zlob.downloader

[angelique]

Desactive aussi temporairement antivir pour telecharger ComboFix , et executer le CFScript

Tu le desactives via clic droit dans le systray sur le parapluie \ decoche <antivir guard enable>

[Valou-tm]

Je fait ca dès que je peux merci.

Je pense en fin de matinée (réunion de boulot tt de suite lol)

[Valou-tm]

Voici le rapport de combofix

 

 

ComboFix 08-05-27.4 - BUREAU 2008-05-28 12:02:23.2 - FAT32x86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1480 [GMT 1:00]

Endroit: C:\Documents and Settings\BUREAU\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\BUREAU\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

FILE ::

C:\WINDOWS\exnk.exe

C:\WINDOWS\mpfanvqg.dll

C:\WINDOWS\oadkxrts.exe

C:\WINDOWS\pvnsmfor.dll

C:\WINDOWS\system32\404Fix.exe

C:\WINDOWS\system32\avjwfxln.dll

C:\WINDOWS\system32\ceynllbk.dll

C:\WINDOWS\System32\drivers\elI63.sys

C:\WINDOWS\System32\drivers\kpV74.sys

C:\WINDOWS\System32\drivers\lrW73.sys

C:\WINDOWS\System32\drivers\rxF17.sys

C:\WINDOWS\system32\dumphive.exe

C:\WINDOWS\system32\hgGvuTNE.dll

C:\WINDOWS\system32\IEDFix.exe

C:\WINDOWS\system32\iifcCvWm.dll

C:\WINDOWS\system32\mlJDuUKa.dll

C:\WINDOWS\system32\opnooOfD.dll

C:\WINDOWS\system32\Process.exe

C:\WINDOWS\system32\rqRKBRlm.dll

C:\WINDOWS\system32\SrchSTS.exe

C:\WINDOWS\system32\VACFix.exe

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\vtUKcCvW.dll

C:\WINDOWS\system32\WinCtrl32.dl_

C:\WINDOWS\system32\WS2Fix.exe

C:\WINDOWS\system32\ybopsatq.dll

C:\WINDOWS\vbksrofa.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Program Files\CableRouting

C:\Program Files\CableRouting\uninstall.dat

C:\Program Files\CableRouting\Uninstall.exe

C:\WINDOWS\mpfanvqg.dll

C:\WINDOWS\system32\404Fix.exe

C:\WINDOWS\system32\avjwfxln.dll

C:\WINDOWS\system32\ceynllbk.dll

C:\WINDOWS\system32\DfOoonpo.ini

C:\WINDOWS\system32\DfOoonpo.ini2

C:\WINDOWS\system32\dumphive.exe

C:\WINDOWS\system32\IEDFix.exe

C:\WINDOWS\system32\kbllnyec.ini

C:\WINDOWS\system32\mcrh.tmp

C:\WINDOWS\system32\Process.exe

C:\WINDOWS\system32\rqRKBRlm.dll

C:\WINDOWS\system32\SrchSTS.exe

C:\WINDOWS\system32\VACFix.exe

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\WS2Fix.exe

C:\WINDOWS\system32\ybopsatq.dll

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Service_elI63

-------\Service_kpV74

-------\Service_lrW73

-------\Service_rxF17

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-22 16:19 . 2008-05-22 16:19 <REP> d-------- C:\Program Files\Lavasoft

2008-05-22 16:19 . 2008-05-22 16:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-22 16:12 . 2008-05-22 16:12 <REP> d-------- C:\Program Files\Trend Micro

2008-05-22 16:05 . 2008-05-22 16:05 <REP> d--hs---- C:\FOUND.007

2008-05-21 10:35 . 2008-05-28 11:50 2,192 --a------ C:\WINDOWS\system32\drivers\fwdrv.err

2008-05-21 09:26 . 2008-05-21 09:26 <REP> d-------- C:\Program Files\Sunbelt Software

2008-05-21 09:00 . 2008-05-21 09:00 <REP> d-------- C:\Documents and Settings\LocalService\Mes documents

2008-05-21 08:55 . 2008-05-21 08:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-05-21 08:54 . 2008-05-21 08:55 <REP> d-------- C:\Program Files\Avira

2008-05-20 16:17 . 2008-05-20 16:17 <REP> d--hs---- C:\FOUND.006

2008-05-20 14:58 . 2008-05-20 14:58 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy

2008-05-20 13:59 . 2008-05-27 10:24 3,602 --a------ C:\WINDOWS\system32\tmp.reg

2008-05-19 01:42 . 2008-05-19 01:42 127 --a------ C:\WINDOWS\system32\MRT.INI

2008-05-18 15:24 . 2008-05-18 15:24 <REP> d--hs---- C:\FOUND.005

2008-05-16 17:16 . 2008-05-19 16:20 492 --a------ C:\WINDOWS\wininit.ini

2008-05-16 16:38 . 2008-05-16 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

2008-05-14 15:42 . 2008-05-14 15:42 <REP> d-------- C:\Documents and Settings\BUREAU\Application Data\skypePM

2008-05-14 15:42 . 2008-05-14 15:42 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat

2008-05-14 15:40 . 2008-05-14 15:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype

2008-05-12 08:26 . 2008-05-12 08:26 <REP> d-------- C:\Program Files\Windows Live

2008-05-12 08:26 . 2008-05-12 08:26 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-05-12 08:26 . 2008-05-12 08:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-05-11 22:19 . 2008-05-11 22:19 <REP> d--hs---- C:\FOUND.004

2008-04-30 08:35 . 2008-04-30 08:35 <REP> d--hs---- C:\FOUND.003

2008-04-29 14:11 . 2008-04-29 14:11 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

2008-04-29 14:09 . 2008-04-29 14:09 <REP> d-------- C:\Program Files\Google

2008-04-29 11:20 . 2008-04-29 11:20 15,648 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 11:19 . 2008-04-29 11:19 15,648 --a------ C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 11:19 . 2008-04-29 11:19 12,960 --a------ C:\WINDOWS\system32\drivers\Awrtpd.sys

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-27 17:16 --------- d-----w C:\Program Files\Virtools

2008-04-03 14:47 --------- d-----w C:\Documents and Settings\BUREAU\Application Data\Ahead

2008-04-03 14:29 --------- d-----w C:\Program Files\Fichiers communs\Ahead

2008-04-03 14:29 --------- d-----w C:\Program Files\Ahead

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 09:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 09:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2008-03-13 18:58 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll

2008-03-01 17:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-02-29 09:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-02-29 09:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{65DBDFF1-42FD-4BA8-BC93-31E0FE74F72E}]

C:\WINDOWS\system32\opnooOfD.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]

"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]

"WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]

"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-29 14:16 68856]

"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-04-23 17:19 1189104]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-02-22 21:40 106496]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]

"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]

"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2005-11-08 11:23 17920]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 07:26 761945]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-12-28 12:00 569413]

"WOOWATCH"="C:\PROGRA~1\WANADOO\Watch.exe" [2002-11-12 16:34 20480]

"WOOTASKBARICON"="C:\PROGRA~1\WANADOO\TaskbarIcon.exe" [2002-11-12 16:34 45056]

"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 10:50 16855552 C:\WINDOWS\RTHDCPL.exe]

"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-10-10 06:28 36352]

"Demon"="C:\PROGRA~1\MESSAG~1\Demon.exe" [2002-09-03 11:26 40960]

"GSICONEXE"="GSICON.EXE" [2002-01-22 22:01 90112 C:\WINDOWS\system32\gsicon.exe]

"DSLAGENTEXE"="dslagent.exe" [2002-01-22 22:01 16384 C:\WINDOWS\system32\dslagent.exe]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

"00f011d9"="C:\WINDOWS\system32\ceynllbk.dll" [ ]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"D:\\World of Warcraft\\WoW-2.3.0-frFR-downloader.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Cyanide\\Chaos-League MS\\ChaosLeagueEx.exe"=

"C:\\Program Files\\Electronic Arts\\Medal of Honor Airborne\\UnrealEngine3\\Binaries\\MOHA.exe"=

"C:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=

"C:\\Program Files\\THQ\\Gas Powered Games\\GPGNet\\GPG.Multiplayer.Client.exe"=

"D:\\Strangelite\\Starship Troopers\\STGame.exe"=

"C:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=

"C:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"=

"D:\\World of Warcraft\\BackgroundDownloader.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Sunbelt Software\\Personal Firewall\\kpf4gui.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

 

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]

R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]

R2 ITECIRService;ITE Remote Control Service;C:\WINDOWS\system32\RemoteControlService.exe [2005-12-12 09:55]

R3 AVerM115;AVerM115 service;C:\WINDOWS\system32\DRIVERS\AVerM115.sys [2005-08-25 02:32]

R3 ITECIR;ITE CIR Driver;C:\WINDOWS\system32\DRIVERS\ITECIR.sys [2004-04-22 15:03]

R3 SynMini;USB2.0 1.3M Web Cam;C:\WINDOWS\system32\Drivers\SynMini.sys [2005-06-20 11:48]

R3 SynScan;USB2.0 1.3M Web Cam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys [2005-06-20 11:48]

S2 gafwload;ECI Telecom USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [2002-01-22 22:01]

S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]

S3 bDMusicb;bDMusicb;C:\DOCUME~1\BUREAU\LOCALS~1\Temp\bDMusicb.sys []

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]

\Shell\AutoRun\command - E:\OblivionLauncher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27800014-f390-11dc-9856-0017313db864}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL protector.exe

\Shell\infected\command - protector.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{339d55a0-130b-11dd-986f-0017313db864}]

\Shell\AutoRun\command - F:\EmDesk.exe

\Shell\EmDesk\command - F:\EmDesk.exe

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-28 12:10:18

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE

C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE

C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE

C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE

C:\WINDOWS\EHOME\EHRECVR.EXE

C:\WINDOWS\EHOME\EHSCHED.EXE

C:\WINDOWS\SYSTEM32\FTRTSVC.EXE

C:\PROGRAM FILES\ELECTRONIC ARTS\MEDAL OF HONOR AIRBORNE\UNREALENGINE3\MOHAGAME\PB\PNKBSTRA.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\EHOME\EHMSAS.EXE

C:\WINDOWS\SYSTEM32\ACENGSVR.EXE

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\PROGRAM FILES\WANADOO\TASKBARICON.EXE

C:\PROGRAM FILES\MESSAGER WANADOO\DEMON.EXE

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSBTMNG.EXE

C:\PROGRAM FILES\TOSHIBA\BLUETOOTH TOSHIBA STACK\TOSA2DP.EXE

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\wscntfy.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-28 12:12:46 - machine was rebooted [bUREAU]

ComboFix2.txt 2008-05-20 15:24:16

ComboFix-quarantined-files.txt 2008-05-28 11:12:40

 

Pre-Run: 13,597,507,584 octets libres

Post-Run: 13,607,010,304 octets libres

 

238 --- E O F --- 2008-05-19 00:42:40

 

 

 

 

 

et celui de hijackthis aussi

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:16:49, on 28/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\RemoteControlService.exe

C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\PROGRA~1\WANADOO\TaskbarIcon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\MESSAG~1\Demon.exe

C:\WINDOWS\system32\GSICON.EXE

C:\WINDOWS\system32\dslagent.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {65DBDFF1-42FD-4BA8-BC93-31E0FE74F72E} - C:\WINDOWS\system32\opnooOfD.dll (file missing)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe

O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [00f011d9] rundll32.exe "C:\WINDOWS\system32\ceynllbk.dll",b

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[angelique]

• relance HijackThis " do a system scan only" , coche les lignes ci dessous et clic Fixchecked":

 

O2 - BHO: (no name) - {65DBDFF1-42FD-4BA8-BC93-31E0FE74F72E} - C:\WINDOWS\system32\opnooOfD.dll (file missing)

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [00f011d9] rundll32.exe "C:\WINDOWS\system32\ceynllbk.dll",b

 

 

===> clic fixchecked

 

reposte un nouveau rapport HijackThis , COMPLET!! stp

[Valou-tm]

voici le rapport hijackthis après la manip que tu m'a demandée.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:19:34, on 28/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\WINDOWS\system32\RemoteControlService.exe

C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ATK0100\HControl.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\WINDOWS\ATK0100\ATKOSD.exe

C:\PROGRA~1\WANADOO\TaskbarIcon.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Winamp\winampa.exe

C:\PROGRA~1\MESSAG~1\Demon.exe

C:\WINDOWS\system32\GSICON.EXE

C:\WINDOWS\system32\dslagent.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe

C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe

O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\WANADOO\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\WANADOO\TaskbarIcon.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [Demon] C:\PROGRA~1\MESSAG~1\Demon.exe

O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE

O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O16 - DPF: {7DFDB8FD-B498-4958-B930-38021B94351D} (imlUCID Class) - http://imlive.com/chatsource/ImlCID.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ITE Remote Control Service (ITECIRService) - ITE Tech. Inc. - C:\WINDOWS\system32\RemoteControlService.exe

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

 

--

End of file - 9938 bytes

[angelique]

• desinstalle ComboFix en copiant_collant la ligne ci dessous dans executer et valide la, patiente quelques instant jusqu'à la fin de la desinstallation:

 

ComboFix /u

 

supprime si toujours existant c:\qoobox , c:\bug , c:\combofix

 

• supprime la sauvegarde de HijackThis, le dossier en gras:

 

C:\Program Files\Trend Micro\HijackThis\backups

 

•

Re bonjour

Juste pour vous préciser que j'ai installé antivir jeudi dernier et il apparait un message d'alerte de ce programme à chaque fois que je lance une nouvelle application. Ce message est en rapport avec le virtuamonde je pense (mais je n'arrive pas à copier l'imprimécran)

 

ton probleme est quasiment résolu , n'est ce pas ?

 

• il te reste à faire un scan antivir , quarantaine les restes qu'il trouve , et poste le rapport

[Valou-tm]

voici le rapport antivir et merci beaucoup de ton aide il n'y a plus rien par spybot non plus alors qu'avant il trouvé le virtuamonde et le zlob.downloader.

 

Avira AntiVir Personal

Report file date: mercredi 28 mai 2008 15:23

 

Scanning for 1295437 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: NOM-74CE8B1576C

 

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 10:02:58

AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 09:43:38

LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 09:41:24

LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 09:28:42

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 11:33:34

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:08:58

ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 07:58:44

ANTIVIR3.VDF : 7.0.4.106 279040 Bytes 28/05/2008 12:31:48

Engineversion : 8.1.0.46

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 10:58:22

AESCRIPT.DLL : 8.1.0.33 266618 Bytes 21/05/2008 07:59:04

AESCN.DLL : 8.1.0.18 119156 Bytes 21/05/2008 07:59:02

AERDL.DLL : 8.1.0.20 418165 Bytes 21/05/2008 07:59:00

AEPACK.DLL : 8.1.1.5 364918 Bytes 21/05/2008 07:58:58

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 21/05/2008 07:58:56

AEHEUR.DLL : 8.1.0.29 1253750 Bytes 21/05/2008 07:58:56

AEHELP.DLL : 8.1.0.14 115063 Bytes 21/05/2008 07:58:52

AEGEN.DLL : 8.1.0.21 303477 Bytes 21/05/2008 07:58:50

AEEMU.DLL : 8.1.0.6 430451 Bytes 21/05/2008 07:58:50

AECORE.DLL : 8.1.0.29 168311 Bytes 21/05/2008 07:58:48

AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 18:07:54

AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 11:37:52

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 14:26:48

AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 18:07:50

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:24

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 09:31:32

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:04

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 18:08:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:12

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 15:37:26

RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 13:02:12

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: mercredi 28 mai 2008 15:23

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned

Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned

Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned

Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned

Scan process 'KPF4SS.EXE' - '1' Module(s) have been scanned

Scan process 'TosBtProc.exe' - '1' Module(s) have been scanned

Scan process 'TosOBEX.exe' - '1' Module(s) have been scanned

Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned

Scan process 'CLI.EXE' - '1' Module(s) have been scanned

Scan process 'CLI.EXE' - '1' Module(s) have been scanned

Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned

Scan process 'TosBtHid.exe' - '1' Module(s) have been scanned

Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned

Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned

Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned

Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned

Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned

Scan process 'DSLAGENT.EXE' - '1' Module(s) have been scanned

Scan process 'GSICON.EXE' - '1' Module(s) have been scanned

Scan process 'Demon.exe' - '1' Module(s) have been scanned

Scan process 'WINAMPA.EXE' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned

Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned

Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned

Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned

Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned

Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned

Scan process 'ACEngSvr.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'CLI.EXE' - '1' Module(s) have been scanned

Scan process 'EHMSAS.EXE' - '1' Module(s) have been scanned

Scan process 'ACMON.EXE' - '1' Module(s) have been scanned

Scan process 'WCOURIER.EXE' - '1' Module(s) have been scanned

Scan process 'EHTRAY.EXE' - '1' Module(s) have been scanned

Scan process 'HControl.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'dllhost.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned

Scan process 'RemoteControlService.exe' - '1' Module(s) have been scanned

Scan process 'FTRTSVC.EXE' - '1' Module(s) have been scanned

Scan process 'ehSched.exe' - '1' Module(s) have been scanned

Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned

Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned

Scan process 'SCHED.EXE' - '1' Module(s) have been scanned

Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned

Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned

Scan process 'SMSS.EXE' - '1' Module(s) have been scanned

66 processes with 66 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '37' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\'

 

 

End of the scan: mercredi 28 mai 2008 15:56

Used time: 32:55 min

 

The scan has been done completely.

 

6831 Scanning directories

217624 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

217624 Files not concerned

7168 Archives were scanned

2 Warnings

0 Notes

[angelique]

 

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

 

Tu as bien bossé , c'est OK ; je pense que tu peux utiliser l'onglet "editer" sous ton 1er sujet, et mettre [resolu] dans le titre.

 

@+

[Lien Rag]

étant en déplacement...

 

Merci Angélique

 

et tiens ça aussi :