Problème avec google, virus? - Page 2

Résolu
Précédent
  • 1
  • 2
  1. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Tu dois avoir un bouton "report save" normalement. Essaie de préférence une sauvegarde en mode texte.

    FillPCA
    0
  2. theodiablo Messages postés 53 Statut Membre
     
    voila!! enfin j'ai réeussi a ateindre le rapport et a le sauvegarder! désolé pour l'atente :s
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, February 07, 2008 8:10:32 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 7/02/2008
    Kaspersky Anti-Virus database records: 553461
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    H:\

    Scan Statistics:
    Total number of scanned objects: 120202
    Number of viruses found: 6
    Number of infected objects: 11
    Number of suspicious objects: 0
    Duration of the scan process: 01:31:39

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\helene\Application Data\Mozilla\Firefox\Profiles\0y0ikll4.default\cert8.db Object is locked skipped
    C:\Documents and Settings\helene\Application Data\Mozilla\Firefox\Profiles\0y0ikll4.default\formhistory.dat Object is locked skipped
    C:\Documents and Settings\helene\Application Data\Mozilla\Firefox\Profiles\0y0ikll4.default\history.dat Object is locked skipped
    C:\Documents and Settings\helene\Application Data\Mozilla\Firefox\Profiles\0y0ikll4.default\key3.db Object is locked skipped
    C:\Documents and Settings\helene\Application Data\Mozilla\Firefox\Profiles\0y0ikll4.default\parent.lock Object is locked skipped
    C:\Documents and Settings\helene\Application Data\Mozilla\Firefox\Profiles\0y0ikll4.default\search.sqlite Object is locked skipped
    C:\Documents and Settings\helene\Application Data\Mozilla\Firefox\Profiles\0y0ikll4.default\urlclassifier2.sqlite Object is locked skipped
    C:\Documents and Settings\helene\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Messenger\naiscamboulive@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Messenger\naiscamboulive@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Messenger\naiscamboulive@hotmail.com\SharingMetadata\Working\database_E8DC_B63D_DCB6_63A\dfsr.db Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Messenger\naiscamboulive@hotmail.com\SharingMetadata\Working\database_E8DC_B63D_DCB6_63A\fsr.log Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Messenger\naiscamboulive@hotmail.com\SharingMetadata\Working\database_E8DC_B63D_DCB6_63A\fsrtmp.log Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Messenger\naiscamboulive@hotmail.com\SharingMetadata\Working\database_E8DC_B63D_DCB6_63A\tmp.edb Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Windows Live Contacts\naiscamboulive@hotmail.com\real\members.stg Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Windows Live Contacts\naiscamboulive@hotmail.com\shadow\members.stg Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Mozilla\Firefox\Profiles\0y0ikll4.default\Cache\1D539CD2d01 Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Mozilla\Firefox\Profiles\0y0ikll4.default\Cache\_CACHE_001_ Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Mozilla\Firefox\Profiles\0y0ikll4.default\Cache\_CACHE_002_ Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Mozilla\Firefox\Profiles\0y0ikll4.default\Cache\_CACHE_003_ Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Mozilla\Firefox\Profiles\0y0ikll4.default\Cache\_CACHE_MAP_ Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Temp\~DFD42C.tmp Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Temp\~DFD438.tmp Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Temp\~DFE4E6.tmp Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Temp\~DFE4FC.tmp Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\helene\ntuser.dat Object is locked skipped
    C:\Documents and Settings\helene\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\theo\Application Data\vmntoolbar\vmntoolbar_151.zip/vmntoolbar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.j skipped
    C:\Documents and Settings\theo\Application Data\vmntoolbar\vmntoolbar_151.zip ZIP: infected - 1 skipped
    C:\Program Files\Antivirus\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Antivirus\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Antivirus\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Navilog1\Backupnavi\qcxxkx.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.gen skipped
    C:\Program Files\Visicom Media\FTP Expert 3\vmntoolbar\vmntoolbarsetup.exe/data0146 Infected: not-a-virus:AdWare.Win32.BHO.w skipped
    C:\Program Files\Visicom Media\FTP Expert 3\vmntoolbar\vmntoolbarsetup.exe NSIS: infected - 1 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{1FDF65CB-1E7B-4E53-8B5E-14A5800D1E4F}\RP650\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_460.dat Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\mes documents\helene\Mes Historiques de Conversation\février 2008\soul_lost@hotmail.fr.html Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    E:\APPS\codec\DivXPro502GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
    E:\APPS\codec\DivXPro502GAINBundle.exe Vise: infected - 1 skipped
    E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    F:\Mes documents\Disquette hack a domicile\mailpv.zip/mailpv.exe Infected: Backdoor.Win32.Prorat.19.p skipped
    F:\Mes documents\Disquette hack a domicile\mailpv.zip ZIP: infected - 1 skipped
    F:\restore\backup.pst/Dossiers personnels/Éléments supprimés/06 May 2005 18:32 from register@hotmail.com:Registration Confirm/account_info-text.zip Infected: Email-Worm.Win32.Sober.p skipped
    F:\restore\backup.pst Mail MS Mail: infected - 1 skipped
    F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
    0
  3. theodiablo Messages postés 53 Statut Membre
     
    et voila le nouveau log hijackthis:
    Logfile of HijackThis v1.99.1
    Scan saved at 20:12:15, on 07/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Antivirus\aswUpdSv.exe
    C:\Program Files\Antivirus\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
    C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ANTIVI~1\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///???*??Q???????*???7
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///???*??Q???????*???7
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll
    O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
    O4 - HKLM\..\Run: [MaBtSh] C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunServices: [Microsoftf DDEs ContrDL] runm.pif
    O4 - HKCU\..\Run: [Steam] "E:\APPS\steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Antivirus\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Antivirus\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Antivirus\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Antivirus\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
    O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
    O23 - Service: Pptp55islnt - Unknown owner - (no file)
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - d:\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - d:\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    alors, c'est grave docteur?
    0
  4. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Salut,

    Peux-tu faire ceci ?

    * Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    edite aussi un nouveau rapport Hijackthis.

    FillPCA
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. theodiablo Messages postés 53 Statut Membre
     
    voila le log avec combofix :

    ComboFix 08-02.05.3 - helene 2008-02-09 11:46:22.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.178 [GMT 1:00]
    Endroit: C:\Documents and Settings\helene\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .
    [i] ADS - svchost.exe: deleted 36 bytes in 1 streams. [/i]

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    C:\WINDOWS\system32\wl.exe

    ----- BITS: Possible sites infect‚s -----

    hxxp://www.download.windowsupdate.com
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_MSDIRECTX
    -------\poof

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-09 to 2008-02-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-06 13:27 . 2008-02-06 13:27 <REP> d-------- C:\WINDOWS\Documalis Free Scanner 1.0
    2008-02-06 13:11 . 2008-02-06 13:11 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-02-06 13:11 . 2008-02-06 13:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-02-06 00:15 . 2008-02-06 00:15 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-02-06 00:13 . 2008-02-06 00:14 1,355 --a------ C:\WINDOWS\imsins.BAK
    2008-02-06 00:12 . 2008-02-06 00:12 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-02-05 23:19 . 2008-02-05 23:19 <REP> d-------- C:\Documents and Settings\helene\Application Data\Grisoft
    2008-02-05 23:19 . 2008-02-05 23:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2008-02-05 23:19 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2008-02-05 23:17 . 2008-02-05 23:17 <REP> d-------- C:\Program Files\CCleaner
    2008-02-05 22:22 . 2008-02-05 22:22 10,960,186 --a------ C:\upload_moi_COOL.tar.gz
    2008-02-05 22:11 . 2008-02-05 22:16 <REP> d-------- C:\fixwareout
    2008-02-05 21:32 . 2008-02-05 23:00 <REP> d-------- C:\Program Files\Navilog1
    2008-02-05 20:46 . 2008-02-08 19:35 <REP> d-------- C:\Hijackthis
    2008-01-23 21:19 . 2008-02-05 22:46 <REP> d-------- C:\Program Files\PokerStars.NET
    2008-01-21 20:28 . 2008-01-21 20:28 <REP> d-------- C:\Program Files\ffdshow
    2008-01-21 20:28 . 2006-03-11 04:56 438,272 --a------ C:\WINDOWS\system32\Mpeg2DecFilter.ax
    2008-01-21 20:28 . 2005-11-25 21:46 421,888 --a------ C:\WINDOWS\system32\RealMediaSplitter.ax
    2008-01-21 20:28 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\tabctl32.ocx
    2008-01-21 20:28 . 2008-01-15 18:35 60,273 --a------ C:\WINDOWS\system32\pthreadGC2.dll
    2008-01-21 20:28 . 2008-01-15 18:35 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2008-01-21 20:28 . 2008-01-15 18:35 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
    2008-01-21 20:28 . 2005-06-21 17:48 1 --a------ C:\WINDOWS\gamidnof.lnl
    2008-01-14 18:38 . 2008-01-14 18:38 <REP> d-------- C:\WINDOWS\Sun
    2008-01-10 20:16 . 2008-01-10 20:16 372 --a------ C:\WINDOWS\datalink.ini

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-09 02:50 --------- d-----w C:\Documents and Settings\helene\Application Data\SolidDocuments
    2008-02-05 22:18 --------- d-----w C:\Program Files\GetRight
    2008-01-26 09:46 --------- d-----w C:\Program Files\Winamp
    2008-01-21 18:10 --------- d-----w C:\Program Files\pspvideo9
    2008-01-16 17:45 --------- d-----w C:\Program Files\PartyGaming
    2008-01-11 14:21 --------- d-----w C:\Program Files\DivX
    2008-01-09 14:22 --------- d-----w C:\Program Files\Antivirus
    2008-01-07 20:08 --------- d-----w C:\Program Files\Fichiers communs\Softwin
    2008-01-06 11:24 50,918 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
    2008-01-01 23:47 --------- d-----w C:\Program Files\MSN Messenger
    2008-01-01 23:47 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-31 17:55 --------- d-----w C:\Program Files\iTunes
    2007-12-31 17:55 --------- d-----w C:\Program Files\iPod
    2007-12-31 17:54 --------- d-----w C:\Program Files\QuickTime
    2007-12-31 17:53 --------- d-----w C:\Program Files\Apple Software Update
    2007-12-31 17:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
    2006-09-20 10:07 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="E:\APPS\steam\Steam.exe" [2007-11-30 07:00 1266936]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cmaudio"="cmicnfg.cpl" []
    "OlStatusMon"="C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" [2006-07-26 15:20 106496]
    "MaBtSh"="C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe" [2006-02-08 16:29 24576]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
    "avast!"="C:\PROGRA~1\ANTIVI~1\ashDisp.exe" [2007-12-04 14:00 79224]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "Microsoftf DDEs ContrDL"="runm.pif" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"= 0 (0x0)

    R2 olMntrService;olMntrService;"C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe" [2006-07-24 11:02]
    R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys [2004-07-28 09:06]
    R3 ICAM8USB;Intel(r) PC Camera CS120;C:\WINDOWS\system32\Drivers\Icm8D2.SYS [2001-07-12 11:23]
    R3 Ma730Pt;MA730 Bluetooth VCOM Driver;C:\WINDOWS\system32\DRIVERS\Ma730Pt.sys [2006-09-21 11:23]
    R3 Ma730Vad;MA730 Bluetooth Audio;C:\WINDOWS\system32\DRIVERS\Ma730Vad.sys [2005-11-22 13:32]
    S3 Ma730c;MA730 Bluetooth Core Driver;C:\WINDOWS\system32\DRIVERS\MA730C.sys [2007-01-08 14:06]
    S3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS []
    S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 12:16]
    S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 12:17]
    S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 12:17]
    S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 12:18]
    S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 12:15]
    S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 12:18]
    S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 12:15]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]
    S3 zlportio;zlportio;C:\Documents and Settings\theo\Bureau\zlportio.sys []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e466c90-463b-11db-8491-806d6172696f}]
    \Shell\AutoRun\command - G:\Setup.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-06 09:38:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-09 11:50:53
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Antivirus\aswUpdSv.exe
    C:\Program Files\Antivirus\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Antivirus\ashWebSv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-09 11:54:03 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-09 10:53:58
    .
    2008-01-07 19:46:33 --- E O F ---

    et le nouveau avec Hijachthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:54:50, on 09/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Antivirus\aswUpdSv.exe
    C:\Program Files\Antivirus\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Antivirus\ashWebSv.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
    C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ANTIVI~1\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///???*??Q???????*???7
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///???*??Q???????*???7
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll
    O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
    O4 - HKLM\..\Run: [MaBtSh] C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunServices: [Microsoftf DDEs ContrDL] runm.pif
    O4 - HKCU\..\Run: [Steam] "E:\APPS\steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Antivirus\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Antivirus\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Antivirus\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Antivirus\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
    O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
    O23 - Service: Pptp55islnt - Unknown owner - (no file)
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - d:\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - d:\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  7. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Salut,

    Combofix a bien travaillé. Il reste encore une infection visible.

    # Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    # Imprime ceci.
    # Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

    * Redémarre ton ordinateur.
    * Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.

    # Déroule la liste des instructions ci-dessous :

    * En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
    * Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    * Appuie sur Y pour commencer le script.
    * Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.
    * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    * Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    FillPCA
    0
  8. theodiablo Messages postés 53 Statut Membre
     
    voila le log SDFix:

    SDFix: Version 1.139

    Run by helene on 09/02/2008 at 14:27

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\system32\TFTP272 - Deleted
    C:\WINDOWS\system32\o - Deleted

    Removing Temp Files...

    ADS Check:

    Final Check:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-09 14:32:18
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
    "EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
    "CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 18

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

    Remaining Files:
    ---------------

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    Fri 1 Jul 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Tue 5 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Sat 13 Nov 2004 37,376 A..H. --- "C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe"

    Finished!

    hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 14:39:55, on 09/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Antivirus\aswUpdSv.exe
    C:\Program Files\Antivirus\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Antivirus\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
    C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ANTIVI~1\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Hijackthis\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///???*??Q???????*???7
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///???*??Q???????*???7
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll
    O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
    O4 - HKLM\..\Run: [MaBtSh] C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunServices: [Microsoftf DDEs ContrDL] runm.pif
    O4 - HKCU\..\Run: [Steam] "E:\APPS\steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Antivirus\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Antivirus\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Antivirus\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Antivirus\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
    O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
    O23 - Service: Pptp55islnt - Unknown owner - (no file)
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - d:\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - d:\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  9. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Salut,

    1/ Ouvre HIjackthis>"Do a scan only" et coche ceci :
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http:///???*??Q???????*???7
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http:///???*??Q???????*???7
    O4 - HKLM\..\RunServices: [Microsoftf DDEs ContrDL] runm.pif
    O23 - Service: Pptp55islnt - Unknown owner - (no file)


    Clique sur fix/réparer.

    2/ Ouvre Ccleaner et clique sur "lancer le nettoyage".

    3/ * Télécharge Toolscleaner de A.Rothstein sur ton Bureau : http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe
    * Double-clique sur ToolsCleaner2.exe>Recherche puis Suppression,
    * Ton Bureau va disparaître. Ceci est normal.
    * S'il ne réapparait pas, fais ceci : CTRL+ALT+SUP pour faire apparaître le gestionnaire de tâches.
    Rends-toi à l'onglet Processus, clique en haut à gauche sur "Fichiers" et choisis "Exécuter". Tape "explorer" et valide. Cela te fera ré-apparaître ton Bureau. Edite ce rapport.

    4/ Refais un scan en ligne avec Kaspersky, mais choisis "My computer".

    5/ Edite le rapport Toolscleaner, Kaspersky et un nouveau rapport Hijackthis.

    FillPCA
    0
  10. theodiablo Messages postés 53 Statut Membre
     
    je croi que je suis un boulet... j'ai pas sauvegardé le rapport de A.Rothstein :s, j'espère que c'est pas trop grave...

    sinon, j'ai celui de kapersky:

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, February 10, 2008 9:13:16 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 10/02/2008
    Kaspersky Anti-Virus database records: 556064
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    H:\

    Scan Statistics:
    Total number of scanned objects: 105150
    Number of viruses found: 5
    Number of infected objects: 10
    Number of suspicious objects: 0
    Duration of the scan process: 01:16:33

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\helene\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Messenger\rogerknocker@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Messenger\rogerknocker@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Messenger\rogerknocker@hotmail.com\SharingMetadata\Working\database_E8DC_B63D_DCB6_63A\dfsr.db Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Messenger\rogerknocker@hotmail.com\SharingMetadata\Working\database_E8DC_B63D_DCB6_63A\fsr.log Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Messenger\rogerknocker@hotmail.com\SharingMetadata\Working\database_E8DC_B63D_DCB6_63A\fsrtmp.log Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Messenger\rogerknocker@hotmail.com\SharingMetadata\Working\database_E8DC_B63D_DCB6_63A\tmp.edb Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Windows Live Contacts\rogerknocker@hotmail.com\real\members.stg Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Application Data\Microsoft\Windows Live Contacts\rogerknocker@hotmail.com\shadow\members.stg Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Historique\History.IE5\MSHist012008021020080211\index.dat Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Temp\~DF6C34.tmp Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Temp\~DF6C4E.tmp Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Temp\~DF8255.tmp Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Temp\~DF826A.tmp Object is locked skipped
    C:\Documents and Settings\helene\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\helene\ntuser.dat Object is locked skipped
    C:\Documents and Settings\helene\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\helene\UserData\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\theo\Application Data\vmntoolbar\vmntoolbar_151.zip/vmntoolbar.dll Infected: not-a-virus:AdWare.Win32.MegaSearch.j skipped
    C:\Documents and Settings\theo\Application Data\vmntoolbar\vmntoolbar_151.zip ZIP: infected - 1 skipped
    C:\Program Files\Antivirus\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Antivirus\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Antivirus\DATA\log\AshWebSv.ws Object is locked skipped
    C:\Program Files\Antivirus\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Antivirus\DATA\report\Protection résidente.txt Object is locked skipped
    C:\Program Files\PartyGaming\PartyPoker\1346657.hhf Object is locked skipped
    C:\Program Files\PartyGaming\PartyPoker\6087403.hhf Object is locked skipped
    C:\Program Files\PartyGaming\PartyPoker\HandHistory\kadajkgc\20080210\Western European $150 Freeroll Speed (1325671) - Table n°119_1346657.txt Object is locked skipped
    C:\Program Files\Visicom Media\FTP Expert 3\vmntoolbar\vmntoolbarsetup.exe/data0146 Infected: not-a-virus:AdWare.Win32.BHO.w skipped
    C:\Program Files\Visicom Media\FTP Expert 3\vmntoolbar\vmntoolbarsetup.exe NSIS: infected - 1 skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_468.dat Object is locked skipped
    C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    E:\APPS\codec\DivXPro502GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped
    E:\APPS\codec\DivXPro502GAINBundle.exe Vise: infected - 1 skipped
    E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    F:\Mes documents\Disquette hack a domicile\mailpv.zip/mailpv.exe Infected: Backdoor.Win32.Prorat.19.p skipped
    F:\Mes documents\Disquette hack a domicile\mailpv.zip ZIP: infected - 1 skipped
    F:\restore\backup.pst/Dossiers personnels/Éléments supprimés/06 May 2005 18:32 from register@hotmail.com:Registration Confirm/account_info-text.zip Infected: Email-Worm.Win32.Sober.p skipped
    F:\restore\backup.pst Mail MS Mail: infected - 1 skipped
    F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.

    et celui de hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:21:14, on 10/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0013)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Antivirus\aswUpdSv.exe
    C:\Program Files\Antivirus\ashServ.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe
    C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\ANTIVI~1\ashDisp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Antivirus\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll
    O2 - BHO: GetRight IE Download Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [OlStatusMon] "C:\Program Files\Olivetti\ANY_WAY\olDvcStatus.exe" dvcStatusMinimize
    O4 - HKLM\..\Run: [MaBtSh] C:\Program Files\Mobile Action\Bluetooth Manager\MaBtSh.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ANTIVI~1\ashDisp.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [Steam] "E:\APPS\steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
    O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Antivirus\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Antivirus\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Antivirus\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Antivirus\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
    O23 - Service: olMntrService - Olivetti - C:\Program Files\Olivetti\ANY_WAY\olMntrService.exe
    O23 - Service: Pptp55islnt - Unknown owner - (no file)
    O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - d:\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
    O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - d:\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    0
  11. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Ce n'est pas grave.

    Tu as un vieil Email à supprimer : regarde la date :
    F:\restore\backup.pst/Dossiers personnels/Éléments supprimés/06 May 2005 18:32 from register@hotmail.com:Registration Confirm/account_info-text.zip

    Il faut aussi supprimer cela :
    C:\Documents and Settings\theo\Application Data\vmntoolbar\vmntoolbar_151.zip
    C:\Program Files\Visicom Media\FTP Expert 3\vmntoolbar\vmntoolbarsetup.exe
    E:\APPS\codec\DivXPro502GAINBundle.exe
    F:\Mes documents\Disquette hack a domicile\mailpv.zip


    1/ Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.
    2/ Tu peux supprimer tous les logiciels que nous avons utilisés (Type: SmitFraufix, Blacklight, SDFix, lopxpMH, ect.....) qui traitent des infections spécifiques et qui sont mis à jour régulièrement. Il est inutile de les garder sur ton PC.
    Tu peux par contre, garder AVG Antispyware et CCleaner.
    3/ /!\ Maintenant que ton PC n'est plus infecté, désactive puis réactive ta "Restauration du système" afin de créer un point de restauration sain.
    Pour désactiver ou activer la Restauration du système, tu dois ouvrir une session Administrateur sous Windows XP.
    Désactivation:
    Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
    > Appliquer et Ok.
    Activation:
    Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
    > Appliquer et Ok. Redémarrer l'ordinateur.
    Comment faire pour...(lettre A): https://forum.pcastuces.com/sujet.asp?f=25&s=3902
    4/ Pour améliorer la sécurité de ton PC prend quelques instants pour lire:
    Sécuriser son PC +WIFI (versions "hot" & "light"): https://forum.pcastuces.com/default.asp
    5/ Dénonce ton infection pour faire condamner les auteurs.

    Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :
    - Voir les règles du forum : https://malwarecomplaints.info/
    - Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
    Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
    Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

    Tu as alors, sous forme de liste, un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

    *** Tes infections : Navipromo, Wareout, divers vers ***
    >> https://malwarecomplaints.info/
    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections, conforme au règle du forum (âge, ville, département etc..)
    Indique aussi le nom du Forum qui t'a aidé : CCM
    6/ Tu peux marquer ton sujet comme résolu en cliquant sur le bouton.
    7/ Je te conseille enfin de défragmenter ton PC : http://www.coupdepoucepc.com/modules/news/article.php?storyid=218

    Bon surf !

    FillPCA
    0
  12. theodiablo Messages postés 53 Statut Membre
     
    hébien merci infiniement monsieur!
    je suis bien content de m'etre enfin débarassé de toutes ces infections, et en effet, je trouve que mon ordi est un peu plus rapide maintenant! c'est super! merci!!
    0
  13. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Content d'avoir pu être utile. Et prudence sur le net !

    FillPCA
    0
Précédent
  • 1
  • 2