avg 8.0 et winlogon.exe

[marc2006]

Bonjour,

 

suite à l'installation d'AVG antivirus 8.0, j'ai fait le scan whole computer, avec fast scan et toutes les options cochées, et le résultat m'irrite !!

 

AVG me détecte c:\windows\system32\winlogon.exe et c:\windows\system32\imjputyc32.dll comme "trojan horse downloader small ao 60"

 

Que dois je faire ?

 

Merci

[Thanos]

salut

 

Est ce que tu peux poster le rapport suivant stp ? >>

 

Télécharge Deckard's System Scanner (DSS) sur ton bureau.

Tu dois possèder les droits administrateurs pour le lancer.

• Ferme toutes les applications en cours (fenêtres internet etc...)
  
• Double-clique sur dss.exe pour lancer le programme.
  
• DSS va afficher un message et te proposer d'installer Hijackthis: clique sur OUI.
  
• Un nouveau message va te demander de t'assurer que ton pare-feu (si tu en as un) accepte bien la connexion de DSS.exe à internet: clique sur OK et donne lui l'accès si tu reçois une alerte de ton pare-feu.
  
• Lorsque le scan est terminé, deux fichiers texte vont s'ouvrir.
  
• Poste le contenu du rapport nommé main.txt
  
• Si tu ne vois pas le rapport, tu le trouvera dans le dossier suivant > C:\Deckard\System Scanner
  

Que fait DSS ? >

• Il créé un point de restauration pour Windows Xp et Vista.
  
• Il nettoie les fichiers temporaires, le contenu du dossier Downloaded Program Files, le cache internet,et vide aussi la corbeille sur tous les lecteurs.
  
• Il contrôle quelques points névralgiques du système et produit un rapport à soumettre à un analyste.
  
• DSS lance automatiquement HijackThis,si tu ne possèdes pas ce programme, il va l'installer et créer un raccourci sur le bureau.
  

Est ce que tu as un rapport de AVG 8 ? si oui, poste son contenu.

[marc2006]

Deckard's System Scanner v20071014.68
Run by Marc on 2008-05-22 17:10:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

CreateFirstRunRp is disabled or missing; attempting to fix...success.
System Restore is disabled; attempting to re-enable...success.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Marc.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:23, on 22/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\CachemanXP\CachemanXP.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\RbtProt\sgsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
C:\Program Files\Nero\Nero8\InCD\InCD.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\HDD Health\hddhealth.exe
C:\Program Files\Privoxy\privoxy.exe
C:\WINDOWS\PwrBst2k.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
D:\Documents\donnees\sauvegarde\Desktop\dss.exe
C:\PROGRA~1\Trend Micro\HijackThis\Marc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - Default URLSearchHook is missing
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero8\InCD\InCD.exe
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\Outpost Firewall Pro\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Power Booster 2k.lnk = C:\WINDOWS\PwrBst2k.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Privoxy\privoxy.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Microsoft Expression\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190709540953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190709529437
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwaredetection_2_0_4_12.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4675AA24-772B-4583-88AB-FF2B280C1D27}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{F528CA19-E34D-4627-9ABE-6147FC11DB66}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "c:\Program Files\BinarySense\HDDlife 3\hlAPP.dll" (file missing)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpost,firewall,pro\wl_hook.dll,clkern.dll,avgrsstx.dll
O20 - Winlogon Notify: imjputyc32 - C:\WINDOWS\SYSTEM32\imjputyc32.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\Outpost Firewall Pro\acs.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CachemanXP\CachemanXP.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Personnel 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Pro Personnel 2007.SP1\RpcSandraSrv.exe
O23 - Service: SoftGuard Service (SG_Service) - Unknown owner - C:\Program Files\Common Files\RbtProt\sgsrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 9276 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*[/COLOR]
[COLOR=red].cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 hotcore2 - c:\windows\system32\drivers\hotcore2.sys <Not Verified; Paragon Software Group; HotBackup>
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 Ext2fs - c:\windows\system32\drivers\ext2fs.sys <Not Verified; Stephan Schreiber; Ext2 IFS for Windows XP/2003 (x86)>
R1 Ext2Fsd (Linux ext2 file system driver) - c:\windows\system32\drivers\ext2fsd.sys <Not Verified; www.ext2fsd.com; Ext2 File System Driver>
R1 IfsMount - c:\windows\system32\drivers\ifsmount.sys <Not Verified; Stephan Schreiber; IFS for Windows XP/2003 (x86)>
R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R1 VENABLER - c:\windows\system32\drivers\venabler.sys <Not Verified; George E. Breese; George's Memory-Interleave Enabler for Via chipsets>
R1 VLATENCY - c:\windows\system32\drivers\vlatency.sys <Not Verified; George E. Breese; PCI LATENCY patch for VIA chipsets>
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.5.3.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.5.3.0>
R2 dk2drv (DK2 WindowsNT Driver) - c:\windows\system32\drivers\dk2drv.sys <Not Verified; Data Encryption Systems Limited; DK2 DESkey>
R2 FLE5WNNT (FLE-5 WindowsNT Driver) - c:\windows\system32\drivers\fle5wnnt.sys <Not Verified; Data Encryption Systems Limited; NMP FLS-1>
R2 FLSIFACE - c:\windows\system32\drivers\flsiface.sys <Not Verified; Data Encryption Systems Limited; FLSIface>
R2 FLSPAR - c:\windows\system32\drivers\flspar.sys <Not Verified; Data Encryption Systems Limited; FLSPar>
R2 FLSSER - c:\windows\system32\drivers\flsser.sys <Not Verified; Data Encryption Systems Limited; FLSSer>
R2 FLSVCOM - c:\windows\system32\drivers\flsvcom.sys <Not Verified; Data Encryption Systems Limited; FLSVCom>
R2 Hardlock - c:\windows\system32\drivers\hardlock.sys
R2 haspflt - c:\windows\system32\drivers\haspflt.sys
R2 Haspnt - c:\windows\system32\drivers\haspnt.sys <Not Verified; Aladdin Knowledge Systems; Windows NT HASP Kernel Device Driver>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 pgfilter - c:\program files\peerguardian2\pgfilter.sys

S1 bcbus (BestCrypt bus driver) - c:\windows\system32\drivers\bcbus.sys (file missing)
S1 SysTool (SysTool Overclocking Utility) - c:\windows\system32\drivers\systool.sys <Not Verified;; Low-Level Driver>
S3 BioNT_BS - c:\program files\paragon software\partition manager 8.0 professional\bluescrn\biont_bs.sys
S3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
S3 sstealth.dll (Outpost Firewall PlugIn (sstealth.dll)) - c:\program files\agnitum\outpost firewall\kernel\sstealth.dll (file missing)
S3 TucbDriverV32 - c:\windows\system32\drivers\tucbdriverv32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver>
S3 TucbVideo32 - c:\windows\system32\drivers\tucbvideo32.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 802.11g Wireless LAN PCI
Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00201371&REV_01\3&13C0B0C5&0&48
Manufacturer: Ralink Technology, Inc.
Name: 802.11g Wireless LAN PCI
PNP Device ID: PCI\VEN_1814&DEV_0201&SUBSYS_00201371&REV_01\3&13C0B0C5&0&48
Service: RT2500

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Serial
Device ID: ROOT\LEGACY_SERIAL\0000
Manufacturer: 
Name: Serial
PNP Device ID: ROOT\LEGACY_SERIAL\0000
Service: Serial

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (L2TP)
Device ID: ROOT\MS_L2TPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (L2TP)
PNP Device ID: ROOT\MS_L2TPMINIPORT\0000
Service: Rasl2tp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (IP)
Device ID: ROOT\MS_NDISWANIP\0000
Manufacturer: Microsoft
Name: WAN Miniport (IP)
PNP Device ID: ROOT\MS_NDISWANIP\0000
Service: NdisWan

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (PPPOE)
Device ID: ROOT\MS_PPPOEMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPPOE)
PNP Device ID: ROOT\MS_PPPOEMINIPORT\0000
Service: RasPppoe

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: WAN Miniport (PPTP)
Device ID: ROOT\MS_PPTPMINIPORT\0000
Manufacturer: Microsoft
Name: WAN Miniport (PPTP)
PNP Device ID: ROOT\MS_PPTPMINIPORT\0000
Service: PptpMiniport

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Direct Parallel
Device ID: ROOT\MS_PTIMINIPORT\0000
Manufacturer: Microsoft
Name: Direct Parallel
PNP Device ID: ROOT\MS_PTIMINIPORT\0000
Service: Raspti

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Terminal Server Device Redirector
Device ID: ROOT\RDPDR\0000
Manufacturer: (Standard system devices)
Name: Terminal Server Device Redirector
PNP Device ID: ROOT\RDPDR\0000
Service: rdpdr

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Terminal Server Keyboard Driver
Device ID: ROOT\RDP_KBD\0000
Manufacturer: (Standard system devices)
Name: Terminal Server Keyboard Driver
PNP Device ID: ROOT\RDP_KBD\0000
Service: TermDD

Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
Description: Terminal Server Mouse Driver
Device ID: ROOT\RDP_MOU\0000
Manufacturer: (Standard system devices)
Name: Terminal Server Mouse Driver
PNP Device ID: ROOT\RDP_MOU\0000
Service: TermDD


-- Files created between 2008-04-22 and 2008-05-22 -----------------------------

2008-05-22 17:18:20		 0 d-------- C:\Program Files\Trend Micro
2008-05-22 16:41:03		 0 d--h----- C:\$AVG8.VAULT$
2008-05-22 11:39:57	   128 --a------ C:\WINDOWS\UC_UNIV.DAT
2008-05-22 11:39:57		 0 d-------- C:\Documents and Settings\All Users\Application Data\Link Data Security
2008-05-22 11:29:11		 0 d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-22 11:29:11		 0 d-------- C:\Documents and Settings\Marc\Application Data\AVGTOOLBAR
2008-05-22 11:29:02		 0 d-------- C:\Program Files\AVG
2008-05-22 11:29:01		 0 d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-22 11:24:24	 64512 --ah----- C:\Documents and Settings\Marc\Application Data\dach100.dll
2008-05-22 10:44:05		 0 d-------- C:\Documents and Settings\All Users\Application Data\UniversalisV13
2008-05-22 10:42:07	102400 --a------ C:\WINDOWS\Unzip32.dll <Not Verified; Info-ZIP; Info-ZIP's UnZip Windows DLL>
2008-05-22 10:42:07		 0 d-------- C:\Program Files\Universalis
2008-05-22 10:40:14	327168 --a------ C:\WINDOWS\IsUn040c.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-05-21 11:34:52		 0 d-------- C:\Converted
2008-05-21 11:16:36		 0 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-05-21 11:12:13	  3768 --a------ C:\WINDOWS\system32\drivers\TucbVideo32.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
2008-05-21 11:12:13	508544 --a------ C:\WINDOWS\system32\drivers\TucbDriverV32.sys <Not Verified; Windows (R) 2000/XP; Windows (R) 2000/XP Driver>
2008-05-18 08:17:55	163328 -r-hs---- C:\WINDOWS\system32\flvDX.dll <Not Verified; Gabest; FLV Splitter>
2008-05-18 08:16:51		 0 d-------- C:\Program Files\eRightSoft
2008-05-17 21:37:24		 0 d-------- C:\Program Files\Flash SWF to GIF JPEG Converter
2008-05-16 00:20:57		 0 d--hs---- C:\Diskeeper
2008-05-11 19:30:37		 0 d-------- C:\Program Files\Magic Swf2Gif
2008-05-11 19:13:59		 0 d-------- C:\Program Files\Passware
2008-05-11 18:48:41		 0 d-------- C:\Program Files\SWF-AVI-GIF Converter
2008-05-11 09:08:26		 0 d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2008-05-11 09:08:07		 0 d-------- C:\Program Files\Diskeeper Corporation
2008-05-11 08:47:34		 0 d-------- C:\Program Files\Common Files\EZB Systems
2008-05-11 08:47:15		 0 d-------- C:\Program Files\UltraISO
2008-05-11 07:23:13		 0 d-------- C:\Program Files\SiSoftware
2008-05-01 17:29:27		 0 d-------- C:\WINDOWS\system32\system
2008-05-01 12:05:17		 0 d-------- C:\Documents and Settings\Marc\Application Data\X-Setup Pro
2008-05-01 12:05:16		 0 d-------- C:\Program Files\X-Setup Pro
2008-05-01 12:05:16		 0 d-------- C:\Documents and Settings\All Users\Application Data\X-Setup Pro
2008-04-30 20:29:09		 0 d-------- C:\Program Files\RM to MP3 Converter
2008-04-30 15:16:43		 0 d-------- C:\Program Files\msn gaming zone
2008-04-29 20:02:40		 0 d-------- C:\Program Files\Messenger
2008-04-29 20:02:36		 0 d-------- C:\WINDOWS\system32\inetsrv
2008-04-29 20:02:28		 0 d-------- C:\WINDOWS\system32\usmt
2008-04-29 20:02:27		 0 d-------- C:\WINDOWS\system32\scripting
2008-04-29 20:02:26		 0 d-------- C:\WINDOWS\l2schemas
2008-04-29 20:02:25		 0 d-------- C:\WINDOWS\system32\bits
2008-04-29 19:58:47		 0 d-------- C:\WINDOWS\network diagnostic
2008-04-29 16:17:03	 92160 --a------ C:\WINDOWS\haspms32.dll <Not Verified; Aladdin Knowledge Systems.; Win32 DLL for Microsoft C>
2008-04-26 21:37:55	 63488 --a------ C:\WINDOWS\system32\HaspEmu.dll
2008-04-25 21:21:30		 0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-25 21:14:39	 29024 --a------ C:\WINDOWS\system32\drivers\haspflt.sys
2008-04-25 21:14:33	   383 --a------ C:\WINDOWS\system32\drivers\haspdos.sys
2008-04-25 21:11:35	304640 --a------ C:\WINDOWS\system32\hlvdd.dll <Not Verified; Aladdin Knowledge Systems; Hardlock Win32 DLL>
2008-04-25 21:09:13		 0 d-------- C:\HaspEmulPE.XP
2008-04-25 20:59:31	 40960 --a------ C:\WINDOWS\system32\hinsrv.exe


-- Find3M Report ---------------------------------------------------------------

2008-05-22 17:17:09		 0 d-------- C:\Program Files\PeerGuardian2
2008-05-22 16:59:29		 0 d-------- C:\Documents and Settings\Marc\Application Data\SiteAdvisor
2008-05-22 15:35:11		 0 d-------- C:\Documents and Settings\Marc\Application Data\FileZilla
2008-05-22 11:24:26		66 --a------ C:\WINDOWS\anticrash.dat
2008-05-22 11:24:22		60 --a------ C:\WINDOWS\zoom.dat
2008-05-22 11:24:22		61 --a------ C:\WINDOWS\hare.dat
2008-05-22 11:24:13		 0 d-------- C:\Program Files\HDD Health
2008-05-22 10:15:13		 0 d-------- C:\Program Files\eMule
2008-05-21 10:30:55	   338 --ah----- C:\WINDOWS\winshell.dat
2008-05-20 15:35:40		 0 d-------- C:\Documents and Settings\Marc\Application Data\Azureus
2008-05-19 20:58:24		 0 d-------- C:\Program Files\ROBOT Office
2008-05-11 20:23:23	   287 --ah----- C:\WINDOWS\sysdata.dat
2008-05-11 08:47:34		 0 d-------- C:\Program Files\Common Files
2008-05-11 07:15:34		 0 d-------- C:\Program Files\SpeedFan
2008-05-10 20:05:22		 0 d-------- C:\Documents and Settings\Marc\Application Data\DMCache
2008-05-01 17:34:25		 0 d-------- C:\Program Files\Common Files\RbtProt
2008-05-01 17:34:04		 0 d-------- C:\Program Files\Common Files\RoboBat
2008-05-01 17:21:00		15 -rahs---- C:\WINDOWS\vitxvda
2008-05-01 17:09:20		 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-29 20:02:26		 0 d-------- C:\Program Files\Windows NT
2008-04-29 20:02:25		 0 d-------- C:\Program Files\Movie Maker
2008-04-17 09:09:13		 0 d-------- C:\Program Files\Ext2Fsd
2008-04-16 17:04:36		 0 d-------- C:\Program Files\Mozilla Thunderbird
2008-04-16 12:00:04		 0 d-------- C:\Program Files\RALINK
2008-04-15 18:08:05		 0 d-------- C:\Program Files\splus
2008-04-15 07:07:42		 0 d-------- C:\Program Files\BPFTP Server
2008-04-12 13:17:29		93 --ahs---- C:\_sg3bklhxbsg
2008-04-12 08:11:29		 0 d-------- C:\Documents and Settings\Marc\Application Data\Robobat
2008-04-12 07:54:56		 0 d-------- C:\Program Files\Common Files\InstallShield
2008-04-12 07:53:57	   383 --a------ C:\WINDOWS\system32\haspdos.sys
2008-04-10 18:51:14		 0 d-------- C:\Program Files\Azureus
2008-04-10 09:26:06		 0 d-------- C:\Program Files\FileZilla FTP Client
2008-04-10 09:25:59		 0 d-------- C:\Program Files\FileZilla


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
22/05/2008 11:29	2051328	--a------	C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [09/06/2007 00:53]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [01/03/2007 15:57]
"SecurDisc"="C:\Program Files\Nero\Nero8\InCD\NBHGui.exe" [13/12/2007 23:02]
"InCD"="C:\Program Files\Nero\Nero8\InCD\InCD.exe" [13/12/2007 23:02]
"OutpostFeedBack"="C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" [19/12/2007 13:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2006 16:57]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\Outpost Firewall Pro\op_mon.exe" [20/12/2007 17:48]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [22/05/2008 11:29]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [07/07/2006 18:45]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [18/09/2005 19:40]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [07/11/2007 16:34]
"HDDHealth"="C:\Program Files\HDD Health\hddhealth.exe" [24/06/2005 09:17]

C:\Documents and Settings\Marc\Start Menu\Programs\Startup\
AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [12/17/2002 12:00:44 PM]
Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [9/21/2002 12:26:40 PM]
Power Booster 2k.lnk - C:\WINDOWS\PwrBst2k.exe [2/9/2004 10:18:32 AM]
Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [9/21/2002 12:27:14 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Privoxy.lnk - C:\Program Files\Privoxy\privoxy.exe [11/20/2006 4:30:54 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"=1 (0x1)
"NoInternetIcon"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy] 
C:\WINDOWS\System32\dimsntfy.dll 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\imjputyc32] 
imjputyc32.dll 01/06/2004 10:05 8704 C:\WINDOWS\system32\imjputyc32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\progra~1\agnitum\outpost,firewall,pro\wl_hook.dll,clkern.dll,avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"eyeBeam SIP Client"="C:\Program Files\CounterPath\X-Lite\x-lite.exe"
"Total Uninstall Agent"="C:\Program Files\Total Uninstall 4\TuAgent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AudioDeck"=C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs	eaphost
dot3svc	dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38827937-12f6-11dd-bd1d-0008a196728c}]
AutoRun\command- G:\Installez_Universalis_V13.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50928ef8-57e1-11dc-b6c1-0013d3a2665b}]
AutoRun\command- F:\AUTORUN.EXE

*Newly Created Service* - AVG8EMC
*Newly Created Service* - AVG8WD
*Newly Created Service* - AVGLDX86
*Newly Created Service* - AVGMFX86
*Newly Created Service* - AVGRKX86
*Newly Created Service* - AVGTDIX
*Newly Created Service* - PGFILTER



-- Hosts -----------------------------------------------------------------------

127.0.0.1	localhost
127.0.0.1	filtered.by.edexter
127.0.0.1	0.gohip.com
127.0.0.1	0000000.free.fr
127.0.0.1	0000-sex-pics.com
127.0.0.1	0001abbottspics.com
127.0.0.1	0007dildosnvibrators.com
127.0.0.1	000babes.com
127.0.0.1	000bondage.com
127.0.0.1	000buy.com #site parasite de e-commerce

293308 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-05-22 17:24:55 ------------

 

voilà pour dss.exe ! au passage, la restauration du système est désinstallé !

 

pour avg, il a pas encore fini !

[marc2006]

rapport avg :

"Scan ""Scan whole computer"" was finished."
"Infections found:";"8"
"Infected objects removed or healed";"3"
"Not removed or healed.";"0"
"Spyware found:";"2"
"Spyware removed:";"2"
"Not removed:";"0"
"Warnings count:";"53"
"Information count:";"0"
"Scan started:";"jeudi 22 mai 2008, 16:40:53"
"Total object scanned:";"724693"
"Time needed:";"1 hour(s) 23 minute(s) 14 second(s) "
"Errors encountered:";"0"

"Infections"
"File";"Infection";"Result"
"C:\WINDOWS\system32\imjputyc32.dll";"Trojan horse Downloader.Small.60.AO";"Reboot is required to finish the action"
"C:\WINDOWS\system32\winlogon.exe (616)";"Trojan horse Downloader.Small.60.AO";"Reboot is required to finish the action"
"C:\WINDOWS\system32\imjputyc32.dll";"Trojan horse Downloader.Small.60.AO";"Reboot is required to finish the action"

"Spyware"
"File";"Infection";"Result"
"D:\Documents\donnees\sauvegarde\Desktop\important\webmediaplayer_setup.exe";"Adware Generic2.FIR";"Deleted"
"D:\Documents\Downloads\Compressed\EvID4226Patch.exe";"Potentially harmful program HackTool.AB";"Deleted"

"Warnings"
"File";"Infection";"Result"
"HKLM\SOFTWARE\Classes\CLSID\{4402C74B-B776-4F33-8263-819FB0356D68}\TypeLib";"Found Adware.HiWire";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{00110011-4B0B-44D5-9718-90C88817369B}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{01E69986-A054-4C52-ABE8-EF63DF1C5211}";"Found Adware.CramToolbar";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{086AE192-23A6-48D6-96EC-715F53797E85}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{11904CE8-632A-4856-A7CC-00B33FE71BD8}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{150FA160-130D-451F-B863-B655061432BA}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C4DA27D-4D52-4465-A089-98E01BB725CA}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1C78AB3F-A857-482e-80C0-3A1E5238A565}";"Found Adware.Isearch";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{20929603-21DB-477C-BA6F-0B8E70B3C8A0}";"Found Adware.CramToolbar";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D38A51A-23C9-48a1-A33C-48675AA2B494}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{364B6276-C6C1-40B6-A6D7-6C48871FD707}";"Found Adware.Accoona";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}";"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{3D782BB3-F2A5-11D3-BF4C-000000000000}";"Found Adware.ActivShopper";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}";"Found Adware.NewDotNet";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C}";"Found Adware.NewDotNet";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{4E7BD74F-2B8D-469E-DEFF-ED65A486AA28}";"Found Adware.UpSpiralBar";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{5345A7A9-805A-4923-B505-86B2FEBA3FE0}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{6B035665-6C0D-4388-AD11-B28314DCA59B}";"Found Adware.EZ-Tracks";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{736b5468-bdad-41be-92d0-22ae2ddf7bcb}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{74CC49F7-EB32-4A08-B204-948962A6E3DB}";"Found Adware.RogueSuspect";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C}";"Found Adware.SearchMaid";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7FD44536-9DF0-4034-939F-5BD4D98E3187}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{804DB5C7-31E6-4885-850A-F1941B58A4C7}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8333C319-0669-4893-A418-F56D9249FCA6}";"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{88D758A3-D33B-45FD-91E3-67749B4057FA}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{8DFD5077-FB25-4397-8D9F-ACFB8CC7E34B}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{98A7C97A-4FFF-4F6E-A313-D21BC759DD99}";"Found Adware.SearchIT";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF}";"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{a19ef336-01d4-48e6-926a-fe7e1c747aed}";"Found Adware.MWSearch";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A20CC53E-61FE-4788-85FF-A0F9C9B4C2A9}";"Found Adware.CommanderNET";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A6F42CAD-2559-48DF-AF30-89E480AF5DFA}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A8FB8EB3-183B-4598-924D-86F0E5E37085}";"Found Adware.WhyPPC";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{AC3AEF75-0A6B-4AB8-82B5-2C9BA8396644}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{C95FE080-8F5D-11D2-A20B-00AA003C157A}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CE7C3CF0-4B15-11D1-ABED-709549C10000}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{CF021F40-3E14-23A5-CBA2-717765721306}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2B2B5A1-B48C-4886-A318-723916A01024}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E3EEBBE8-9CAB-4C76-B26A-747E25EBB4C6}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E6D5237D-A6C7-4C83-A67F-F9F15586FA62}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E7AFFF2A-1B57-49C7-BF6B-E5123394C970}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{E8EDB60C-951E-4130-93DC-FAF1AD25F8E7}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{EA0D26BD-9029-431A-86E0-83152D67828A}";"Found Adware.180Solutions";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F1FABE79-25FC-46de-8C5A-2C6DB9D64333}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{F43BD772-ABDD-43B7-A96A-3E9E61946EC0}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FCADDC14-BD46-408A-9842-CDBE1C6D37EB}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FD9BC004-8331-4457-B830-4759FF704C22}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FF1BF4C7-4E08-4A28-A43F-9D60A9F7A880}";"Found Adware.Generic";"Potentially dangerous object"
"HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{FFD2825E-0785-40C5-9A41-518F53A8261F}";"Found Adware.TitanShieldAntispyware";"Potentially dangerous object"

 

petite question encore : existe t il une quarantaine dans avg !?!

 

Merci.

[Thanos]

Salut

 

petite question encore : existe t il une quarantaine dans avg !?!

Oui bien sûr (comme dans tout antivirus digne de ce nom). Quel élément souhaites tu restaurer ?? Le patch pour tcpip.sys ? Pour savoir comment restaurer un fichier qui se trouve dans la quarantaine de AVG, consulte ce tutoriel >> http://www.malekal.com/tutorial_AVG8.php#mozTocId860221

 

Je vais te demander de faire un scan et de m'expédier un fichier avant de continuer la désinfection stp >>

 

Assure toi que les contrôles activeX soient bien configurés dans les options internet comme décrit sur ce lien=> Cybersécurité

 

1°) Le scan en ligne >>

• Fais un scan en ligne Kaspersky
  
• Clique sur Accept
  
• Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.
  
• clique une nouvelle fois sur "Accept"
  
• Les bases de mises à jour vont s'installer, patiente un moment
  
• Clique sur Next.
  
• Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.
  

 

A la fin du scan, si des objets infectés sont découverts, clique sur Save report as... Choisis bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisis "fichiers texte" enregistre alors le rapport.

 

Copie/colle la totalité du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

 

Colle ce rapport dans ta réponse sur le forum.

 

Aide en cas de problème :Cybersécurité

 

NOTE: Le scan est à faire avec Internet Explorer.

 

2°) L'upload du fichier >>

• Rend toi sur cette page > http://www.sendspace.com
  
• Clique sur le bouton "Parcourir": une fenêtre s'ouvre=> copie/colle ceci dans le champs à droite de "Nom du Fichier" en bas de page >> C:\WINDOWS\SYSTEM32\imjputyc32.dll
  
• Clique maintenant sur "ouvrir" en bas de la fenêtre.
  
• Coche la case "I have read and agree to the terms of service."
  
• Clique enfin sur le bouton Upload File .
  
• Une nouvelle fenêtre va s'ouvrir et te donner le lien d'upload : envoie le moi par MP stp
  

@+

Modifié le 22 mai 2008 par Thanos

[marc2006]

Salut,

 

je viens de m'apercevoir que AVG a supprimé ( soit supprimé soit déplacé en quarantaine ) les fichiers ( les 3 ), imputyc32.dll est en quarantaine, mais je n'arrive pas a le restorer !

 

Bon, je vais quand même faire l'analyse en ligne Kaspersky, puis t'envoyer le rapport !

 

Par contre, pour le fichier donc, il n'est plus là, il a été déplacé en quarantaine par AVG !

 

A+

[Thanos]

salut,

 

Ok, pas grave pour le fichier en attente du rapport Kaspersky

[marc2006]

salut,

 

Ok, pas grave pour le fichier en attente du rapport Kaspersky

 

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, May 24, 2008 1:03:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/05/2008
Kaspersky Anti-Virus database records: 799589
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
S:\

Scan Statistics:
Total number of scanned objects: 132309
Number of viruses found: 14
Number of infected objects: 34
Number of suspicious objects: 0
Duration of the scan process: 04:21:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg8\AvgAm\avgam.lck	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgam.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgns.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgsched.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgui.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f6fv9i99.default\Cache\Cache\_CACHE_001_	Object is locked	skipped
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f6fv9i99.default\Cache\Cache\_CACHE_002_	Object is locked	skipped
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f6fv9i99.default\Cache\Cache\_CACHE_003_	Object is locked	skipped
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f6fv9i99.default\Cache\Cache\_CACHE_MAP_	Object is locked	skipped
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f6fv9i99.default\cert8.db	Object is locked	skipped
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f6fv9i99.default\formhistory.dat	Object is locked	skipped
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f6fv9i99.default\history.dat	Object is locked	skipped
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f6fv9i99.default\key3.db	Object is locked	skipped
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f6fv9i99.default\parent.lock	Object is locked	skipped
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f6fv9i99.default\search.sqlite	Object is locked	skipped
C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\f6fv9i99.default\urlclassifier2.sqlite	Object is locked	skipped
C:\Documents and Settings\Marc\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Messenger\ContactsLog.txt	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Messenger\MsnMsgr.txt	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Windows Live Contacts\{158c046f-34d3-40a9-a571-07c4b044b177}\DBStore\contacts.edb	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Windows Live Contacts\{158c046f-34d3-40a9-a571-07c4b044b177}\DBStore\LogFiles\edb.log	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Windows Live Contacts\{158c046f-34d3-40a9-a571-07c4b044b177}\DBStore\LogFiles\edbtmp.log	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Windows Live Contacts\{158c046f-34d3-40a9-a571-07c4b044b177}\DBStore\tempedb.edb	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Windows Live Contacts\{ccc6f71c-f44c-4811-89ac-0d1de3be2daf}\DBStore\contacts.edb	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Windows Live Contacts\{ccc6f71c-f44c-4811-89ac-0d1de3be2daf}\DBStore\LogFiles\edb.log	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Windows Live Contacts\{ccc6f71c-f44c-4811-89ac-0d1de3be2daf}\DBStore\LogFiles\edbtmp.log	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Windows Live Contacts\{ccc6f71c-f44c-4811-89ac-0d1de3be2daf}\DBStore\tempedb.edb	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Marc\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Marc\NTUSER.DAT.LOG	Object is locked	skipped
C:\Documents and Settings\Marc\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog	Object is locked	skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG	Object is locked	skipped
C:\Program Files\Agnitum\Outpost Firewall Pro\log\net.log	Object is locked	skipped
C:\Program Files\BPFTP Server\bpftpserver.exe	Infected: not-a-virus:Server-FTP.Win32.BulletProof.231	skipped
C:\Program Files\Nokia\Phoenix\tp\bfat\instr_if\i_shared\indiftpd.exe	Infected: not-a-virus:Server-FTP.Win32.Indi.a	skipped
C:\Program Files\PeerGuardian2\history.db	Object is locked	skipped
C:\Program Files\Privoxy\privoxy.log	Object is locked	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\ODiag.evt	Object is locked	skipped
C:\WINDOWS\system32\config\OSession.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
D:\Documents\BulletProof FTP Server\Bulletproof FTP Server v2.3.1.26 Setup.exe/Stream/data0005	Infected: not-a-virus:Server-FTP.Win32.BulletProof.231	skipped
D:\Documents\BulletProof FTP Server\Bulletproof FTP Server v2.3.1.26 Setup.exe/Stream	Infected: not-a-virus:Server-FTP.Win32.BulletProof.231	skipped
D:\Documents\BulletProof FTP Server\Bulletproof FTP Server v2.3.1.26 Setup.exe	Inno: infected - 2	skipped
D:\Documents\donnees\emule finish\Vista Transformation Pack 6.0.exe/WISE0030.BIN	Infected: not-a-virus:RiskTool.Win32.CloseApp.a	skipped
D:\Documents\donnees\emule finish\Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN	Infected: not-a-virus:RiskTool.Win32.CloseApp.a	skipped
D:\Documents\donnees\emule finish\Vista Transformation Pack 6.0.exe/WISE0053.BIN	Infected: not-a-virus:RiskTool.Win32.CloseApp.a	skipped
D:\Documents\donnees\emule finish\Vista Transformation Pack 6.0.exe	WiseSFX: infected - 3	skipped
D:\Documents\Downloads\kf15b3.zip/keyfinder.exe/data.rar/xpkey.exe	Infected: not-a-virus:PSWTool.Win32.RAS.g	skipped
D:\Documents\Downloads\kf15b3.zip/keyfinder.exe/data.rar/officekey.exe	Infected: not-a-virus:PSWTool.Win32.RAS.a	skipped
D:\Documents\Downloads\kf15b3.zip/keyfinder.exe/data.rar	Infected: not-a-virus:PSWTool.Win32.RAS.a	skipped
D:\Documents\Downloads\kf15b3.zip/keyfinder.exe	Infected: not-a-virus:PSWTool.Win32.RAS.a	skipped
D:\Documents\Downloads\kf15b3.zip	ZIP: infected - 4	skipped
D:\Documents\Mirc\mirc62.exe/stream/data0006	Infected: not-a-virus:Client-IRC.Win32.mIRC.62	skipped
D:\Documents\Mirc\mirc62.exe/stream	Infected: not-a-virus:Client-IRC.Win32.mIRC.62	skipped
D:\Documents\Mirc\mirc62.exe	NSIS: infected - 2	skipped
D:\Documents\Nero 7.9.6.0 FR\Nero-8.2.8.0_eng_update.exe/Toolbar.exe	Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm	skipped
D:\Documents\Nero 7.9.6.0 FR\Nero-8.2.8.0_eng_update.exe	7-Zip: infected - 1	skipped
D:\Documents\Nero 7.9.6.0 FR\Nero-8.2.8.0_fra_update.exe/Toolbar.exe	Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm	skipped
D:\Documents\Nero 7.9.6.0 FR\Nero-8.2.8.0_fra_update.exe	7-Zip: infected - 1	skipped
D:\Documents\setupinfo.exe/Settings\YazzleBundle-1488.exe/data0002	Infected: Trojan-Downloader.Win32.PurityScan.dc	skipped
D:\Documents\setupinfo.exe/Settings\YazzleBundle-1488.exe	Infected: Trojan-Downloader.Win32.PurityScan.dc	skipped
D:\Documents\setupinfo.exe	InstallCreator: infected - 2	skipped
D:\Documents\setupinfo.exe	UPX: infected - 2	skipped
D:\linux\home\CreditWizard\Credit-wizard.exe	Infected: not-virus:Hoax.Win32.CardGen.f	skipped
D:\linux\home\CreditWizard.zip/Credit-wizard.exe	Infected: not-virus:Hoax.Win32.CardGen.f	skipped
D:\linux\home\CreditWizard.zip	ZIP: infected - 1	skipped
D:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
S:\IMGB79.tmp	Object is locked	skipped
S:\Perflib_Perfdata_6a8.dat	Object is locked	skipped
S:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
S:\~DF70D3.tmp	Object is locked	skipped

Scan process completed.

[TheGhostRider]

D:\Documents\donnees\emule finish

 

eMule

 

Peut être que tu as chopé une vérole en téléchargeant un truc pas net ...

Modifié le 28 mai 2008 par TheGhostRider