Bonsoir,
Voicla comme prévu le rapport généré par CLEAN demandé par THEGAME:
RAPPORT CLEAN :
16/08/2006 a 2:17:40,42
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
Le rapport AVG en mode sans echec:
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 21:56:04 16/08/2006
+ Résultat de l'analyse:
C:\WINDOWS\system32\b4fm.dll -> Adware.BurnFree : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-1498052220-1128743868-2830388018-1005\Software\Internet Security -> Adware.IntCodec : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Fichiers communs\{301C8B34-0BF3-1036-0816-060607180021}\UnInstall.exe -> Adware.IWantSearch : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP181\A0097230.exe -> Adware.IWantSearch : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Fichiers communs\{301C8B34-0BF3-1036-0816-060607180021}\Bar888.dll -> Adware.Lucky : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP181\A0097229.dll -> Adware.Lucky : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\aimmsn.exe -> Backdoor.Sdbot : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\KHADIJA\Cookies\khadija@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\KARIMA\Cookies\karima@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@ehg-telecomitalia.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@beta.search.live[1].txt -> TrackingCookie.Live : Nettoyé.
C:\Documents and Settings\FARIDA\Cookies\farida@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\KARIMA\Cookies\karima@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\FARIDA\Cookies\farida@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\KARIMA\Cookies\karima@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
C:\Documents and Settings\KARIMA\Cookies\karima@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\KARIMA\Cookies\karima@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\KARIMA\Cookies\karima@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@vegasred[1].txt -> TrackingCookie.Vegasred : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@www.vegasred[1].txt -> TrackingCookie.Vegasred : Nettoyé.
C:\Documents and Settings\FARIDA\Cookies\farida@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\KARIMA\Cookies\karima@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\FARIDA\Cookies\farida@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\KARIMA\Cookies\karima@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\LocalService\Cookies\system@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\KARIMA\Cookies\karima@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\Documents and Settings\KHADIJA\Cookies\khadija@zedo[1].txt -> TrackingCookie.Zedo : Nettoyé.
Fin du rapport
Le nouveau rapport Hikachthis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 00:10:18, on 16/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\El Khomri\Bureau\test.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 7229 bytes
Voilà voilà, encore merci chères internautes.
Et donc la suite?
19 ans.
