Aide pour analyse rapport! merci

[maykiki]

Hello a tous,

 

J ai le pc d une amie pour y jeter un coup d oeil. elle trouve que celui ci rame enormement depuis quelques temps, plein de messages d alerte, des blocages d ecran...

 

J ai tout nettoye avec differents logiciels et y a plus desormais de messages de spyware mais peu de changement pour le reste.

 

De plus, comment retirer certaines traces dans les cles registres ineffacables comme celle de france telecom suite a un ancien abonnement internet?

 

Il faut savoir que cette amie a internet haut debit depuis peu avec cet ancien pc et qu il n a que 256 de RAm ce qui peut peut etre etre responsable des ralentissements, non?

 

Alors voila les rapports:

 

 

 

AntiVir PersonalEdition Classic

Report file date: mardi 21 août 2007 13:14

 

Scanning for 1026840 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Parents

Computer name: SZCRUPAK-PC

 

Version information:

BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00

AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14

AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54

LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04

LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59

ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58

ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 19:44:51

ANTIVIR2.VDF : 6.39.1.15 1451008 Bytes 17/08/2007 18:48:18

ANTIVIR3.VDF : 6.39.1.17 2048 Bytes 18/08/2007 18:48:18

AVEWIN32.DLL : 7.4.1.62 2724352 Bytes 16/08/2007 18:46:17

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26

AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 05/08/2007 09:39:50

AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08

AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05

AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42

RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18

RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: G:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: mardi 21 août 2007 13:14

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

12 processes with 12 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'E:\'

[NOTE] No virus was found!

Boot sector 'A:\'

[NOTE] In the drive 'A:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( '9' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB824141_RTM$\user32.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB824141_RTM$\win32k.sys

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828035_RTM$\msgsvc.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828035_RTM$\wkssvc.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\colbact.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\comuid.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\es.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\ole32.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741$\txflog.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\catsrv.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\catsrvut.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\clbcatex.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\clbcatq.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\colbact.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\comadmin.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\comrepl.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\comsvcs.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\comuid.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\es.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\migregdb.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\msdtcprx.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\msdtctm.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\msdtcuiu.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\mtxclu.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\mtxoci.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\ole32.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\rpcrt4.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\rpcss.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB828741_RTM$\txflog.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732$\callcont.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732$\msgina.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732$\mst120.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732$\schannel.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\browser.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\callcont.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\gdi32.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\h323msp.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\ipnathlp.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\lsasrv.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\mf3216.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\msasn1.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\msgina.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\mst120.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\netapi32.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\nmcom.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\rtcdll.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB835732_RTM$\schannel.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallKB839645_RTM$\shell32.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ309521$\dxmasf.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ309521$\lsasrv.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ309521$\sfcfiles.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ309521$\ssdpapi.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ309521$\ssdpsrv.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ309521$\url.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ309521$\wininet.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ309521$\spuninst\spuninst.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ315000$\netsetup.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ315000$\upnp.dll

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.exe

[WARNING] The file could not be opened!

C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <BACKUP>

Begin scan in 'E:\' <RECOVER>

Begin scan in 'A:\'

Search path A:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'F:\'

Search path F:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'G:\' <1300 Series>

 

 

End of the scan: mardi 21 août 2007 14:51

Used time: 1:36:51 min

 

The scan has been done completely.

 

3796 Scanning directories

234020 Files were scanned

0 viruses and/or unwanted programs were found

0 classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

86 Files cannot be scanned

234020 Files not concerned

2175 Archives were scanned

86 Warnings

8 Notes

0 Hidden objects were found

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at 15:01:20, on 21/08/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\a-squared Free\a2service.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS\system32\lxdccoms.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\inKline Global\PC Booster\PCBooster.exe

C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Parents\Bureau\Sécurité\HiJackThis_v2.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe

O4 - HKLM\..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe"

O4 - HKLM\..\Run: [lxdcamon] "C:\Program Files\Lexmark 1300 Series\lxdcamon.exe"

O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe

O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

 

--

End of file - 4785 bytes

 

 

Merci,

 

@ +

[Gof]

Bonjour maykiki

 

Le souci est il toujours d'actualité ? Si oui, tu as utilisé une version béta d'HijackThis, peux tu alors regénérer un rapport avec une version à jour ?

 

Télécharge HijackThisV2 sur ton bureau.

• Double-clique sur HJTInstall.exe et suis les instructions d'installation.
  
• Tu trouveras un tutoriel pour l'installation et la génération d'un rapport ici
  
• Poste le rapport généré sur le forum.