Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[resolu]Trojan horse generic.7 : aide analyse HijackThis ?

henhal

Par henhal
dans Analyses et éradication malwares

 Partager

Messages recommandés

henhal Member

henhal

Posté(e)
  • Auteur
Posté(e)

Re,

Je pense avoir suivi tes instructions à la lettre (je n'ai pas désactiver AVG ???) ... voici le rapport demandé.

 

ComboFix 08-03-18.1 - Henri 2008-03-20 14:14:44.3 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.152 [GMT 1:00]

Endroit: C:\Documents and Settings\Henri\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Henri\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\DOCUME~1\SBASTI~1\LOCALS~1\Temp\services.exe

C:\Documents and Settings\Henri\fjgotp.exe

C:\SDFix.exe

C:\WINDOWS\mrofinu1423.exe.MSNFix

C:\WINDOWS\mrofinu1423.MSNFix

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\DOCUME~1\SBASTI~1\LOCALS~1\Temp\services.exe

C:\Documents and Settings\Henri\fjgotp.exe

C:\SDFix.exe

C:\WINDOWS\mrofinu1423.exe.MSNFix

C:\WINDOWS\mrofinu1423.MSNFix

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-20 to 2008-03-20 ))))))))))))))))))))))))))))))))))))

.

 

2008-03-19 17:55 . 2008-03-19 17:55 <REP> d-------- C:\WINDOWS\ERUNT

2008-03-19 17:54 . 2005-02-28 11:42 <REP> d--h----- C:\Documents and Settings\Administrateur.OEM\Voisinage r‚seau

2008-03-19 17:54 . 2005-02-28 11:42 <REP> d--h----- C:\Documents and Settings\Administrateur.OEM\Voisinage d'impression

2008-03-19 17:54 . 2005-02-28 10:50 <REP> d--h----- C:\Documents and Settings\Administrateur.OEM\ModŠles

2008-03-19 17:54 . 2005-02-28 11:42 <REP> d-------- C:\Documents and Settings\Administrateur.OEM\Mes documents

2008-03-19 17:54 . 2005-02-28 11:42 <REP> dr------- C:\Documents and Settings\Administrateur.OEM\Menu D‚marrer

2008-03-19 17:54 . 2005-02-28 11:42 <REP> d-------- C:\Documents and Settings\Administrateur.OEM\Favoris

2008-03-19 17:54 . 2008-03-19 17:57 <REP> d-------- C:\Documents and Settings\Administrateur.OEM\Bureau

2008-03-19 17:46 . 2008-03-19 19:50 <REP> d-------- C:\SDFix

2008-03-17 23:46 . 2005-02-28 11:42 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau

2008-03-17 23:46 . 2005-02-28 11:42 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression

2008-03-17 23:46 . 2005-02-28 10:50 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles

2008-03-17 23:46 . 2005-02-28 11:42 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents

2008-03-17 23:46 . 2005-02-28 11:42 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer

2008-03-17 23:46 . 2005-02-28 11:42 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris

2008-03-17 23:46 . 2008-03-17 23:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau

2008-03-17 23:41 . 2008-03-17 23:41 <REP> d-------- C:\Documents and Settings\Bertrand.OEM\Application Data\Grisoft

2008-03-14 07:45 . 2008-03-14 07:45 <REP> d-------- C:\Documents and Settings\Henri\belgacom

2008-03-14 00:43 . 2008-03-14 00:47 591 --a------ C:\WINDOWS\wininit.ini

2008-03-14 00:02 . 2008-03-14 00:02 <REP> d-------- C:\Program Files\CCleaner

2008-03-13 23:54 . 2008-03-13 23:55 <REP> d-------- C:\Program Files\Spybot - Search & Destroy

2008-03-13 23:54 . 2008-03-14 00:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-03-13 23:35 . 2008-03-13 23:35 <REP> d-------- C:\WINDOWS\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP

2008-03-13 23:27 . 2008-03-13 23:27 <REP> d-------- C:\Program Files\Lavasoft

2008-03-13 23:27 . 2008-03-13 23:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-03-13 23:26 . 2008-03-13 23:26 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-03-13 22:22 . 2008-03-13 22:22 <REP> d-------- C:\Documents and Settings\Henri\Application Data\Grisoft

2008-03-13 22:22 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys

2008-03-13 22:17 . 2008-03-13 22:17 <REP> d-------- C:\Program Files\Trend Micro

2008-03-02 22:20 . 2008-03-02 22:20 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2

2008-03-02 14:03 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll

2008-03-02 14:03 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll

2008-03-02 14:03 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui

2008-03-01 22:36 . 2008-03-01 22:37 <REP> d-------- C:\Program Files\Windows Live

2008-03-01 22:36 . 2008-03-01 22:36 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-03-01 22:35 . 2008-03-01 22:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-02-21 21:32 . 2008-02-21 21:32 <REP> d-------- C:\Documents and Settings\Henri\Application Data\Leadertech

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-03-17 22:12 --------- d-----w C:\Program Files\Java

2008-03-14 13:14 --------- d-----w C:\Program Files\GeoGebra

2008-03-13 21:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft

2008-03-09 13:15 --------- d-----w C:\Documents and Settings\Henri\Application Data\AVG7

2008-02-21 07:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7

2008-02-10 14:15 --------- d-----w C:\Program Files\SEGA

2008-02-10 14:14 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-02-08 20:33 --------- d-----w C:\Program Files\Fichiers communs\Adobe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 13:32 68856]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 16:50 4620288]

"nwiz"="nwiz.exe" [2004-10-29 16:50 921600 C:\WINDOWS\system32\nwiz.exe]

"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 16:50 86016]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 13:38 49152]

"tgcmd"="C:\Program Files\Support.com\bin\tgcmd.exe" [2005-02-06 17:31 1757184]

"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-15 08:00 579072]

"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18 241664]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"AME_CSA"="amecsa.cpl" [2002-10-30 03:26 757760 C:\WINDOWS\system32\AmeCSA.cpl]

"Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-17 20:31 282624]

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]

"Belgacom"="C:\Program Files\Belgacom\bin\sprtcmd.exe" [2006-06-22 09:34 192512]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-11-06 08:03 219136]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\support.com\\bin\\tgcmd.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\Ahead\\ODD Toolkit\\ODDUpdate.exe"=

"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=

"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=

"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

"C:\\Program Files\\Grisoft\\AVG Free\\avginet.exe"=

"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Grisoft\\AVG Free\\avgamsvr.exe"=

"C:\\Program Files\\Grisoft\\AVG Free\\avgcc.exe"=

"C:\\Program Files\\Ankama Games\\Dofus\\Dofus.exe"=

"C:\\WINDOWS\\system32\\java.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

 

R3 AmeAtmPc;AmeAtmPc;C:\WINDOWS\system32\DRIVERS\AmeAtmPc.sys [2002-12-17 02:29]

S3 AtmElan;Réseau émulant ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-05 13:00]

S3 AtmLane;Émulation réseau ATM;C:\WINDOWS\system32\DRIVERS\atmlane.sys [2004-08-05 13:00]

 

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-20 14:23:35

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\system32\RUNDLL32.EXE

.

**************************************************************************

.

Temps d'accomplissement: 2008-03-20 14:26:18 - machine was rebooted

ComboFix-quarantined-files.txt 2008-03-20 13:26:15

ComboFix2.txt 2008-03-20 10:38:55

.

2008-03-12 16:02:23 --- E O F ---

henhal Member

henhal

Posté(e)
  • Auteur
Posté(e)

Et voici le nouveau rapport hijackthis !

Y a-t-il des améliorations ? Pourra-t-on reprendre la main sans reformater l'ordi ?

A chaque reconnexion, AVG me signale la présence du trojan generic.7 que je "move to vault". Dois-je les deleter ?

Merci, Henri.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:31:17, on 20/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.actu24.be/page/homepage/btw/1.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"

O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [belgacom] "C:\Program Files\Belgacom\bin\sprtcmd.exe" /P Belgacom

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Casino-On-Net - {3015DB92-158E-4b77-9020-85C8E311FBB5} - C:\PROGRA~1\CASINO~1\casino.exe (file missing)

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1109587710531

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u...ows-i586-jc.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab

O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{68BC809E-7649-4817-8FC2-3F2C674BE7EE}: NameServer = 195.238.2.21 195.238.2.22

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

 

--

End of file - 10548 bytes

angelique Devil Member !

angelique

Posté(e)
Posté(e)
Y a-t-il des améliorations ? Pourra-t-on reprendre la main sans reformater l'ordi ?

A chaque reconnexion, AVG me signale la présence du trojan generic.7 que je "move to vault". Dois-je les deleter ?

 

oui il y'a de l'amélioration , pas besoin de formater.

 

Tu peux me dire le chemin et le fichier qu'avg te detecte stp.

henhal Member

henhal

Posté(e)
  • Auteur
Posté(e)
oui il y'a de l'amélioration , pas besoin de formater.

 

Tu peux me dire le chemin et le fichier qu'avg te detecte stp.

 

 

Il y de l'amélioration ... c'est une bonne nouvelle.

 

Pour ce qui est du chemin et du fichier qu'avg détecte ... je ne suis pas sûr de bien comprendre la question ... mais je joins un copier/coller de ce qui se trouve dans mon "move to vault" !

Dis-moi si cela répond à ta question ou si je dois réaliser d'autres opérations.

 

A bientôt, Henri.

 

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Henri\jtpdjk.exe","20/03/2008 11:15:20","jtpdjk.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Henri\riklcn.exe","18/03/2008 10:43:56","riklcn.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Sébastien\jmpasu.exe","19/03/2008 13:13:40","jmpasu.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Sébastien\jmlfep.exe","17/03/2008 23:52:27","jmlfep.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Henri\ljjtzd.exe","17/03/2008 22:31:25","ljjtzd.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Marie-Cécile\gxwxpa.exe","17/03/2008 09:24:27","gxwxpa.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Henri\oabpwa.exe","18/03/2008 11:26:54","oabpwa.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Henri\ngfnho.exe","20/03/2008 14:10:03","ngfnho.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Henri\dzfnln.exe","20/03/2008 07:39:42","dzfnln.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Marie-Cécile\vnqvvs.exe","19/03/2008 12:40:29","vnqvvs.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Marie-Cécile\pwyqmm.exe","19/03/2008 08:58:01","pwyqmm.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Henri\uvbbrv.exe","19/03/2008 16:01:28","uvbbrv.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Marie-Cécile\wydlsb.exe","16/03/2008 18:24:45","wydlsb.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Henri\rdqmiv.exe","19/03/2008 18:13:34","rdqmiv.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Henri\icmsqu.exe","17/03/2008 15:49:40","icmsqu.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Marie-Cécile\dybzhq.exe","16/03/2008 13:49:45","dybzhq.exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Henri\Local Settings\Temporary Internet Files\Content.IE5\MRSW97T8\6736f989[1].exe","19/03/2008 16:36:24","6736f989[1].exe","9 KB"

,"","Trojan horse Downloader.Generic7.GT","C:\Documents and Settings\Henri\Local Settings\Temporary Internet Files\Content.IE5\99USWTYO\6736f989[2].exe","19/03/2008 17:43:33","6736f989[2].exe","9 KB"

angelique Devil Member !

angelique

Posté(e)
Posté(e)

Tu fais bien de supprimer les alertes d'avg., elles devraient ne plus revenir vu que l'infection est maitrisée. Je reflechis et attendant fais ci dessous::

 

• vide tes temporary internet files, propriétés internet , supp fichiers

 

•telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

• Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:

http://sosvirus.changelog.fr/MSNFix.zip

 

Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.

- Exécutez l'option R.

-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

 

Note :

Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

 

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

henhal Member

henhal

Posté(e)
  • Auteur
Posté(e)

Re,

J'ai effectué les opérations suivantes :

 

1) Vider le virus vault d'avg

2) Supprimer les fichiers temporaires de l'internet

3) Exécuter ATF-Cleaner ... mais pas d'accès à firefox ou à opera (pas de surbrillance) et question navigateur ... je n'y connais rien !

4) Exécuter MSNFix.zip : des infections étaient présentes, j'ai redémarrer l'ordi pour terminer le nettoyage et je joins ci-dessous le rapport obtenu

 

Remarque : j'ai reçu un message relatif au teatimer de spybot (mais ne l'ai pas noté). Ensuite, au redémarrage, le message suivant :

 

"Spybot a décelé qu'un élément important du registre a été modifié.

Catégorie : syst startup global entry

Modif : valeur supprimée

Elt : flash media

Anc valeur : c:\DOCUME 1\SEBASTI 1\LOCALS 1\TEMP"

 

Dois-je accepter la modification ? Dois-je désactiver spybot (si oui, comment?) ?

 

Voilà, je te laisse réfléchir et attends de tes nouvelles.

Merci de continuer à m'aider ... je me sens moins seul sans toi !?!?!

 

Henri.

 

 

MSNFix 1.686

 

C:\Documents and Settings\Henri\Bureau\MSNFix\MSNFix

Fix exécuté le jeu. 20/03/2008 - 16:22:38,82 By Henri

mode normal

 

************************ Recherche les fichiers présents

 

... C:\WINDOWS\system32\real.txt

 

************************ Recherche les dossiers présents

 

Aucun dossier trouvé

 

 

 

 

************************ Suppression des fichiers

 

.. OK ... C:\DOCUME~1\Henri\LOCALS~1\Temp\winlogon.exe

.. OK ... C:\DOCUME~1\Henri\LOCALS~1\Temp\services.exe

.. OK ... C:\WINDOWS\system32\real.txt

 

 

 

************************ Nettoyage du registre

 

 

 

Les fichiers encore présents seront supprimés au prochain redémarrage

 

 

Aucun Fichier trouvé

 

 

 

************************ Fichiers suspects

 

Aucun Fichier trouvé

 

 

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier jeu. 20032008_16311229.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,

 

 

------------------------------------------------------------------------

Auteur : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

angelique Devil Member !

angelique

Posté(e)
Posté(e)
"Spybot a décelé qu'un élément important du registre a été modifié.

Catégorie : syst startup global entry

Modif : valeur supprimée

Elt : flash media

Anc valeur : c:\DOCUME 1\SEBASTI 1\LOCALS 1\TEMP"

 

Dois-je accepter la modification ? Dois-je désactiver spybot (si oui, comment?) ?

 

Bien sur accepte :P sinon spybot va géner à sa suppression

 

Pour descativer TeaTimer sinon c'est via l'interface de spybot , mode\mode avançé\outils\resident\decocher TeaTimer

 

puis:

 

• desinstalle ComboFix en copiant collant la ligne suivante et en la validant dans executer:

 

ComboFix /u

 

• * Fais un scan en ligne Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Clique sur Accept

* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.

* clique une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patiente un moment

* Clique sur Next.

* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

tuto et poste le rapport >> http://www.malekal.com/scan_Av_en_ligne.php#mozTocId291566

henhal Member

henhal

Posté(e)
  • Auteur
Posté(e)

Bonsoir Angélique,

 

J'ai trouvé de la lecture pour toi ...

Plus sérieusement, j'ai suivi tes instructions du mieux que je pouvais ... mais j'ai peut-être un peu merdé à l'enregistrement du rapport après le scan.

Voici celui que j'ai pu sauvé (mais je ne sais trop comment).

Est-ce cela que tu voulais ? Si oui, tant mieux. Sinon, ré-explique-moi ce que je dois faire.

 

Merci, Henri.

Encore une petite question concernant spybot : comment accepter modification (voir post précédent) que l'on a refusée une première fois ?

 

 

 

Welcome to the Kaspersky Online Scanner! Use it to scan your PC for viruses and other malware for free

Warning: if you have installed Kaspersky Online Scanner Pro, please manually uninstall it using "Add/Remove Programs" before installing this version! Otherwise this version will not function correctly.

 

Benefits:

 

 

Kaspersky Anti-Virus exceptional detection rates and thorough scanning

Hourly AV database updates available each time the Online Scanner is launched

Heuristic analysis to detect unknown viruses

Simple installation (just click on a link)

 

Requirements and limitations:

 

 

When using this service for the first time, you have to run with Administrator privileges in order to install the product. Also, you will need to download and install files about 400 KB in size followed by 9 MB of virus definitions.

However, if you use the Online Scanner again, you will only need to download the files that have been updated since your last scan.

The Online Scanner service offered by Kaspersky Lab uses Microsoft ActiveX technology. Microsoft ActiveX Technology and the Kaspersky Online Scanner work only with MS Internet Explorer 6.0 or higher.

We cannot guarantee that the Online Scanner will function correctly if you are using any other browser or any Internet Explorer extensions (such as AvantBrowser). If you use a different browser, you can use the Kaspersky File Scanner to scan individual files.

The free Kaspersky Online Scanner does not scan boot sectors and MBRs, so it cannot detect malicious code located in these areas.

Please note: The free Kaspersky Online Scanner does not protect against malicious code, and cannot prevent future infections. It only detects malware that has already penetrated your computer. We strongly recommend that you install a full antivirus solution to protect your system.

 

Privacy statement:

 

The Kaspersky Online Scanner will collect information about the malicious programs found on your computer during the scanning process. The information will be sent to the Kaspersky Virus Lab for statistical purposes. No personal information about you or specific information about your system will be collected or transmitted to Kaspersky Lab.

 

 

 

 

 

 

 

 

 

 

 

Select: All, None, Suspicious Selected objects: 0

 

 

 

 

Scan settings:

Here you can configure the scanning process.

 

Scan using the following antivirus database:

standard - detect viruses, worms, Trojans, rootkits

extended - protect your computer from Spyware, adware, dialers and potentially dangerous software such as remote access utilities, prank programs and jokes. We do not recommend this option to beginners or inexperienced users.

 

Scan options:

Scan Archives - scan files inside archives

Note: affects all targets except 'A File...' scan target.

Scan Mail Bases - scan e-mails/attachments inside mail base files

Note: affects all targets except 'My Email' and 'A File...' scan targets.

 

 

 

 

 

 

 

Initialize Kaspersky Online Scanner

(downloading and installing Kaspersky Online Scanner ActiveX from the server into your computer)

 

 

 

 

Update Kaspersky Anti-Virus Databases [100%]:

(downloading and installing the latest Kaspersky Anti-Virus Databases)

 

 

 

 

Please wait to update the virus definitions...

Downloading from url: http://downloads1.kaspersky-labs.com

Downloading remote file: master.xml

Downloading remote file: kavset.xml

Downloading remote file: soft.xml

Downloading remote file: updcfg.xml

Downloading remote file: kernel.avc

Downloading remote file: krnunp.avc

Downloading remote file: krnexe.avc

Downloading remote file: krnmacro.avc

Downloading remote file: krnjava.avc

Downloading remote file: krndos.avc

Downloading remote file: krngen.avc

Downloading remote file: krnexe32.avc

Downloading remote file: krnengn.avc

Downloading remote file: krn001.avc

Downloading remote file: krn002.avc

Downloading remote file: krn003.avc

Downloading remote file: krn004.avc

Downloading remote file: krn005.avc

Downloading remote file: smart.avc

Downloading remote file: ocr.avc

Downloading remote file: chuka.avc

Downloading remote file: fa001.avc

Downloading remote file: base001c.avc

Downloading remote file: base002c.avc

Downloading remote file: base003c.avc

Downloading remote file: base004c.avc

Downloading remote file: base005c.avc

Downloading remote file: base006c.avc

Downloading remote file: base007c.avc

Downloading remote file: base008c.avc

Downloading remote file: base009c.avc

Downloading remote file: base010c.avc

Downloading remote file: base011c.avc

Downloading remote file: base012c.avc

Downloading remote file: base013c.avc

Downloading remote file: base014c.avc

Downloading remote file: base015c.avc

Downloading remote file: base016c.avc

Downloading remote file: base017c.avc

Downloading remote file: base018c.avc

Downloading remote file: base019c.avc

Downloading remote file: base020c.avc

Downloading remote file: base021c.avc

Downloading remote file: base022c.avc

Downloading remote file: base023c.avc

Downloading remote file: base024c.avc

Downloading remote file: base025c.avc

Downloading remote file: base026c.avc

Downloading remote file: base027c.avc

Downloading remote file: base028c.avc

Downloading remote file: base029c.avc

Downloading remote file: base030c.avc

Downloading remote file: base031c.avc

Downloading remote file: base032c.avc

Downloading remote file: base033c.avc

Downloading remote file: base034c.avc

Downloading remote file: base035c.avc

Downloading remote file: base036c.avc

Downloading remote file: base037c.avc

Downloading remote file: base038c.avc

Downloading remote file: base039c.avc

Downloading remote file: base040c.avc

Downloading remote file: base041c.avc

Downloading remote file: base042c.avc

Downloading remote file: base043c.avc

Downloading remote file: base044c.avc

Downloading remote file: base045c.avc

Downloading remote file: base046c.avc

Downloading remote file: base047c.avc

Downloading remote file: base048c.avc

Downloading remote file: base049c.avc

Downloading remote file: base050c.avc

Downloading remote file: base051c.avc

Downloading remote file: base052c.avc

Downloading remote file: base053c.avc

Downloading remote file: base054c.avc

Downloading remote file: base055c.avc

Downloading remote file: base056c.avc

Downloading remote file: base057c.avc

Downloading remote file: base058c.avc

Downloading remote file: base059c.avc

Downloading remote file: base060c.avc

Downloading remote file: base061c.avc

Downloading remote file: base062c.avc

Downloading remote file: base063c.avc

Downloading remote file: base064c.avc

Downloading remote file: base065c.avc

Downloading remote file: base066c.avc

Downloading remote file: base067c.avc

Downloading remote file: base068c.avc

Downloading remote file: base069c.avc

Downloading remote file: base070c.avc

Downloading remote file: base071c.avc

Downloading remote file: base072c.avc

Downloading remote file: base073c.avc

Downloading remote file: base074c.avc

Downloading remote file: base075c.avc

Downloading remote file: base076c.avc

Downloading remote file: base077c.avc

Downloading remote file: base078c.avc

Downloading remote file: base079c.avc

Downloading remote file: base080c.avc

Downloading remote file: base081c.avc

Downloading remote file: base082c.avc

Downloading remote file: base083c.avc

Downloading remote file: base084c.avc

Downloading remote file: base085c.avc

Downloading remote file: base086c.avc

Downloading remote file: base087c.avc

Downloading remote file: base088c.avc

Downloading remote file: base089c.avc

Downloading remote file: base090c.avc

Downloading remote file: base091c.avc

Downloading remote file: base092c.avc

Downloading remote file: base093c.avc

Downloading remote file: base094c.avc

Downloading remote file: base095c.avc

Downloading remote file: base096c.avc

Downloading remote file: base097c.avc

Downloading remote file: base098c.avc

Downloading remote file: base099c.avc

Downloading remote file: base100c.avc

Downloading remote file: base101c.avc

Downloading remote file: base102c.avc

Downloading remote file: base103c.avc

Downloading remote file: base104c.avc

Downloading remote file: base105c.avc

Downloading remote file: base106c.avc

Downloading remote file: base107c.avc

Downloading remote file: base108c.avc

Downloading remote file: base109c.avc

Downloading remote file: base110c.avc

Downloading remote file: base111c.avc

Downloading remote file: base112c.avc

Downloading remote file: base113c.avc

Downloading remote file: base114c.avc

Downloading remote file: base115c.avc

Downloading remote file: base116c.avc

Downloading remote file: base117c.avc

Downloading remote file: base118c.avc

Downloading remote file: base119c.avc

Downloading remote file: base120c.avc

Downloading remote file: base121c.avc

Downloading remote file: base122c.avc

Downloading remote file: base123c.avc

Downloading remote file: base124c.avc

Downloading remote file: base125c.avc

Downloading remote file: base126c.avc

Downloading remote file: base127c.avc

Downloading remote file: base128c.avc

Downloading remote file: base129c.avc

Downloading remote file: base130c.avc

Downloading remote file: base131c.avc

Downloading remote file: base132c.avc

Downloading remote file: dailyc.avc

Downloading remote file: ext001c.avc

Downloading remote file: ext002c.avc

Downloading remote file: ext003c.avc

Downloading remote file: ext004c.avc

Downloading remote file: ext005c.avc

Downloading remote file: ext006c.avc

Downloading remote file: ext007c.avc

Downloading remote file: ext008c.avc

Downloading remote file: ext009c.avc

Downloading remote file: ext010c.avc

Downloading remote file: ext011c.avc

Downloading remote file: ext012c.avc

Downloading remote file: ext013c.avc

Downloading remote file: ext014c.avc

Downloading remote file: ext015c.avc

Downloading remote file: ext016c.avc

Downloading remote file: ext017c.avc

Downloading remote file: ext018c.avc

Downloading remote file: ext019c.avc

Downloading remote file: ext020c.avc

Downloading remote file: ext021c.avc

Downloading remote file: ext022c.avc

Downloading remote file: ext023c.avc

Downloading remote file: daily-ec.avc

Downloading remote file: base001.avc

Downloading remote file: base002.avc

Downloading remote file: base003.avc

Downloading remote file: base004.avc

Downloading remote file: base005.avc

Downloading remote file: base006.avc

Downloading remote file: base007.avc

Downloading remote file: base008.avc

Downloading remote file: base009.avc

Downloading remote file: base010.avc

Downloading remote file: base011.avc

Downloading remote file: base012.avc

Downloading remote file: base013.avc

Downloading remote file: base014.avc

Downloading remote file: base015.avc

Downloading remote file: base016.avc

Downloading remote file: base017.avc

Downloading remote file: base018.avc

Downloading remote file: base019.avc

Downloading remote file: base020.avc

Downloading remote file: base021.avc

Downloading remote file: base022.avc

Downloading remote file: base023.avc

Downloading remote file: base024.avc

Downloading remote file: base025.avc

Downloading remote file: base026.avc

Downloading remote file: base027.avc

Downloading remote file: base028.avc

Downloading remote file: base029.avc

Downloading remote file: base030.avc

Downloading remote file: base031.avc

Downloading remote file: base032.avc

Downloading remote file: base033.avc

Downloading remote file: base034.avc

Downloading remote file: base035.avc

Downloading remote file: base036.avc

Downloading remote file: base037.avc

Downloading remote file: base038.avc

Downloading remote file: base039.avc

Downloading remote file: base040.avc

Downloading remote file: base041.avc

Downloading remote file: base042.avc

Downloading remote file: base043.avc

Downloading remote file: base044.avc

Downloading remote file: base045.avc

Downloading remote file: base046.avc

Downloading remote file: base047.avc

Downloading remote file: base048.avc

Downloading remote file: base049.avc

Downloading remote file: base050.avc

Downloading remote file: base051.avc

Downloading remote file: base052.avc

Downloading remote file: base053.avc

Downloading remote file: base054.avc

Downloading remote file: base055.avc

Downloading remote file: base056.avc

Downloading remote file: base057.avc

Downloading remote file: base058.avc

Downloading remote file: base059.avc

Downloading remote file: base060.avc

Downloading remote file: base061.avc

Downloading remote file: base062.avc

Downloading remote file: base063.avc

Downloading remote file: base064.avc

Downloading remote file: base065.avc

Downloading remote file: base066.avc

Downloading remote file: base067.avc

Downloading remote file: base068.avc

Downloading remote file: base069.avc

Downloading remote file: base070.avc

Downloading remote file: base071.avc

Downloading remote file: base072.avc

Downloading remote file: base073.avc

Downloading remote file: base074.avc

Downloading remote file: base075.avc

Downloading remote file: base076.avc

Downloading remote file: base077.avc

Downloading remote file: base078.avc

Downloading remote file: base079.avc

Downloading remote file: base080.avc

Downloading remote file: base081.avc

Downloading remote file: base082.avc

Downloading remote file: base083.avc

Downloading remote file: base084.avc

Downloading remote file: base085.avc

Downloading remote file: base086.avc

Downloading remote file: base087.avc

Downloading remote file: base088.avc

Downloading remote file: base089.avc

Downloading remote file: base090.avc

Downloading remote file: base091.avc

Downloading remote file: base092.avc

Downloading remote file: base093.avc

Downloading remote file: base094.avc

Downloading remote file: base095.avc

Downloading remote file: base096.avc

Downloading remote file: base097.avc

Downloading remote file: base098.avc

Downloading remote file: base099.avc

Downloading remote file: base100.avc

Downloading remote file: base101.avc

Downloading remote file: base102.avc

Downloading remote file: base103.avc

Downloading remote file: base104.avc

Downloading remote file: base105.avc

Downloading remote file: base106.avc

Downloading remote file: base107.avc

Downloading remote file: base108.avc

Downloading remote file: base109.avc

Downloading remote file: base110.avc

Downloading remote file: base111.avc

Downloading remote file: base112.avc

Downloading remote file: base113.avc

Downloading remote file: base114.avc

Downloading remote file: base115.avc

Downloading remote file: base116.avc

Downloading remote file: base117.avc

Downloading remote file: base118.avc

Downloading remote file: base119.avc

Downloading remote file: base120.avc

Downloading remote file: base121.avc

Downloading remote file: base122.avc

Downloading remote file: base123.avc

Downloading remote file: base124.avc

Downloading remote file: base125.avc

Downloading remote file: base126.avc

Downloading remote file: base127.avc

Downloading remote file: base128.avc

Downloading remote file: base129.avc

Downloading remote file: base130.avc

Downloading remote file: base131.avc

Downloading remote file: base132.avc

Downloading remote file: base133.avc

Downloading remote file: base134.avc

Downloading remote file: base135.avc

Downloading remote file: base136.avc

Downloading remote file: base137.avc

Downloading remote file: base138.avc

Downloading remote file: base139.avc

Downloading remote file: base140.avc

Downloading remote file: base141.avc

Downloading remote file: base142.avc

Downloading remote file: base143.avc

Downloading remote file: base144.avc

Downloading remote file: base145.avc

Downloading remote file: base146.avc

Downloading remote file: base147.avc

Downloading remote file: base148.avc

Downloading remote file: base149.avc

Downloading remote file: base150.avc

Downloading remote file: base151.avc

Downloading remote file: base152.avc

Downloading remote file: base153.avc

Downloading remote file: base154.avc

Downloading remote file: base155.avc

Downloading remote file: base156.avc

Downloading remote file: base157.avc

Downloading remote file: base158.avc

Downloading remote file: base159.avc

Downloading remote file: base160.avc

Downloading remote file: base161.avc

Downloading remote file: base162.avc

Downloading remote file: base163.avc

Downloading remote file: base999.avc

Downloading remote file: unp000.avc

Downloading remote file: unp001.avc

Downloading remote file: unp002.avc

Downloading remote file: unp003.avc

Downloading remote file: unp004.avc

Downloading remote file: unp005.avc

Downloading remote file: unp006.avc

Downloading remote file: unp007.avc

Downloading remote file: unp008.avc

Downloading remote file: unp009.avc

Downloading remote file: unp010.avc

Downloading remote file: unp011.avc

Downloading remote file: unp012.avc

Downloading remote file: unp013.avc

Downloading remote file: unp014.avc

Downloading remote file: unp015.avc

Downloading remote file: unp016.avc

Downloading remote file: unp017.avc

Downloading remote file: unp018.avc

Downloading remote file: unp019.avc

Downloading remote file: unp020.avc

Downloading remote file: unp021.avc

Downloading remote file: unp022.avc

Downloading remote file: unp023.avc

Downloading remote file: unp024.avc

Downloading remote file: unp025.avc

Downloading remote file: unp026.avc

Downloading remote file: unp027.avc

Downloading remote file: unp028.avc

Downloading remote file: unp029.avc

Downloading remote file: unp030.avc

Downloading remote file: unp031.avc

Downloading remote file: unp032.avc

Downloading remote file: unp033.avc

Downloading remote file: unp034.avc

Downloading remote file: unp035.avc

Downloading remote file: unp036.avc

Downloading remote file: unp037.avc

Downloading remote file: unp038.avc

Downloading remote file: unp039.avc

Downloading remote file: daily.avc

Downloading remote file: daily-ex.avc

Downloading remote file: urgent.avc

Downloading remote file: mail.avc

Downloading remote file: ext001.avc

Downloading remote file: ext002.avc

Downloading remote file: ext003.avc

Downloading remote file: ext004.avc

Downloading remote file: ext005.avc

Downloading remote file: ext006.avc

Downloading remote file: ext007.avc

Downloading remote file: ext008.avc

Downloading remote file: ext009.avc

Downloading remote file: ext999.avc

Downloading remote file: gen001.avc

Downloading remote file: gen002.avc

Downloading remote file: gen003.avc

Downloading remote file: gen004.avc

Downloading remote file: gen005.avc

Downloading remote file: gen999.avc

Downloading remote file: ca.avc

Downloading remote file: fa.avc

Downloading remote file: eicar.avc

Downloading remote file: verdicts.ini

Downloading remote file: engine.dt

Downloading remote file: engine.cfg

Downloading remote file: avcmhk5.mhk

Downloading remote file: black.lst

Downloading remote file: avp.set

Downloading remote file: avp_ext.set

Downloading remote file: avp_x.set

Downloading remote file: avp.vnd

Downloading remote file: avp.klb

Downloading remote file: soft.ver

Update finished. Ready to scan.

Next

Please select a target to scan:

You can configure the scanning process by pressing "Scan Settings" button.

 

 

 

Critical Areas

scan critical areas of your hard disks

specified in %windir% and %tmp% system variables

Memory

scan disk modules of running processes

My Computer

scan all your hard and mapped disks

My Email

scan all your hard and mapped disks only for the following extensions: *.PST; *.MSG; *.OST; *.MDB; *.DBX; *.EML; *.MBS

Folders...

scan selected folders

A File...

scan a one file

 

 

 

 

 

Warning: The Kaspersky Online Scanner may not run successfully while any other Anti-Virus software is running. If you have Anti-Virus software installed, please disable your AV protection before running the Kaspersky Online Scanner.

Selected target: My Computer

Source: A:\; C:\; D:\; E:\; F:\; G:\;

 

 

Report is empty.

Please note: The free Kaspersky Online Scanner does not provide comprehensive protection and cannot prevent future infections. It only detects malware that has already penetrated your storage devices. We strongly recommend that you use a fully-functional antivirus solution to protect your computer at all times.

 

Please wait, this process may take a long time depending on the selected target. If you want to continue browsing, open a new window.

 

Scan Progress [98%]:

 

 

 

 

 

Total number of scanned objects: 122038

Number of viruses found: 5

Number of infected objects: 25

Number of suspicious objects: 0

Duration of the scan process: 01:03:49

Stop Scan

 

 

 

 

 

 

 

 

Get a Free Trial

 

 

Buy Kaspersky Anti-Virus

 

 

Help

 

 

Virus Encyclopedia

 

 

Kaspersky Lab

 

 

 

 

 

 

Product Info

You have Kaspersky Online Scanner version 5.0.98.0 installed. The current anti-virus database was released on Thursday, March 20, 2008 and contains 646789 records.

 

System Info

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)Please wait while the Kaspersky Online Scanner is initializing and updating...

 

 

 

 

 

 

 

 

Copyright © Kaspersky Lab 1997 - 2007

Portions Copyright © Lan Crypto

angelique Devil Member !

angelique

Posté(e)
Posté(e)
Merci, Henri.

Encore une petite question concernant spybot : comment accepter modification (voir post précédent) que l'on a refusée une première fois ?

 

clic droit sur le teatimer dans ton systray , \ reglages \ tu arrives dans la fenetre liste noire_blanche.

Il suffit de cocher les croix en bout de ligne pour supprimer les valeurs,et que la question te soit reposée dans modif autorisées,bloquées, process autorisées,bloqués.

 

Suis le tuto que je t'ai mis de kaspersky online pour le faire correctement et enregistrer sous , le rapport e fin de scan afin de le poster.

henhal Member

henhal

Posté(e)
  • Auteur
Posté(e)

Bonjour Angélique,

 

J'ai suivi le tuto envoyé et fais les 2 scans suivants : zones critiques et poste de travail (le 2ème suffisait peut-être).

 

Voici le 1er rapport : ZONES CRITIQUES :

 

KASPERSKY ON-LINE SCANNER REPORT

Friday, March 21, 2008 6:18:49 PM

Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky On-line Scanner version : 5.0.98.0

Dernière mise à jour de la base antivirus Kaspersky : 21/03/2008

Enregistrements dans la base antivirus Kaspersky : 651745

 

 

Paramètres d'analyse

Analyser avec la base antivirus suivante étendue

Analyser les archives vrai

Analyser les bases de messagerie vrai

 

Cible de l'analyse Zones critiques

C:\WINDOWS

C:\DOCUME~1\Henri\LOCALS~1\Temp\

 

Statistiques de l'analyse

Total d'objets analysés 15854

Nombre de virus trouvés 0

Nombre d'objets infectés 0

Nombre d'objets suspects 0

Durée de l'analyse 00:10:23

 

Nom de l'objet infecté Nom du virus Dernière action

C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré

 

C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré

 

C:\WINDOWS\SoftwareDistribution\EventCache\{89406C1B-2EA6-4617-A75F-D2B4938DE6C1}.bin L'objet est verrouillé ignoré

 

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré

 

C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré

 

C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré

 

C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré

 

C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

 

C:\DOCUME~1\Henri\LOCALS~1\Temp\hpodvd09.log L'objet est verrouillé ignoré

 

C:\DOCUME~1\Henri\LOCALS~1\Temp\~DFC155.tmp L'objet est verrouillé ignoré

 

Analyse terminée.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...