Virus ou pas ??

phil121 Messages postés 9 Statut Membre -  
phil121 Messages postés 9 Statut Membre -
Bonjour,
voici rapport avast semble avoir problemes qu'en pensez vous merci

26/01/2009 22:20:18 1233004818 SYSTEM 2092 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\WINDOWS\system32\Msimtf.dll (C:\WINDOWS\system32\Msimtf.dll) returning error, 0000A413.
27/01/2009 18:49:12 1233078552 SYSTEM 1676 Function setifaceUpdateFiles() has failed. Return code is 0x00000003, dwRes is 00000003.
28/01/2009 17:22:26 1233159746 SYSTEM 1676 Sign of "JS:Redirector-B [Trj]" has been found in "C:\Documents and Settings\Mr\Local Settings\Temporary Internet Files\Content.IE5\DIXKS94V\main[1].css" file.
28/01/2009 17:31:14 1233160274 SYSTEM 1676 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
28/01/2009 17:31:15 1233160275 SYSTEM 1676 An error has occured while attempting to update. Please check the logs.
29/01/2009 01:43:01 1233189781 SYSTEM 1676 Function setifaceUpdateFiles() has failed. Return code is 0x00000003, dwRes is 00000003.
31/01/2009 20:12:50 1233429170 Mr 3408 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll" file.
31/01/2009 20:13:00 1233429180 Mr 3408 Sign of "" has been found in "C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||" file.
31/01/2009 20:25:24 1233429924 Mr 3124 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll" file.
31/01/2009 20:25:34 1233429934 Mr 3124 Sign of "" has been found in "C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||" file.
01/02/2009 10:10:39 1233479439 Mr 384 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll" file.
01/02/2009 10:10:49 1233479449 Mr 384 Sign of "" has been found in "C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||" file.
01/02/2009 10:25:08 1233480308 Mr 3820 Sign of "Rootkit: hidden file" has been found in "C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll" file.
01/02/2009 10:25:17 1233480317 Mr 3820 Sign of "" has been found in "C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\msvcm80.dll||AntiRootkit [FILE]|||100000|0|2|COO1||COO2||" file.
Configuration: Windows XP
Internet Explorer 7.0

14 réponses

  1. Utilisateur anonyme
     
    bonjour

    HijackThis

    • Télécharger HijackThis
    • Installer HijackThis en se laissant guider (Accepter le répertoire proposé sans rien changer)
    • Fermer HijackThis
    • Télécharger sur le bureau HJTNew (Si le Pare-Feu ou l'Anti-virus se manifeste, Ignorer)
    • Fermer toutes les applications
    • Se débrancher d'Internet (Enlever le cable, c'est encore la meilleure solution)
    • Lancer HJTNew.exe (Si le Pare-Feu ou l'Anti-virus se manifeste, Ignorer)
    Ne pas s'étonner pour HJTNew, rien ne s'affiche, juste une fenêtre qui s'ouvre et se ferme aussitôt. C'est normal.
    • Click sur Do a system scan and save a logfile
    • Copier/Coller le rapport dans le prochain message
    • Supprimer HJTNew.exe (sinon l'Anti-virus risque de se manifester souvent) puis
    • Attendre les instructions

    Clic sur le lien.

    http://www.commentcamarche.net/telecharger/telechargement 159 hijackthis
    0
  2. phil121 Messages postés 9 Statut Membre
     
    bonjour et merci voici le rapport

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:17:17, on 01/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\MonJack.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lci.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1216823270396&h=68c1922164d76720db65da1992d1cb34/&filename=jinstall-6u7-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{353F95A1-0D4F-4779-B1A2-5289A0554AFE}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\..\{353F95A1-0D4F-4779-B1A2-5289A0554AFE}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS2\Services\Tcpip\..\{353F95A1-0D4F-4779-B1A2-5289A0554AFE}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS3\Services\Tcpip\..\{353F95A1-0D4F-4779-B1A2-5289A0554AFE}: NameServer = 192.168.1.1
    O17 - HKLM\System\CS4\Services\Tcpip\..\{353F95A1-0D4F-4779-B1A2-5289A0554AFE}: NameServer = 192.168.1.1
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    0
  3. phil121 Messages postés 9 Statut Membre
     
    re et merci

    voici le rapport malwarebytes
    Malwarebytes' Anti-Malware 1.33
    Version de la base de données: 1712
    Windows 5.1.2600 Service Pack 3

    01/02/2009 15:56:08
    mbam-log-2009-02-01 (15-56-08).txt

    Type de recherche: Examen rapide
    Eléments examinés: 55584
    Temps écoulé: 12 minute(s), 1 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. phil121 Messages postés 9 Statut Membre
     
    rapport avec arovax
    Scan log. Started at 02.01.2009 15:58:28
    ------------------------------------------

    Start Processes scan
    Completed Processes scan
    Total items scanned: 22
    Items found: 0
    ------------------------------------------

    Start Registry scan
    Completed Registry scan
    Total items scanned: 25147
    Items found: 0
    ------------------------------------------

    Start Hosts file scan
    Name: Hosts hijacker
    008i.com

    Name: Hosts hijacker
    www.addictivetechnologies.com

    Name: Hosts hijacker
    www.aifind.info

    Name: Hosts hijacker
    aifind.info

    Name: Hosts hijacker
    alfa-search.com

    Name: Hosts hijacker
    www.approvedlinks.com

    Name: Hosts hijacker
    approvedlinks.com

    Name: Hosts hijacker
    boredlife.com

    Name: Hosts hijacker
    couldnotfind.com

    Name: Hosts hijacker
    www.f1organizer.com

    Name: Hosts hijacker
    find4u.net

    Name: Hosts hijacker
    find-itnow.com

    Name: Hosts hijacker
    greg-search.com

    Name: Hosts hijacker
    hand-book.com

    Name: Hosts hijacker
    hotsearchbox.com

    Name: Hosts hijacker
    ie-search.com

    Name: Hosts hijacker
    i-lookup.com

    Name: Hosts hijacker
    itseasy.us

    Name: Hosts hijacker
    lookfor.cc

    Name: Hosts hijacker
    nativehardcore.com

    Name: Hosts hijacker
    omega-search.com

    Name: Hosts hijacker
    rightfinder.net

    Name: Hosts hijacker
    ruworld.com

    Name: Hosts hijacker
    search.ieplugin.com

    Name: Hosts hijacker
    search.psn.cn

    Name: Hosts hijacker
    search-1.net

    Name: Hosts hijacker
    searchcentrix.com

    Name: Hosts hijacker
    searchforge.com

    Name: Hosts hijacker
    searching-the-net.com

    Name: Hosts hijacker
    searchv.com

    Name: Hosts hijacker
    searchxl.com

    Name: Hosts hijacker
    selfbookmark.com

    Name: Hosts hijacker
    slotch.com

    Name: Hosts hijacker
    spidersearch.com

    Name: Hosts hijacker
    startium.com

    Name: Hosts hijacker
    super-spider.com

    Name: Hosts hijacker
    t.rack.cc

    Name: Hosts hijacker
    teen-biz.com

    Name: Hosts hijacker
    therealsearch.com

    Name: Hosts hijacker
    vse-moe.biz

    Name: Hosts hijacker
    www.wazzupnet.com

    Name: Hosts hijacker
    wazzupnet.com

    Name: Hosts hijacker
    webcoolsearch.com

    Name: Hosts hijacker
    www.websearch.com

    Name: Hosts hijacker
    websearch.com

    Name: Hosts hijacker
    www.xwebsearch.biz

    Name: Hosts hijacker
    xwebsearch.biz

    Name: Hosts hijacker
    xxxtoolbar.com

    Name: Hosts hijacker
    yourbookmarks.ws

    Completed Hosts file scan
    Total items scanned: 9924
    Items found: 49
    ------------------------------------------

    Start Cookies scan
    Name: Adserver.com
    C:\Documents and Settings\Mr\Cookies\mr@smartadserver[1].txt

    Name: Bluestreak.com
    C:\Documents and Settings\Mr\Cookies\mr@bluestreak[1].txt

    Name: DoubleClick
    C:\Documents and Settings\Mr\Cookies\mr@doubleclick[2].txt

    Name: Mediaplex.com
    C:\Documents and Settings\Mr\Cookies\mr@mediaplex[2].txt

    Name: Overture.com
    C:\Documents and Settings\Mr\Cookies\mr@overture[1].txt

    Name: SmartAdServer.com
    C:\Documents and Settings\Mr\Cookies\mr@smartadserver[1].txt

    Name: Tracking.com
    C:\Documents and Settings\Mr\Cookies\mr@tracking.publicidees[1].txt

    Name: TradeDoubler.com
    C:\Documents and Settings\Mr\Cookies\mr@tradedoubler[2].txt

    Name: Weborama
    C:\Documents and Settings\Mr\Cookies\mr@cetelem.solution.weborama[2].txt

    Name: Weborama
    C:\Documents and Settings\Mr\Cookies\mr@weborama[1].txt

    Name: WebTrends
    C:\Documents and Settings\Mr\Cookies\mr@statse.webtrendslive[1].txt

    Completed Cookies scan
    Total items scanned: 441
    Items found: 11
    ------------------------------------------

    Start File system scan
    Name: Spyware.SpyArsenalLog
    C:\WINDOWS\system32\CatRoot2\tmp.edb

    Completed File system scan
    Total items scanned: 5378
    Items found: 1
    ------------------------------------------

    Scanning Finished. 02.01.2009 16:02:20
    0
  6. phil121 Messages postés 9 Statut Membre
     
    anti rootkit n'a rien detecte que faire maintenant ??? merci d'avance
    0
  7. Utilisateur anonyme
     
    Il me semble que ton pc n'est pas infecté.Peut tu m'expliquer ton problème.
    0
  8. phil121 Messages postés 9 Statut Membre
     
    merci encore

    ce qui m'inquiete c'est le rapport avast qui detecte un truc dans windows/winsxs comme indiqué dans le premier rapport de scan ainsi que le host hijacker detecte par arovax mais peut etre que ce ne sont pas des choses nuisibles
    Je suis en train de faire kasperky en ligne je poste le rapport plus tard a+
    0
  9. Utilisateur anonyme
     
    Il semblerait que ce soit un faux-positif de Arovax.
    0
  10. phil121 Messages postés 9 Statut Membre
     
    et le truc detecte par avast???
    0
  11. Utilisateur anonyme
     
    fait moi un copier coller de la partie qui te semble infecté par avast.Seulement cette partie
    0
  12. phil121 Messages postés 9 Statut Membre
     
    tu l'as deja à mon premier message c'est la partie finale au 31 janvier
    0
  13. phil121 Messages postés 9 Statut Membre
     
    kaspersky n'a rien trouvè je laisse fair tout à l'air normal merci de ton aide
    0