Pc qui rame qui rame

[alex41]

Re !

 

Voilà le rapport l2mfix :

 

L2mfix 051206

Creating Account.

La commande s'est termin‚e correctement.

 

Adding Administrative privleges.

Checking for L2MFix account(0=no 1=yes):

1

Granting SeDebugPrivilege to L2MFIX ... successful

 

Running From:

C:\WINDOWS\system32

 

Killing Processes!

Killing 'smss.exe'

\SystemRoot\System32\smss.exe (540)

Killing 'winlogon.exe'

winlogon.exe (1116)

Killing 'explorer.exe'

C:\WINDOWS\Explorer.EXE (1036)

Killing 'rundll32.exe'

Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrateurs ... successful

 

Scanning First Pass. Please Wait!

 

First Pass Completed

 

Second Pass Scanning

 

Second pass Completed!

 

 

 

Restoring Windows Update Certificates.:

 

The following Is the Current Export of the Winlogon notify key:

****************************************************************************

Windows Registry Editor Version 5.00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

"DLLName"="Ati2evxx.dll"

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000001

"Lock"="AtiLockEvent"

"Logoff"="AtiLogoffEvent"

"Logon"="AtiLogonEvent"

"Disconnect"="AtiDisConnectEvent"

"Reconnect"="AtiReConnectEvent"

"Safe"=dword:00000000

"Shutdown"="AtiShutdownEvent"

"StartScreenSaver"="AtiStartScreenSaverEvent"

"StartShell"="AtiStartShellEvent"

"Startup"="AtiStartupEvent"

"StopScreenSaver"="AtiStopScreenSaverEvent"

"Unlock"="AtiUnLockEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\

6c,00,00,00

"Logoff"="ChainWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Logoff"="CryptnetWlxLogoffEvent"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gebyx]

"Impersonate"=dword:00000000

"Startup"="SysLogon"

"Logoff"="SysLogoff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\klogon.dll"

"Logon"="WLEventStop"

"Startup"="WLEventStart"

"Lock"="WLEventStart"

"Unlock"="WLEventStop"

"Logoff"="WLEventStart"

@=""

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices]

"Asynchronous"=dword:00000000

"DllName"="C:\\WINDOWS\\system32\\i624lgfq162e.dll"

"Impersonate"=dword:00000000

"Logon"="WinLogon"

"Logoff"="WinLogoff"

"Shutdown"="WinShutdown"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

"Asynchronous"=dword:00000000

"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

"Logon"="WLEventLogon"

"Logoff"="WLEventLogoff"

"Startup"="WLEventStartup"

"Shutdown"="WLEventShutdown"

"StartScreenSaver"="WLEventStartScreenSaver"

"StopScreenSaver"="WLEventStopScreenSaver"

"Lock"="WLEventLock"

"Unlock"="WLEventUnlock"

"StartShell"="WLEventStartShell"

"PostShell"="WLEventPostShell"

"Disconnect"="WLEventDisconnect"

"Reconnect"="WLEventReconnect"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000000

"SafeMode"=dword:00000001

"MaxWait"=dword:ffffffff

"DllName"=hex(2):57,00,67,00,61,00,4c,00,6f,00,67,00,6f,00,6e,00,2e,00,64,00,\

6c,00,6c,00,00,00

"Event"=dword:00000000

"InstallNotifyShown"=dword:00000001

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\Settings]

"Data"=hex:01,00,00,00,d0,8c,9d,df,01,15,d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,\

00,00,12,94,c3,fd,64,38,9b,4b,bd,8b,3e,ee,fe,1b,86,34,04,00,00,00,04,00,00,\

00,53,00,00,00,03,66,00,00,a8,00,00,00,10,00,00,00,43,f7,a7,0e,7a,80,c0,f3,\

a6,f1,9e,ff,63,ac,32,a0,00,00,00,00,04,80,00,00,a0,00,00,00,10,00,00,00,c7,\

1b,33,d1,d6,be,16,db,35,0e,69,dd,26,0a,28,b2,18,02,00,00,21,ca,5b,02,8e,40,\

4b,f9,30,0b,b2,2c,0b,e4,e0,d9,2b,a9,7c,df,27,d5,b2,17,2e,1a,37,bc,3d,cd,3e,\

db,46,ea,43,ea,d6,1a,5d,ab,86,80,e1,1d,4b,b2,a8,99,f5,ad,86,27,88,27,f9,fd,\

c5,f6,8a,c6,ff,7b,ba,b5,86,a0,8f,6d,b2,3b,cc,0f,c0,3f,0c,0f,63,30,2e,f2,89,\

6c,32,25,d3,06,7a,ca,33,25,83,04,57,b3,67,bc,ca,7c,fd,fd,5f,81,00,e9,b9,67,\

4c,61,d9,c6,f4,c9,b4,0c,60,7a,6e,30,bb,2c,72,8e,8e,d2,fb,65,a2,fd,d4,7a,ad,\

19,9e,1c,56,1d,a9,39,76,7f,0f,2a,f3,a1,09,ae,2e,21,07,d2,c0,b9,51,68,24,4c,\

d6,a5,ed,ef,31,54,26,13,00,ee,91,be,df,e8,42,d2,ea,f1,b3,9e,00,f1,d2,c7,b5,\

47,d9,ca,b1,93,43,89,96,8d,89,e0,06,2c,aa,dd,f7,d8,52,af,66,34,a1,91,9e,b8,\

1b,70,00,5e,e5,e0,5a,54,95,84,50,e6,39,d5,34,70,56,c3,7a,b5,15,69,08,8d,6c,\

f1,a8,83,07,ee,ff,bc,b4,f8,0c,98,50,99,d4,f4,a2,19,ee,95,31,0c,73,fa,78,b1,\

97,a9,43,07,cb,11,a7,82,ec,bf,17,fa,05,ea,bf,40,94,82,ff,4b,fd,15,84,ca,f6,\

0d,f9,7f,49,29,d7,27,b4,11,16,31,81,d9,db,a8,80,d0,64,f4,64,79,c1,8c,7a,91,\

ac,23,c8,2c,b7,e9,3a,50,35,ac,69,ca,07,5c,87,0b,12,71,e1,d3,65,de,f1,54,b8,\

59,8a,0f,22,5c,fc,88,4f,3d,46,36,98,a3,88,d7,de,27,4c,c6,e3,d6,b0,6f,8b,75,\

76,8b,7c,dd,f9,16,ee,f4,9c,09,d5,9e,6a,39,1e,c5,8c,8b,59,cd,2e,d0,e0,10,2c,\

ce,1f,26,6b,06,6c,ca,6a,cb,d4,ae,f2,50,73,15,15,88,e7,33,11,d5,d9,55,20,d1,\

d0,97,bc,5f,6c,6f,3b,6a,9b,49,ff,ee,01,78,84,06,5d,8f,c6,99,0c,1d,b6,5a,59,\

30,5d,26,54,d6,dc,b0,42,4b,85,9e,41,78,fb,cd,0e,d4,97,3b,e2,2e,b6,a7,c0,2d,\

77,b3,e5,5d,64,8b,7c,b8,b3,cb,fa,c2,38,da,d2,bb,c0,5f,01,01,93,29,7b,65,e6,\

fe,f5,e5,91,99,80,40,f2,fe,59,ee,76,ef,31,0b,50,4a,79,96,44,5f,7e,c4,5b,f0,\

c6,65,a0,f3,b0,39,c7,34,27,bc,49,fe,aa,e3,02,62,c9,c2,ea,c2,df,b7,e1,ed,9c,\

0f,96,81,15,1a,14,00,00,00,4e,9d,63,4a,40,5f,54,3a,cb,12,f0,df,b8,b1,15,60,\

13,48,e9,08

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

 

 

The following are the files found:

****************************************************************************

 

Registry Entries that were Deleted:

Please verify that the listing looks ok.

If there was something deleted wrongly there are backups in the backreg folder.

****************************************************************************

REGEDIT4

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

"SV1"=""

****************************************************************************

Desktop.ini Contents:

****************************************************************************

****************************************************************************

Checking for L2MFix account(0=no 1=yes):

0

Zipping up files for submission:

zip warning: name not matched: dlls\*.*

 

zip error: Nothing to do! (backup.zip)

adding: backregs/notibac.reg (164 bytes security) (deflated 83%)

adding: backregs/shell.reg (164 bytes security) (deflated 74%)

 

Je te reposte un hijackthis, je pense que ça peut être utile :

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 19:41:59, on 24/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\AOL\Active Virus Shield\avp.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AOL\Active Virus Shield\avp.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\COCO\Bureau\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {9E17832D-B57E-446E-9372-CB232A179504} - (no file)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files\AOL\Active Virus Shield\avp.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O20 - Winlogon Notify: gebyx - C:\WINDOWS\

O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\i624lgfq162e.dll (file missing)

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Active Virus Shield (AVP) - Kaspersky Lab - C:\Program Files\AOL\Active Virus Shield\avp.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

O24 - Desktop Component 0: (no name) - http://www.cartooncritters.com/clipartpics/cliparta220.jpg

 

--

End of file - 6529 bytes

[regis56]

Re

 

Cette fois ci tu dois pouvoir faire AVG et blacklight.

 

A plus.

[alex41]

Re !

 

pour AVG ça marche pas

 

Voilà le log blacklight :

 

07/24/07 20:25:50 [info]: BlackLight Engine 1.0.64 initialized

07/24/07 20:25:50 [info]: OS: 5.1 build 2600 (Service Pack 2)

07/24/07 20:25:50 [Note]: 7019 4

07/24/07 20:25:50 [Note]: 7005 0

07/24/07 20:25:52 [Note]: 7006 0

07/24/07 20:25:52 [Note]: 7011 896

07/24/07 20:25:52 [Note]: 7026 0

07/24/07 20:25:52 [Note]: 7026 0

07/24/07 20:25:57 [Note]: FSRAW library version 1.7.1022

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:44:57 [Note]: 2000 1012

07/24/07 20:58:54 [Note]: 7007 0

 

 

@++

[regis56]

Salut !

 

Qu'est qui ne fonctionne pas pour AVG ?

 

Essai de faire un scan en ligne ici stp :

http://www.kaspersky.com/virusscanner

tuto d'aide ici

http://www.malekal.com/scan_Av_en_ligne.html

 

A plus.

[alex41]

Salut ,

 

Pour AVG ça bug a la page pour voire la license, et ça me le fait sur tout les logiciels :'(

 

Pour le scan je suis en train de le faire, je te poste le rapport après

 

@++

[alex41]

Voilà le rapport :

 

KASPERSKY ONLINE SCANNER REPORT

Wednesday, July 25, 2007 1:23:01 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.83.0

Kaspersky Anti-Virus database last update: 25/07/2007

Kaspersky Anti-Virus database records: 344852

Scan Settings

Scan using the following antivirus database standard

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

A:\

C:\

D:\

E:\

F:\

G:\

Scan Statistics

Total number of scanned objects 114191

Number of viruses found 4

Number of infected objects 7 / 0

Number of suspicious objects 6

Duration of the scan process 02:27:35

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\AOL\AVP.6.621_07.25_10.54_11c.GUI.full.dmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Reportee_File_Monitoring_eventcritlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Reportee_File_Monitoring_eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\detected.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\detected.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\eventlog.rpt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\AVP6\Report\report.rpt Object is locked skipped

C:\Documents and Settings\COCO\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\COCO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\COCO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\COCO\Local Settings\Application Data\Mozilla\Firefox\Profiles\jxag6aiy.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\COCO\Local Settings\Application Data\Mozilla\Firefox\Profiles\jxag6aiy.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\COCO\Local Settings\Application Data\Mozilla\Firefox\Profiles\jxag6aiy.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\COCO\Local Settings\Application Data\Mozilla\Firefox\Profiles\jxag6aiy.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\COCO\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\COCO\Local Settings\Historique\History.IE5\MSHist012007072520070726\index.dat Object is locked skipped

C:\Documents and Settings\COCO\Local Settings\Temp\UserData\index.dat Object is locked skipped

C:\Documents and Settings\COCO\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\COCO\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\COCO\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\COCO\Shared\Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\VundoFix Backups\dkrcsxss.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped

C:\VundoFix Backups\isoybntu.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped

C:\VundoFix Backups\jkbbqcrg.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped

C:\VundoFix Backups\qewfcwhi.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped

C:\VundoFix Backups\xhjmipma.dll.bad Infected: Trojan-Spy.Win32.VBStat.h skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped

C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd0717.sys Object is locked skipped

C:\WINDOWS\system32\gkmyxsog.dll Suspicious: Packed.Win32.Morphine.a skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\pniiqojx.dll Suspicious: Packed.Win32.Morphine.a skipped

C:\WINDOWS\system32\qatnesmy.dll Suspicious: Packed.Win32.Morphine.a skipped

C:\WINDOWS\system32\slqhswlt.dll Suspicious: Packed.Win32.Morphine.a skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\wrhhqmry.dll Infected: Trojan.Win32.BHO.g skipped

C:\WINDOWS\system32\wyshlrww.dll Suspicious: Packed.Win32.Morphine.a skipped

C:\WINDOWS\system32\xpysclrq.dll Suspicious: Packed.Win32.Morphine.a skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[regis56]

Salut !

 

Fais ceci stp :

 

Télécharge la dernière version de Killbox -> http://www.downloads.subratam.org/KillBox.zip

Place le programme dans le répertoire qui te plaît (pas d'installation Windows)

 

- redémarre l'ordinateur en mode sans échec

 

- lance Pocket Killbox

--- choisis l'option Delete on Reboot

 

--- copie la liste ci-dessous, des fichiers à supprimer (Ctrl-C) et File / Paste from Clipboard

C:\WINDOWS\system32\wrhhqmry.dll

C:\WINDOWS\system32\wyshlrww.dll

C:\WINDOWS\system32\xpysclrq.dll

C:\Documents and Settings\COCO\Shared\Wicked Remix.wma

 

* les boutons "Single File" et "All Files" deviennent actifs mais "Single File" est activé par défaut.

Il faut alors impérativement activer (cliquer sur) "All Files", impérativement, sinon seul le premier de la liste sera supprimé.

--- vérifie que tous les fichiers sont enregistrés, par la liste déroulante "Full Path of File to Delete"

--- /!\ ATTENTION si un ou des fichiers ".dll" sont présents dans la liste les mettrent en début de liste , et coche "Unregister .dll Before Deleting".

--- clique sur la croix blanche sur fond rouge (Delete File) :

 

- "File will be Removed on Reboot, Do you want to reboot now?", réponds OUI si tu es prêt à procéder

 

Si Pocket KillBox ne fait pas redémarrer le PC, redémarre le toi même.

 

Tu pourras trouver un tutorial complet et détaillé par Jesses : http://perso.wanadoo.fr/jesses/Docs/Logiciels/KillBox.htm

 

A plus.

Modifié le 25 juillet 2007 par regis56

[alex41]

Re,

 

Voilà le rapport :

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as COCO(Administrator)

was started @ jeudi, juillet 26, 2007, 11:45 AM

 

# 1 [Delete on Reboot]

Path = C:\WINDOWS\system32\wrhhqmry.dll

 

 

# 2 [Delete on Reboot]

Path = C:\WINDOWS\system32\wyshlrww.dll

 

 

# 3 [Delete on Reboot]

Path = C:\WINDOWS\system32\xpysclrq.dll

 

 

# 4 [Delete on Reboot]

Path = C:\Documents and Settings\COCO\Shared\Wicked Remix.wma

 

 

I Rebooted @ 11:46:07 AM

Killbox Closed(Exit) @ 11:46:08 AM

__________________________________________________

 

 

@+++

[regis56]

Salut !

 

Peut tu refaire un scan kapersky stp ?

 

A plus.