Version anglaiseVersion espagnoleVersion françaiseInscrivez-vous, c'est gratuit ! (mot de passe oublié)
- Mardi 2 décembre 2008 - 03:29:31
- inscrits : 1089724
- connectés : 13867
- questions/jour : 4911
- Taux de réponse : 74.63%
Plateformes d'assistanceDiscussions & Opinions des Communautés
|
|
|
|
Statut : Non résolu
Aide pour enlever Xp Antivirus 2008
michou214, le vendredi 13 juin 2008 à 12:11:18Bonjour,
Est-ce que vous pourriez m'aider a enlever Xp Antivirus 2008.
J'ai deja regarder comment on pouvait faire pour l'enlever mais il n'est pas encore parti.
Les methodes que j'ai essaier sont:
Afficher les fichiers caché. Redemmarre en mode sans echec. Supprimer les fichiers de Xp Antivirus 2008 apres avoir lancer une recherche.
En utilisant RogueRemover mais ca n'a pas focntionner.
Est-ce qu'il y a une autre solution?
Merci beaucoup.
Est-ce que vous pourriez m'aider a enlever Xp Antivirus 2008.
J'ai deja regarder comment on pouvait faire pour l'enlever mais il n'est pas encore parti.
Les methodes que j'ai essaier sont:
Afficher les fichiers caché. Redemmarre en mode sans echec. Supprimer les fichiers de Xp Antivirus 2008 apres avoir lancer une recherche.
En utilisant RogueRemover mais ca n'a pas focntionner.
Est-ce qu'il y a une autre solution?
Merci beaucoup.
Configuration: Windows XP Internet Explorer 7.0
Salut,
XP antivirus 2008 est un Virus. As tu un antivirus et un Antispyware ? | ...A consommer sans modération... | |
slt,
télécharge combofix (par sUBs) ici : http://download.bleepingcomputer.com/sUBs/ComboFix.exe et enregistre le sur le bureau. déconnecte toi d'internet et ferme toutes tes applications. désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) double-clique sur combofix.exe et suis les instructions à la fin, il va produire un rapport C:\ComboFix.txt réactive ton parefeu, ton antivirus, la garde de ton antispyware copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. Tu as un tutoriel complet ici : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix ___________ colle un rapport hijackthis http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download manuel : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo. ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste Ensuite avec Explorer créer un dossier c:\hijackthis Décompresser Hijackthis dans ce dossier. C'est important pour les sauvegardes.
|
Ok je vais vite le faire et dans mon prochain poste je mets les rapports. |
Bonjour.
Precision je suis sur mon portable et c'est mon ordi fixe qui a le probleme ^d'XP Antivirus. Voila j'ai fait ce qu'il fallait avec combofix mais j'ai eu un probleme. Je vais decrire ce qui s'est passé. J'ai bien tout fermer les pare feux, etc et j'ai lancer comboFix. Arriver a l'etape ou il redemmarre l'ordi, il a buguer. J'ai donc eteins moi meme l'ordi puis rallumer. L'ordinateur s'allumait correctement (mais pas encore toutes les fonctions pretes) et comboFix est reapparu mais il ne bougeait plus. L'ordi a buguer a ce moment la. Je l'ai donc redemarrer et la un probleme est survenu. Un fichier de windows etait endommager. Voila le nouveau probleme. Pour le reparer il me dise qu'il faut reinstaller le fichier mais je n'ose pas tout trafficoter dans le systeme de windows. Vous pourriez m'aider parce que l'ordi ne fonctionne plus. (Si il le faut je peux dire quel est le fichier manquant) Merci beaucoup.
|
bonjour je suis plutot novice je sais pas comment me debarasser d'xp antivirus , |
Slt yv yv
commences par passer et nettoyer avec malwarebytes et dit ce qu' il a trouvé http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php |
ComboFix 08-09-22.03 - Yves RUINAT 2008-09-23 19:20:58.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.224 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Yves RUINAT\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\exefld C:\WINDOWS\system32\ban_list.txt C:\WINDOWS\winhelp.ini D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 )))))))))))))))))))))))))))))))))))) . 2008-09-23 19:13 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys 2008-09-23 19:12 . 2001-08-23 17:47 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll 2008-09-23 19:11 . 2001-08-23 17:46 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll 2008-09-23 19:10 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll 2008-09-23 19:09 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-09-23 19:08 . 2008-04-14 04:07 2,067,968 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-09-23 19:07 . 2002-08-30 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-09-23 19:06 . 2002-08-30 14:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex 2008-09-23 19:05 . 2002-08-30 14:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll 2008-09-23 19:04 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll 2008-09-23 19:03 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys 2008-09-23 19:02 . 2002-08-30 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll 2008-09-23 19:01 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys 2008-09-23 19:00 . 2001-08-23 17:46 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll 2008-09-23 18:59 . 2008-09-23 19:13 <REP> d-------- C:\WINDOWS\LastGood 2008-09-23 18:39 . 2008-09-23 18:45 74,505 --a------ C:\Program Files\Zeb-Restore.zip 2008-09-23 18:21 . 2008-09-23 18:21 4,627,688 --a------ C:\Program Files\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe 2008-09-23 09:59 . 2008-09-23 10:00 <REP> d-------- C:\Program Files\SAV 2008-09-23 09:59 . 2008-09-23 09:59 125,956 --a------ C:\WINDOWS\system32\msxml71.dll 2008-09-23 08:53 . 2008-09-23 09:41 <REP> d-------- C:\Program Files\NOS 2008-09-23 08:53 . 2008-09-23 09:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-09-12 18:03 . 2008-09-12 18:03 1,409 --a------ C:\WINDOWS\system32\tmpDD232.FOT 2008-08-28 19:53 . 2008-08-28 19:53 <REP> d-------- C:\WINDOWS\system32\fr 2008-08-28 19:53 . 2008-08-28 19:53 <REP> d-------- C:\WINDOWS\l2schemas 2008-08-27 19:45 . 2008-04-14 04:31 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-08-27 19:44 . 2008-04-14 04:33 651,264 --------- C:\WINDOWS\system32\dot3ui.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-23 06:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-09-23 06:19 --------- d-----w C:\Program Files\HOTALBUMMyBOX 2008-09-16 17:21 --------- d-----w C:\Program Files\POB13_la_mer 2008-09-16 16:57 --------- d-----w C:\Program Files\POB14_peint 2008-09-12 17:51 --------- d-----w C:\Program Files\McAfee 2008-08-13 17:59 15,172 ----a-w C:\WINDOWS\system32\drivers\PzWDM.sys 2008-08-13 17:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-13 17:59 --------- d-----w C:\Program Files\CASIO 2008-08-04 17:21 --------- d-----w C:\Program Files\Sun 2008-08-04 17:20 --------- d-----w C:\Program Files\Java 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-03-09 12:50 59,163,944 ----a-w C:\Program Files\iTunesSetup.exe 2008-01-26 12:07 14,647,309 ----a-w C:\Program Files\x-3gp-video-converter.exe 2007-11-19 19:04 87,608 ----a-w C:\Documents and Settings\Yves RUINAT\Application Data\ezpinst.exe 2007-11-19 19:04 47,360 ----a-w C:\Documents and Settings\Yves RUINAT\Application Data\pcouffin.sys 2005-04-28 17:22 7,741,352 ----a-w C:\Program Files\DivX521XP2K.exe 2005-03-28 12:29 299,352 ----a-w C:\Program Files\Windows-KB890830-V1.2-FRA.exe 2005-03-19 08:34 2,197,663 ----a-w C:\Program Files\VELUXCADCH_FR.exe 2005-04-28 17:22 56 --sh--r C:\WINDOWS\system32\B984232DD5.sys 2007-03-17 14:21 11,690 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "SsAAD.exe"="C:\PROGRA~1\sony\SONICS~1\SsAAD.exe" [2006-11-02 472632] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-31 68856] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 40960] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872] "IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-03-05 36904] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SsAAD.exe"="C:\PROGRA~1\sony\SONICS~1\SsAAD.exe" [2006-11-02 472632] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048] "RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088] "MBBalloon"="C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe" [2007-11-30 789144] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Antivirus"="C:\Program Files\SAV\sav.exe" [2008-09-23 404992] "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 C:\WINDOWS\AGRSMMSG.exe] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD+DVD] --------- 2003-06-23 15:33 1171456 C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 31435] R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 32232] R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-08-13 15172] R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 9939] R2 as260n;as260n;C:\WINDOWS\system32\drivers\as260n.sys [1997-12-31 176352] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [ ] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344] S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [ ] S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [ ] S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys [2003-05-30 39996] S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c35aefa-a3d0-11da-a200-4d6564696130}] \Shell\AutoRun\command - G:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6434ee5e-af9e-11dc-a66d-000c6e7950d7}] \Shell\AutoRun\command - H:\InstallTomTomHOME.exe . Contenu du dossier 'Tâches planifiées' . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-Microsoft--Updates - sxvhost.exe HKLM-RunServices-Microsoft--Updates - sxvhost.exe HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe SSODL-Web Event Logger-{79FEACFF-FFCE-815E-A900-316290B5B738} - (no file) . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\Yves RUINAT\Application Data\Mozilla\Firefox\Profiles\napn00h4.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.free.fr/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-23 19:24:20 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** . Heure de fin: 2008-09-23 19:28:04 ComboFix-quarantined-files.txt 2008-09-23 17:27:00 Avant-CF: 10ÿ451ÿ492ÿ864 octets libres Après-CF: 10,926,366,720 octets libres 169 --- E O F --- 2008-09-09 18:22:12 |
ComboFix 08-09-22.03 - Yves RUINAT 2008-09-23 19:20:58.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.224 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Yves RUINAT\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\exefld C:\WINDOWS\system32\ban_list.txt C:\WINDOWS\winhelp.ini D:\Autorun.inf . ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-23 au 2008-09-23 )))))))))))))))))))))))))))))))))))) . 2008-09-23 19:13 . 2001-08-17 21:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys 2008-09-23 19:12 . 2001-08-23 17:47 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll 2008-09-23 19:11 . 2001-08-23 17:46 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll 2008-09-23 19:10 . 2001-08-23 17:47 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll 2008-09-23 19:09 . 2001-08-23 17:18 899,914 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-09-23 19:08 . 2008-04-14 04:07 2,067,968 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-09-23 19:07 . 2002-08-30 14:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex 2008-09-23 19:06 . 2002-08-30 14:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex 2008-09-23 19:05 . 2002-08-30 14:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll 2008-09-23 19:04 . 2001-08-23 17:46 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll 2008-09-23 19:03 . 2001-08-17 20:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys 2008-09-23 19:02 . 2002-08-30 14:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll 2008-09-23 19:01 . 2001-08-17 21:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys 2008-09-23 19:00 . 2001-08-23 17:46 382,592 --a--c--- C:\WINDOWS\system32\dllcache\atidrab.dll 2008-09-23 18:59 . 2008-09-23 19:13 <REP> d-------- C:\WINDOWS\LastGood 2008-09-23 18:39 . 2008-09-23 18:45 74,505 --a------ C:\Program Files\Zeb-Restore.zip 2008-09-23 18:21 . 2008-09-23 18:21 4,627,688 --a------ C:\Program Files\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe 2008-09-23 09:59 . 2008-09-23 10:00 <REP> d-------- C:\Program Files\SAV 2008-09-23 09:59 . 2008-09-23 09:59 125,956 --a------ C:\WINDOWS\system32\msxml71.dll 2008-09-23 08:53 . 2008-09-23 09:41 <REP> d-------- C:\Program Files\NOS 2008-09-23 08:53 . 2008-09-23 09:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS 2008-09-12 18:03 . 2008-09-12 18:03 1,409 --a------ C:\WINDOWS\system32\tmpDD232.FOT 2008-08-28 19:53 . 2008-08-28 19:53 <REP> d-------- C:\WINDOWS\system32\fr 2008-08-28 19:53 . 2008-08-28 19:53 <REP> d-------- C:\WINDOWS\l2schemas 2008-08-27 19:45 . 2008-04-14 04:31 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2008-08-27 19:44 . 2008-04-14 04:33 651,264 --------- C:\WINDOWS\system32\dot3ui.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-23 06:58 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-09-23 06:19 --------- d-----w C:\Program Files\HOTALBUMMyBOX 2008-09-16 17:21 --------- d-----w C:\Program Files\POB13_la_mer 2008-09-16 16:57 --------- d-----w C:\Program Files\POB14_peint 2008-09-12 17:51 --------- d-----w C:\Program Files\McAfee 2008-08-13 17:59 15,172 ----a-w C:\WINDOWS\system32\drivers\PzWDM.sys 2008-08-13 17:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-13 17:59 --------- d-----w C:\Program Files\CASIO 2008-08-04 17:21 --------- d-----w C:\Program Files\Sun 2008-08-04 17:20 --------- d-----w C:\Program Files\Java 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-03-09 12:50 59,163,944 ----a-w C:\Program Files\iTunesSetup.exe 2008-01-26 12:07 14,647,309 ----a-w C:\Program Files\x-3gp-video-converter.exe 2007-11-19 19:04 87,608 ----a-w C:\Documents and Settings\Yves RUINAT\Application Data\ezpinst.exe 2007-11-19 19:04 47,360 ----a-w C:\Documents and Settings\Yves RUINAT\Application Data\pcouffin.sys 2005-04-28 17:22 7,741,352 ----a-w C:\Program Files\DivX521XP2K.exe 2005-03-28 12:29 299,352 ----a-w C:\Program Files\Windows-KB890830-V1.2-FRA.exe 2005-03-19 08:34 2,197,663 ----a-w C:\Program Files\VELUXCADCH_FR.exe 2005-04-28 17:22 56 --sh--r C:\WINDOWS\system32\B984232DD5.sys 2007-03-17 14:21 11,690 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "SsAAD.exe"="C:\PROGRA~1\sony\SONICS~1\SsAAD.exe" [2006-11-02 472632] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-31 68856] "TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X] "ezShieldProtector for Px"="C:\WINDOWS\System32\ezSP_Px.exe" [2002-08-20 40960] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872] "IntelliType"="C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208] "SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-03-05 36904] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "SsAAD.exe"="C:\PROGRA~1\sony\SONICS~1\SsAAD.exe" [2006-11-02 472632] "mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 582992] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 267048] "RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088] "MBBalloon"="C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe" [2007-11-30 789144] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "Antivirus"="C:\Program Files\SAV\sav.exe" [2008-09-23 404992] "AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 C:\WINDOWS\AGRSMMSG.exe] "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 C:\WINDOWS\system32\Ati2mdxx.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Drag'n Drop CD+DVD] --------- 2003-06-23 15:33 1171456 C:\Program Files\drag'n drop cd+dvd\BinFiles\DragDrop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 Klick;Klick;C:\WINDOWS\system32\drivers\klick.sys [2004-11-19 31435] R0 Klin;Klin;C:\WINDOWS\system32\drivers\klin.sys [2004-11-19 32232] R0 PzWDM;PzWDM;C:\WINDOWS\system32\Drivers\PzWDM.sys [2008-08-13 15172] R1 Klmc;Klmc;C:\WINDOWS\system32\drivers\klmc.sys [2004-11-26 9939] R2 as260n;as260n;C:\WINDOWS\system32\drivers\as260n.sys [1997-12-31 176352] R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\DRIVERS\COMFiltr.sys [ ] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344] S3 ids00026;ids00026;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys [ ] S3 klstm;klstm;C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal\5.0\bases\klstm.sys [ ] S3 Usblink;Usblink Driver;C:\WINDOWS\system32\Drivers\ulink.sys [2003-05-30 39996] S3 VNic;ULan Network Driver Module;C:\WINDOWS\system32\DRIVERS\VNic.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c35aefa-a3d0-11da-a200-4d6564696130}] \Shell\AutoRun\command - G:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6434ee5e-af9e-11dc-a66d-000c6e7950d7}] \Shell\AutoRun\command - H:\InstallTomTomHOME.exe . Contenu du dossier 'Tâches planifiées' . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-Microsoft--Updates - sxvhost.exe HKLM-RunServices-Microsoft--Updates - sxvhost.exe HKU-Default-Run-ALUAlert - C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe SSODL-Web Event Logger-{79FEACFF-FFCE-815E-A900-316290B5B738} - (no file) . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\Yves RUINAT\Application Data\Mozilla\Firefox\Profiles\napn00h4.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.free.fr/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-23 19:24:20 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** . Heure de fin: 2008-09-23 19:28:04 ComboFix-quarantined-files.txt 2008-09-23 17:27:00 Avant-CF: 10ÿ451ÿ492ÿ864 octets libres Après-CF: 10,926,366,720 octets libres 169 --- E O F --- 2008-09-09 18:22:12 |
cré ton propre post |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:16, on 12/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) VOILA MON RAPPORT MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\vVX1000.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - Software - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Win Base 4 Download] C:\Documents and Settings\All Users\Application Data\Browse Dent Win Base\drv online.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [BiAIiRMPle] C:\Documents and Settings\All Users\Application Data\hybenqjg\jqzklidc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O9 - Extra button: (no name) - Software - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.01net.com/telecharger/ O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/... O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/... O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15027/CTPID.cab O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe End of file - 10345 bytes |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:16, on 12/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) VOILA MON RAPPORT MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\vVX1000.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - Software - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Win Base 4 Download] C:\Documents and Settings\All Users\Application Data\Browse Dent Win Base\drv online.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKLM\..\Policies\Explorer\Run: [BiAIiRMPle] C:\Documents and Settings\All Users\Application Data\hybenqjg\jqzklidc.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O9 - Extra button: (no name) - Software - (no file) O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.01net.com/telecharger/ O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/... O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/... O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15027/CTPID.cab O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe End of file - 10345 bytes |
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26:16, on 12/10/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) VOILA MON RAPPORT MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\vVX1000.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - Software - (no file) O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing) O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Prog |