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( 27 files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <ACER>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP127\A0053197.EXE

[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file

[iNFO] The file was moved to '45f38568.qua'!

Begin scan in 'D:\' <ACERDATA>

Begin scan in 'F:\'

The path F:\ could not be found!

Le périphérique n'est pas prêt.

 

Begin scan in 'G:\'

 

AntiVir PersonalEdition Classic

Report file date: vendredi 2 février 2007 19:24

 

Scanning for 662365 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username:

Computer name:

Version information:

BUILD.DAT : 217 12749 Bytes 05/12/2006 17:00:00

AVSCAN.EXE : 7.0.3.5 208936 Bytes 01/02/2007 18:30:48

AVSCAN.DLL : 7.0.3.1 35880 Bytes 05/12/2006 16:00:24

LUKE.DLL : 7.0.3.2 143400 Bytes 31/10/2006 16:07:48

LUKERES.DLL : 7.0.2.0 9256 Bytes 05/12/2006 16:00:24

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 15:30:08

ANTIVIR1.VDF : 6.37.0.153 3131392 Bytes 12/01/2007 18:30:48

ANTIVIR2.VDF : 6.37.0.235 374784 Bytes 29/01/2007 18:30:48

ANTIVIR3.VDF : 6.37.1.26 106496 Bytes 02/02/2007 18:23:56

AVEWIN32.DLL : 7.3.1.34 2290176 Bytes 01/02/2007 18:30:48

AVPREF.DLL : 7.0.2.0 23592 Bytes 03/11/2006 10:53:46

AVREP.DLL : 6.37.1.1 1105960 Bytes 01/02/2007 18:30:48

AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30/03/2006 08:43:32

AVPACK32.DLL : 7.2.0.5 368680 Bytes 23/10/2006 15:21:32

AVREG.DLL : 7.0.1.2 30760 Bytes 01/02/2007 18:30:48

NETNT.DLL : No Information!

RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 08/11/2006 12:26:28

RCTEXT.DLL : 7.0.12.1 77864 Bytes 05/12/2006 16:00:22

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: E:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Skipped archive types............: BSD Mailbox, Netscape/Mozilla Mailbox, Eudora Mailbox, Squid cache, Pegasus Mailbox, MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: high

Skipped files....................: C:\ATI,

Different risk categories........: +GAME,+JOKE,+PCK,+SPR,

Expanded search settings.........: 0x00007000

 

Start of the scan: vendredi 2 février 2007 19:24

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Modules have been scanned

Scan process 'avcenter.exe' - '1' Modules have been scanned

Scan process 'avgnt.exe' - '1' Modules have been scanned

Scan process 'wuauclt.exe' - '1' Modules have been scanned

Scan process 'msmsgs.exe' - '1' Modules have been scanned

Scan process 'ctfmon.exe' - '1' Modules have been scanned

Scan process 'jusched.exe' - '1' Modules have been scanned

Scan process 'qttask.exe' - '1' Modules have been scanned

Scan process 'E_FATIACE.EXE' - '1' Modules have been scanned

Scan process 'ashDisp.exe' - '1' Modules have been scanned

Scan process 'MediaSync.exe' - '1' Modules have been scanned

Scan process 'AspireService.exe' - '1' Modules have been scanned

Scan process 'PDVDServ.exe' - '1' Modules have been scanned

Scan process 'Monitor.exe' - '1' Modules have been scanned

Scan process 'NvMixerTray.exe' - '1' Modules have been scanned

Scan process 'Explorer.EXE' - '1' Modules have been scanned

Scan process 'alg.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'nvsvc32.exe' - '1' Modules have been scanned

Scan process 'CDANTSRV.EXE' - '1' Modules have been scanned

Scan process 'ashServ.exe' - '1' Modules have been scanned

Scan process 'aswUpdSv.exe' - '1' Modules have been scanned

Scan process 'avguard.exe' - '1' Modules have been scanned

Scan process 'sched.exe' - '1' Modules have been scanned

Scan process 'MediaServerService.exe' - '1' Modules have been scanned

Scan process 'spoolsv.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'svchost.exe' - '1' Modules have been scanned

Scan process 'lsass.exe' - '1' Modules have been scanned

Scan process 'services.exe' - '1' Modules have been scanned

Scan process 'winlogon.exe' - '1' Modules have been scanned

Scan process 'csrss.exe' - '1' Modules have been scanned

Scan process 'SMSS.EXE' - '1' Modules have been scanned

36 processes with 36 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'F:\'

[NOTE] In the drive 'F:\' no data medium is inserted!

Boot sector 'G:\'

[NOTE] In the drive 'G:\' no data medium is inserted!

Boot sector 'H:\'

[NOTE] In the drive 'H:\' no data medium is inserted!

Boot sector 'I:\'

[NOTE] In the drive 'I:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( 27 files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <ACER>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\System Volume Information\_restore{0F563069-B249-4BA2-B95F-31CB7CB72A54}\RP127\A0053197.EXE

[DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file

[iNFO] The file was moved to '45f38568.qua'!

Begin scan in 'D:\' <ACERDATA>

Begin scan in 'F:\'

The path F:\ could not be found!

Le périphérique n'est pas prêt.

 

Begin scan in 'G:\'

The path G:\ could not be found!

Le périphérique n'est pas prêt.

 

Begin scan in 'H:\'

The path H:\ could not be found!

Le périphérique n'est pas prêt.

 

Begin scan in 'I:\'

The path I:\ could not be found!

Le périphérique n'est pas prêt.

 

Begin scan in 'E:\'

The path E:\ could not be found!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: vendredi 2 février 2007 19:39

Used time: 14:58 min

 

The scan has been done completely.

 

3982 Scanning directories

167199 Files were scanned

1 viruses and/or unwanted programs were found

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

167198 Files not concerned

6375 Archives were scanned

2 Warnings

0 Notes

 

 

The path G:\ could not be found!

Le périphérique n'est pas prêt.

 

Begin scan in 'H:\'

The path H:\ could not be found!

Le périphérique n'est pas prêt.

 

Begin scan in 'I:\'

The path I:\ could not be found!

Le périphérique n'est pas prêt.

 

Begin scan in 'E:\'

The path E:\ could not be found!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: vendredi 2 février 2007 19:39

Used time: 14:58 min

 

The scan has been done completely.

 

3982 Scanning directories

167199 Files were scanned

1 viruses and/or unwanted programs were found

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

167198 Files not concerned

6375 Archives were scanned

2 Warnings

0 Notes

 

 

The path G:\ could not be found!

Le périphérique n'est pas prêt.

 

Begin scan in 'H:\'

The path H:\ could not be found!

Le périphérique n'est pas prêt.

 

Begin scan in 'I:\'

The path I:\ could not be found!

Le périphérique n'est pas prêt.

 

Begin scan in 'E:\'

The path E:\ could not be found!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: vendredi 2 février 2007 19:39

Used time: 14:58 min

 

The scan has been done completely.

 

3982 Scanning directories

167199 Files were scanned

1 viruses and/or unwanted programs were found

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

167198 Files not concerned

6375 Archives were scanned

2 Warnings

0 Notes

 

HIJACKTIS:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:51:47, on 02/02/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"

O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe

O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O17 - HKLM\System\CCS\Services\Tcpip\..\{554BB5AA-7DF0-4439-BF3F-A6188B2F5BD1}: NameServer = 212.216.212.112,212.216.172.62

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

 

En fait je me suis aperçu q'ANTIVIR detectait HIJACK comme un element intrusif,mais c'est peut etre normal

 

Merci encore en attendant de vous lire.Je me demande bien si je ferais pas mieux d'acheter une suite de securité valable plutot que de patauger avec ces logiciels gratuits... De toute façon je ne saurais pas quoi prendre ,si vous avez un conseil à me donner je suis preneur...

 

Bonsoir à tous

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...