Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Cheval de troie win32 à supprimer

antoane

Par antoane
dans Analyses et éradication malwares

 Partager

Messages recommandés

antoane Junior Member

antoane

Posté(e)
Posté(e)

Pour commencer, bonjour à tous! (bonsoir plutot) je suis nouveau sur le forum :P

 

comme beaucoup déjà j'ai un problème avec se cheval de troie qui ne veut pas partir...

 

J'ai installer hijackthis et fait un scan se qui donne :

 

Logfile of Trend Micro HijackThis v2.0.0 (BETA)

Scan saved at AnToInE - 21:58:52, on 12/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\pspvideo9\pspVideo9.exe

C:\WINDOWS\System32\Rundll32.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\MICROS~4\rapimgr.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

C:\PROGRA~1\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Client\Bureau\HiJackThis_v2.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: trafficninja.biz extension - {266A3562-AB67-480E-9F09-D54604FD817B} - C:\WINDOWS\system32\ninjaext.dll

O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb106\Dealio.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: browser optimizer by rightonadz - {971C3384-F75E-4562-95B3-CBE7417529BC} - C:\WINDOWS\system32\gzmrotate.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll

O3 - Toolbar: Adssite Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Adssite Advanced Toolbar\toolbar.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [qvydhkwzvz] c:\windows\system32\qvydhkwzvz.exe qvydhkwzvz

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper

O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe

O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t

O4 - HKLM\..\Run: [hid_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\gzmrotate.dll" DllVerify

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=Q305&bd=pavilion&pf=laptop

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: iPod Service (iPodService) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe

O23 - Service: OneStep Search Service - OneStepSearch.net, Inc. - C:\Program Files\OneStepSearch\onestep.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: Service SNMP (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe (file missing)

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 13062 bytes

 

Je ne sais pas si cela vous parle? J'ai aussi installer "AVG Anti-spyware" est me suis assurer que le fichier Shaeraza (ou qqchose dans le genre...) n'étais pas dans ma liste de programme

 

J'éspere que vous pourriez m'aider...Merci d'avance

antoane Junior Member

antoane

Posté(e)
  • Auteur
Posté(e)
Salut

 

Bienvenu sur Zébulon

 

Va voir sa http://forum.zebulon.fr/index.php?showtopic=127217

 

Fait un scan complet avec AVG antispyware puis avec ton antivirus en mode sans échec

 

Merci à toi de m'avoir repondu. Mais je vois pas trop se que tu veut dire par "mode sans echec" pour mon antivirus... J'ai suivis t'es conseil et supprimer Avast pour installer "antivir" puis j'ai fait un scan:

 

 

 

AntiVir PersonalEdition Classic

Report file date: mardi 13 novembre 2007 17:23

 

Scanning for 928098 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: SYSTEM

Computer name: ANTOINE

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 13/11/2007 16:19:07

AVSCAN.DLL : 7.0.6.0 49192 Bytes 13/11/2007 16:19:07

LUKE.DLL : 7.0.5.3 147496 Bytes 13/11/2007 16:19:09

LUKERES.DLL : 7.0.6.1 10280 Bytes 13/11/2007 16:19:09

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:19:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 16:19:15

ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 16:19:15

ANTIVIR3.VDF : 7.0.0.210 45568 Bytes 13/11/2007 16:19:15

AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 13/11/2007 16:19:22

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 13/11/2007 16:19:07

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 13/11/2007 16:19:24

AVREG.DLL : 7.0.1.6 30760 Bytes 13/11/2007 16:19:07

AVARKT.DLL : 1.0.0.20 278568 Bytes 13/11/2007 16:19:06

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 13/11/2007 16:19:06

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 13/11/2007 16:18:45

RCTEXT.DLL : 7.0.62.0 86056 Bytes 13/11/2007 16:18:45

SQLITE3.DLL : 3.3.17.1 339968 Bytes 13/11/2007 16:19:10

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: C:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: mardi 13 novembre 2007 17:23

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'rapimgr.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'wcescomm.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgas.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'pspVideo9.exe' - '1' Module(s) have been scanned

Scan process 'PicasaMediaDetector.exe' - '1' Module(s) have been scanned

Scan process 'issch.exe' - '1' Module(s) have been scanned

Scan process 'hpqwmi.exe' - '1' Module(s) have been scanned

Scan process 'LVComS.exe' - '1' Module(s) have been scanned

Scan process 'realplay.exe' - '1' Module(s) have been scanned

Scan process 'eabservr.exe' - '1' Module(s) have been scanned

Scan process 'qttask.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'PAStiSvc.exe' - '1' Module(s) have been scanned

Scan process 'snmp.exe' - '1' Module(s) have been scanned

Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned

Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '0' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

49 processes with 49 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '39' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Client\Local Settings\Temp\aupd.exe

[DETECTION] Contains detection pattern of the dropper DR/BHO.HA.2

[iNFO] The file was deleted!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP188\A0248292.dll

[DETECTION] Is the Trojan horse TR/Spy.Grizmo.A

[iNFO] The file was deleted!

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP202\A0261132.exe

[DETECTION] Contains detection pattern of the dropper DR/OneStep.A

[iNFO] The file was deleted!

 

 

End of the scan: mardi 13 novembre 2007 18:26

Used time: 1:03:35 min

 

The scan has been done completely.

 

5986 Scanning directories

179760 Files were scanned

3 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

3 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

179757 Files not concerned

7119 Archives were scanned

2 Warnings

10 Notes

 

 

 

Puis une analyse avec AVG antispyware (7.5) qui donne :

 

---------------------------------------------------------

AVG Anti-Spyware - Rapport d'analyse

---------------------------------------------------------

 

+ Créé à: AnToInE - 19:56:06 13/11/2007

 

+ Résultat de l'analyse:

 

 

 

C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP208\A0272350.exe -> Adware.RK : Aucune action entreprise.

C:\Documents and Settings\Client\Cookies\client@rotator.its.adjuggler[1].txt -> TrackingCookie.Adjuggler : Aucune action entreprise.

:mozilla.6:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.

:mozilla.7:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.

:mozilla.8:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.

:mozilla.62:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Adviva : Aucune action entreprise.

:mozilla.51:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.

C:\Documents and Settings\Client\Cookies\client@atdmt[1].txt -> TrackingCookie.Atdmt : Aucune action entreprise.

:mozilla.57:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.

:mozilla.63:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Dealtime : Aucune action entreprise.

:mozilla.52:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.

C:\Documents and Settings\Client\Cookies\client@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.

C:\Documents and Settings\Client\Cookies\client@fastclick[2].txt -> TrackingCookie.Fastclick : Aucune action entreprise.

:mozilla.48:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Idot : Aucune action entreprise.

:mozilla.18:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.

:mozilla.19:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.

:mozilla.20:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.

:mozilla.23:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.

:mozilla.77:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.

C:\Documents and Settings\Client\Cookies\client@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.

:mozilla.34:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.

:mozilla.35:C:\Documents and Settings\Client\Application Data\Mozilla\Firefox\Profiles\1rf7slpv.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.

C:\Documents and Settings\Client\Cookies\client@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.

 

 

Fin du rapport

 

 

 

Fouala!

 

Merci @+

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...