[Résolu]Portable infecté

[Deltaplaneur]

Bonjour

le portable de ma copine est infecté.

J'ai suivi la procédure décrite au début et voilà le rapport Hijack

 

 

Logfile of HijackThis v1.99.1

Scan saved at 17:23:04, on 05/07/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\msiexec.exe

C:\WINDOWS\system32\slserv.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\drivers\Icon.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\wollmann\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...&key=SEARCH

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\drivers\Icon.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun

O4 - HKLM\..\Run: [sans Espions] "C:\Program Files\SinEspias\No-Spy.exe" /autorun

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe

O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe

O4 - HKCU\..\Run: [LDM] \Program\

O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C0F43C05-FD23-424E-9ADA-9C6E3E3676E8}: NameServer = 212.27.32.5,212.228.0.168

O18 - Protocol: bw+0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {8CC7770F-D981-4F26-AD9E-EAF9F338457D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

 

 

 

 

Merci par avance pour votre aide$

Stéphane

Modifié le 10 juillet 2006 par Deltaplaneur

[Deltaplaneur]

Je rajoute le rapport Antivir au cas ou

 

 

 

AntiVir PersonalEdition Classic

Report file date: mercredi 5 juillet 2006 16:03

 

Scanning for 445279 virus strains and unwanted programs.

 

Licensed to: AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (Service Pack 1) [5.1.2600]

Username: wollmann

Computer name: MIETTE

 

Version informations:

AVSCAN.EXE : 7.0.0.42 557096 05/07/2006 10:17:41

AVSCAN.DLL : 7.0.0.42 53288 05/07/2006 10:17:41

LUKE.DLL : 7.0.0.42 118824 05/07/2006 10:17:43

LUKERES.DLL : 7.0.0.42 25640 05/07/2006 10:17:43

ANTIVIR0.VDF : 6.35.0.1 7371264 05/07/2006 10:17:40

ANTIVIR1.VDF : 6.35.0.147 700928 05/07/2006 10:17:40

ANTIVIR2.VDF : 6.35.0.148 2048 05/07/2006 10:17:40

ANTIVIR3.VDF : 6.35.0.149 2048 05/07/2006 10:17:40

AVEWIN32.DLL : 7.1.0.19 1544704 05/07/2006 10:17:40

AVPREF.DLL : 7.0.0.1 49192 05/07/2006 10:17:41

AVREP.DLL : 6.35.0.85 696360 05/07/2006 10:17:41

AVRPBASE.DLL : 7.0.0.0 2162728 05/07/2006 10:17:41

AVPACK32.DLL : 7.1.0.1 335912 05/07/2006 10:17:41

AVREG.DLL : 6.31.0.90 27688 05/07/2006 10:17:41

NETNT.DLL : 6.32.0.0 6696 05/07/2006 10:17:43

NETNW.DLL : 6.32.0.0 9768 05/07/2006 10:17:43

RCIMAGE.DLL : 7.0.0.71 1642536 05/07/2006 10:17:44

RCTEXT.DLL : 7.0.0.75 77864 05/07/2006 10:17:44

 

Configuration settings for the scan:

Jobname: '%s'.................: Manual Selection

Configuration file............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp

Boot sectors..................: C

Scan memory...................: 1

Process scan..................: 1

Scan all files................: 1

Scan archives.................: 1

Recursion depth...............: 20

Smart extensions..............: 1

Skipped archive types.........: 1000,1001,1002,1003,1004,

Macro heuristic...............: 1

File heuristic................: 2

Primary action................: 1

Secondary action..............: 0

 

Start of the scan: mercredi 5 juillet 2006 16:03

 

 

The scan over running processes will be started

13 Processes was scanned

 

Start scanning boot sectors:

 

Boot sector 'C:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( 24 files ).

 

 

Starting the file scan:

 

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\wollmann\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\wollmann\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\wollmann\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\wollmann\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030289.exe

[DETECTION] Is the Trojan horse TR/Dldr.Zlob.GK.1

[iNFO] The file was deleted!

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030320.exe

[DETECTION] Is the Trojan horse TR/Dldr.VB.abm.7

[iNFO] The file was deleted!

C:\WINDOWS\system32\bayay.tmp

[WARNING] The file could not be opened!

C:\WINDOWS\system32\regperf.exe

[DETECTION] Is the Trojan horse TR/Drop.Zlob.HB

[iNFO] The file was deleted!

C:\WINDOWS\system32\winexi32.dll

[DETECTION] Is the Trojan horse TR/PCK.Klone.G.5

[WARNING] The file could not be deleted!

C:\WINDOWS\system32\config\DEFAULT

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SOFTWARE

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SYSTEM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\etc\1.hosts

[DETECTION] Is the Trojan horse TR/NoAvHost.A

[iNFO] The file was deleted!

C:\WINDOWS\system32\drivers\etc\2.hosts

[DETECTION] Is the Trojan horse TR/NoAvHost.A

[iNFO] The file was deleted!

C:\WINDOWS\system32\drivers\etc\3.hosts

[DETECTION] Is the Trojan horse TR/NoAvHost.A

[iNFO] The file was deleted!

C:\WINDOWS\system32\drivers\etc\hosts

[DETECTION] Is the Trojan horse TR/NoAvHost.A

[iNFO] The file was deleted!

C:\WINDOWS\system32\drivers\etc\hosts.20050514-125051.backup

[DETECTION] Is the Trojan horse TR/NoAvHost.A

[iNFO] The file was deleted!

C:\WINDOWS\system32\drivers\etc\hosts.20050623-204917.backup

[DETECTION] Is the Trojan horse TR/NoAvHost.A

[iNFO] The file was deleted!

 

 

End of the scan: mercredi 5 juillet 2006 17:12

Used time: 1:08:25 min

 

The scan has been done completely.

 

4928 Scanning directories

215011 Files were scanned

10 viruses and/or unwanted programs was found

9 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

8126 Archives were scanned

20 Warnings

2 Notes

[bruce lee]

Bonjour,

 

analyse en cours, retour dans 15 minutes

[bruce lee]

re,

 

 

 

1/Télécharge http://www.ewido.net/en/download/ Ewido anti-spyware

 

Lance Ewido et clique sur le bouton Update (barre d'outils - au haut). Sous Manual Update clique Start update.

 

Tu verras ceci juste au bas, lorsque la mise à jour sera complétée : "Update successful"

 

Ferme Ewido. Ne pas le lancer tout de suite.

 

 

 

2/demarre en mode sans echec http://www.sosordi.net/Faq/Faq.2.html

 

3/

demarrer/panneau de configuration/ajouts et suppresions de programmes et verifie la presence de:

 

SinEspias

 

si ce programme est present desinstalle le.

 

 

4/lance hijackthis en cliquant sur do a scan system only coche ces lignes:

 

O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\drivers\Icon.exe

O4 - HKLM\..\Run: [sin Espias] C:\Program Files\SinEspias\No-Spy.exe /autorun

O4 - HKLM\..\Run: [sans Espions] "C:\Program Files\SinEspias\No-Spy.exe" /autorun

toutes les lignes 018

 

 

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked

 

 

5/pour supprimer les fichiers nefastes on va tous les afficher en faisant comme ceci:

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

 

6/supprime ce qui est en gras:

 

C:\WINDOWS\system32\drivers\ Icon.exe<== le fichier

C:\Program Files\ SinEspias<== tout le dossier

 

 

7/ Du mode Sans Échec, lance Ewido et clique sur le bouton Scanner (de la barre d'outils) et ensuite clique sur Complete System Scan. Le scan prendra un certain temps, donc sois patient.

 

Ewido affichera une liste des fichiers détectés, sur la gauche. En fin de scan, l'outil appliquera les "Actions" à appliquer automatiquement. Clique sur le bouton Apply all actions. Ewido affichera "All actions have been applied" du côté droit.

 

Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit sûr (sur ton Bureau, par exemple).

 

 

8/redemarre en mode normal

 

9/poste le rapport d'ewido ainsi qu'un nouveau log hijackthis.

 

bon courage, et si tu as la moindre question n'hesite surtout pas

 

@+

[Deltaplaneur]

Bonjour Bruce

Voilà les rapports avec un peu de retard.Désolé.

 

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 18:24:30 06/07/2006

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030319.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\WINDOWS\system32\hggfgdd.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).

C:\Documents and Settings\wollmann\Local Settings\Temporary Internet Files\Content.IE5\261W9A89\drsmartload_js[1].htm -> Downloader.IstBar.j : Cleaned with backup (quarantined).

C:\Documents and Settings\wollmann\Local Settings\Temporary Internet Files\Content.IE5\5CHXNTLV\WinAntiVirusPro2006FreeInstall_fr[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Ignored.

:mozilla.37:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.39:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\wollmann\Cookies\wollmann@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.18:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.154:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.

C:\Documents and Settings\wollmann\Cookies\wollmann@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.

:mozilla.143:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.144:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Com : Cleaned.

C:\Documents and Settings\wollmann\Cookies\wollmann@com[1].txt -> TrackingCookie.Com : Cleaned.

:mozilla.62:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.28:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Estat : Cleaned.

C:\Documents and Settings\wollmann\Cookies\wollmann@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.

:mozilla.58:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.59:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.60:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.61:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\wollmann\Cookies\wollmann@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.14:C:\Documents and Settings\wollmann\Application Data\Mozilla\Firefox\Profiles\cqevl69y.default\cookies.txt -> TrackingCookie.Weborama : Cleaned.

 

 

::Report end

 

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 18:40:19, on 06/07/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\msiexec.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\hkcmd.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\The Cleaner\tca.exe

C:\Program Files\The Cleaner\tcm.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\POP Peeper\POPPeeper.exe

C:\Documents and Settings\wollmann\Bureau\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...&key=SEARCH

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe

O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [LDM] \Program\

O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm

O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{C0F43C05-FD23-424E-9ADA-9C6E3E3676E8}: NameServer = 212.27.32.5,212.228.0.168

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

 

 

 

Merci pour ton aide

Stéphane

[bruce lee]

Bonjour,

 

ton rapport est propre, beau travail

 

Fais un scan en ligne avec http://webscanner.kaspersky.fr/

 

Sous Démonstration en ligne , on t'explique la marche à suivre , et pour lancer le scan il faut sélectionner Exécuter l'analyse en ligne .Le scan ne marche que sous Internet Explorer.

On va te demander de télécharger un contôle active x, accepte .

Dans le menu Choisissez la cible de l'analyse , sélectionne Poste de travail .

Le scan va commencer.Poste le rapport qui sera généré stp.

 

Si il y a un problème, assure toi que les contrôles active x sont bien configurés dans les options internet comme

 

décrit sur ce lien=> http://www.inoculer.com/activex.php3

 

@+

[Deltaplaneur]

Voilà le rapport Kasperssky

 

Jeudi 6 juillet 2006 20:02:27

Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)

Version de Kaspersky On-line Scanner: 5.0.78.0

Dernière mise à jour de la base antivirus Kaspersky : 6/07/2006

Enregistrements dans la base antivirus Kaspersky : 193019

Paramètres d'analyse

Analyser avec la base antivirus suivante standard

Analyser les archives vrai

Analyser les bases de messagerie. vrai

Cible de l'analyse Poste de travail

C:\

D:\

F:\

G:\

H:\

Statistiques de l'analyse

Total d'objets analysés : 61620

Nombre de virus trouvés 2

Nombre d'objets infectés 47

Nombre d'objets suspects 0

Durée de l'analyse 00:58:59

 

Nom de l'objet infecté Nom du virus Dernière action

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030269.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030270.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030272.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030273.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030274.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030275.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030276.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030277.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030278.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030279.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030280.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030281.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030282.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030283.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030284.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030285.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030287.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030288.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030290.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030291.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030292.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030293.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030294.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030295.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030296.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030297.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030299.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030300.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030301.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030302.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030303.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030304.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030305.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030306.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030307.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030308.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030310.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030311.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030312.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030313.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030314.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030315.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030316.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030317.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030318.exe Infecté: Packed.Win32.Klone.g ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030322.exe Infecté: Trojan-Downloader.Win32.Zlob.wn ignoré

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP240\A0030403.dll Infecté: Packed.Win32.Klone.g ignoré

Analyse terminé

[bruce lee]

re,

 

suis les instructions de ce lien http://www.libellules.ch/desactiver_restauration.php et refais un nouveau scan en ligne et poste le nouveau rapport

 

@+

[Deltaplaneur]

Désolé je n'ai pas de rapport à poster car il est vide

Merci beaucoup et dit moi comment on fait pour reposter le titre avec "résolu" de marquer

Stéphane

[bruce lee]

re,

 

réactive ta restauration de systeme http://www.libellules.ch/desactiver_restauration.php

 

As tu encore des problemes?

 

Si tu n'as pu de problemes pense a mettre la question en resolu, pour se faire tu edites ton

titre (premier message) et tu mets devant [résolu]