Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

hijackthis

max26101992

Par max26101992
dans Analyses et éradication malwares

 Partager

Messages recommandés

max26101992 Member

max26101992

Posté(e)
Posté(e)

bonjour je suis infecter par des multiple trojan que mon AV ne semble pas pouvoir suprimer je vous poste mon rapport hijackthis:

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:26:59, on 26/09/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\Program Files\ICQ6Toolbar\ICQ Service.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\WINDOWS\vsnpstd.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\Documents and Settings\maxime cottin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\ICQ6\ICQ.exe

C:\Program Files\Belkin\Bluetooth Software\BTTray.exe

C:\Program Files\Uniblue\LocalCooling\localcooling2.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Desktop Search\WindowsSearchIndexer.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Windows Desktop Search\WindowsSearchFilter.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe

C:\Documents and Settings\maxime cottin\Bureau\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://configuration.adsl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)

R3 - URLSearchHook: (no name) - - (no file)

R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

F2 - REG:system.ini: Shell=Explorer.exe

O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [smoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Wspi] C:\Program Files\Wspi\Wspi.exe

O4 - HKLM\..\RunOnce: [spybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\maxime cottin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [iCQ] "C:\Program Files\ICQ6\ICQ.exe" silent

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: LocalCooling.lnk = C:\Program Files\Uniblue\LocalCooling\localcooling2.exe

O4 - Startup: Secunia PSI (RC3).lnk = C:\Program Files\Secunia\PSI (RC3)\psi.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\msntb.dll/search.htm

O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Crux P2P\Plugins\RazaWebHook.dll/3000

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

 

--

End of file - 13798 bytes

 

 

 

 

merci d'avance :P

pear Devil Member !

pear

Posté(e)
Posté(e) (modifié)

Bonjour,

 

je suis infecter par des multiple trojan que mon AV ne semble pas pouvoir suprimer je vous poste mon rapport hijackthis:

 

Postez le rapport Antivir, svp.

 

Vous utilisez Yahoo comme moteur de recherche, mais vous avez aussi les toolbars Google et Icq.

Il n'en faut qu'une.

Modifié par pear
max26101992 Member

max26101992

Posté(e)
  • Auteur
Posté(e) (modifié)

ba j'utilise yahoo pour le traducteur et leur antispyware et google pour la recherche se n'est pas bon???

 

vous voulez le rapport de qu'elle antivirus

je fait actuelement un scan en ligne avec panda et je scan avec malwarebyte antivir et spybot

 

 

 

(pour le rapport de antivir je fais comment pour le récupérer :-s

Modifié par max26101992
max26101992 Member

max26101992

Posté(e)
  • Auteur
Posté(e)

Avira AntiVir Personal

Report file date: vendredi 26 septembre 2008 14:20

 

Scanning for 1643726 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: YOUR-6FBB7B0EF0

 

Version information:

BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15

ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 16:54:27

ANTIVIR3.VDF : 7.0.6.213 446464 Bytes 25/09/2008 17:31:12

Engineversion : 8.1.1.35

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21

AESCRIPT.DLL : 8.1.0.76 319867 Bytes 18/09/2008 17:04:32

AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49

AERDL.DLL : 8.1.1.2 438644 Bytes 18/09/2008 17:04:31

AEPACK.DLL : 8.1.2.3 364918 Bytes 25/09/2008 17:31:14

AEOFFICE.DLL : 8.1.0.25 196986 Bytes 18/09/2008 17:04:28

AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18/09/2008 17:04:27

AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48

AEGEN.DLL : 8.1.0.36 315764 Bytes 05/09/2008 20:04:26

AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21

AECORE.DLL : 8.1.1.11 172406 Bytes 05/09/2008 20:04:25

AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 05/09/2008 20:04:24

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: vendredi 26 septembre 2008 14:20

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avwsc.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'WindowsSearchFilter.exe' - '1' Module(s) have been scanned

Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned

Scan process 'WindowsSearchIndexer.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned

Scan process 'localcooling2.exe' - '1' Module(s) have been scanned

Scan process 'BTTray.exe' - '1' Module(s) have been scanned

Scan process 'ICQ.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned

Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'CFSServ.exe' - '1' Module(s) have been scanned

Scan process 'vsnpstd.exe' - '1' Module(s) have been scanned

Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned

Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned

Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned

Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned

Scan process 'TFncKy.exe' - '1' Module(s) have been scanned

Scan process 'SmoothView.exe' - '1' Module(s) have been scanned

Scan process 'TvsTray.exe' - '1' Module(s) have been scanned

Scan process 'NDSTray.exe' - '1' Module(s) have been scanned

Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned

Scan process 'Toshiba.exe' - '1' Module(s) have been scanned

Scan process 'THotkey.exe' - '1' Module(s) have been scanned

Scan process 'agrsmmsg.exe' - '1' Module(s) have been scanned

Scan process 'ltmoh.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'ehmsas.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'ehtray.exe' - '1' Module(s) have been scanned

Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned

Scan process 'X10nets.exe' - '1' Module(s) have been scanned

Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned

Scan process 'ICQ Service.exe' - '1' Module(s) have been scanned

Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned

Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned

Scan process 'btwdins.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

68 processes with 68 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '81' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ProGroupProRat.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to '494bd4a3.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RevealerKeylogger3.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to '4952d49b.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyHunter14.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The detection was classified as suspicious.

[NOTE] The file was moved to '4955d4ac.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpyHunter21.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The detection was classified as suspicious.

[WARNING] The file was ignored!

C:\Documents and Settings\maxime cottin\Bureau\ProRat_v1.9_SE\ProRat_v1.9\ProRat.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Prorat.ae.23 back-door program

[WARNING] The file was ignored!

C:\Documents and Settings\maxime cottin\Mes documents\WoW-2.0.0-frFR-Installer\DirectX\dxnt.cab

[0] Archive type: CAB (Microsoft)

--> ddraw.dll

[WARNING] No further files can be extracted from this archive. The archive will be closed

C:\WINDOWS\system32\fservice.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Prorat.ae.23 back-door program

[NOTE] The file was moved to '4941e98d.qua'!

C:\WINDOWS\system32\lncom.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Prorat.ae.23 back-door program

[NOTE] The file was moved to '493fe9b2.qua'!

C:\WINDOWS\system32\lncom_.exe

[DETECTION] Contains recognition pattern of the BDC/Prorat.19.P back-door client

[NOTE] The file was moved to '493fe9bf.qua'!

C:\WINDOWS\system32\server.exe

[DETECTION] Contains a recognition pattern of the (harmful) BDS/Prorat.19.I back-door program

[NOTE] The file was moved to '494eea2b.qua'!

 

 

End of the scan: vendredi 26 septembre 2008 16:01

Used time: 1:41:05 Hour(s)

 

The scan has been done completely.

 

9332 Scanning directories

262405 Files were scanned

5 viruses and/or unwanted programs were found

4 Files were classified as suspicious:

0 files were deleted

0 files were repaired

7 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

262394 Files not concerned

10148 Archives were scanned

5 Warnings

8 Notes

 

 

 

voila :P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...