A voir également:
- Infectée par Spywarequake
- Comment savoir si une clé usb est infectée - Guide
- Clé mémoire infectée ✓ - Forum Virus
- URL infectée malware - Forum Virus
- Machine probablement infectée - Forum Virus
- Clé registre infectée ✓ - Forum Virus
14 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
8 juil. 2008 à 13:43
8 juil. 2008 à 13:43
slt fixer c'est bien mais le fichier restera
J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe
__________
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe
__________
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
fiat500
Messages postés
2621
Date d'inscription
vendredi 30 mai 2008
Statut
Membre
Dernière intervention
25 mars 2009
82
8 juil. 2008 à 10:56
8 juil. 2008 à 10:56
bonjour
fais ceci:
https://forums.cnetfrance.fr
fais ceci:
https://forums.cnetfrance.fr
Voici le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04: VIRUS ALERT!, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
J:\Program Files\COMODO\Firewall\cfp.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
J:\Program Files\a-squared Anti-Malware\a2guard.exe
J:\Program Files\DNA\btdna.exe
J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe
J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
J:\Program Files\uTorrent\uTorrent.exe
J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe
J:\Program Files\a-squared Anti-Malware\a2service.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
J:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\Program Files\COMODO\Firewall\cmdagent.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\System32\svchost.exe
J:\Documents and Settings\pascal\Bureau\HijackThis.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD} - (no file)
O3 - Toolbar: nqgpedlr - {DFD3C411-B6E4-49E6-A4D9-88F45FE2556D} - J:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "J:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "J:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [BitTorrent DNA] "J:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: J:\WINDOWS\system32\guard32.dll
O21 - SSODL: axrfgvek - {E11599E0-980A-4A12-9902-BDE5B2CDED8A} - J:\WINDOWS\axrfgvek.dll (file missing)
O21 - SSODL: okmdepgb - {4EFBB5FB-466A-4330-84CB-9ACB8D6BED61} - J:\WINDOWS\okmdepgb.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - J:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - J:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - J:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - J:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - J:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04: VIRUS ALERT!, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
J:\Program Files\COMODO\Firewall\cfp.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
J:\Program Files\a-squared Anti-Malware\a2guard.exe
J:\Program Files\DNA\btdna.exe
J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe
J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
J:\Program Files\uTorrent\uTorrent.exe
J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe
J:\Program Files\a-squared Anti-Malware\a2service.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
J:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\Program Files\COMODO\Firewall\cmdagent.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\System32\svchost.exe
J:\Documents and Settings\pascal\Bureau\HijackThis.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD} - (no file)
O3 - Toolbar: nqgpedlr - {DFD3C411-B6E4-49E6-A4D9-88F45FE2556D} - J:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "J:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "J:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [BitTorrent DNA] "J:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: J:\WINDOWS\system32\guard32.dll
O21 - SSODL: axrfgvek - {E11599E0-980A-4A12-9902-BDE5B2CDED8A} - J:\WINDOWS\axrfgvek.dll (file missing)
O21 - SSODL: okmdepgb - {4EFBB5FB-466A-4330-84CB-9ACB8D6BED61} - J:\WINDOWS\okmdepgb.dll (file missing)
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - J:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - J:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - J:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - J:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - J:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
fiat500
Messages postés
2621
Date d'inscription
vendredi 30 mai 2008
Statut
Membre
Dernière intervention
25 mars 2009
82
8 juil. 2008 à 11:07
8 juil. 2008 à 11:07
bon telecharge malwarebytes mes le a jour puis lance un scan complet et supprime tous se qu'il trouve
aide:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
aide:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
C'est fait.
Est-ce que ce scan est supposé avoir tout enlevé?
Le "Virus Alert" est encore présent un peu partout.
Voici le rapport :
Malwarebytes' Anti-Malware 1.20
Database version: 931
Windows 5.1.2600 Service Pack 2
13:26:26 08/07/2008
mbam-log-7-8-2008 (13-26-22).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 91106
Time elapsed: 2 hour(s), 3 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{50365571-a7c7-47b3-854d-f45fdfc6687e} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aaaac6f5-a653-4b2a-9c02-8ebd19366183} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{da6ebdce-4207-455c-b9db-c3fa5e440c20} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{830af45a-70fe-4f42-820c-478e6f07bd92} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{28eaf37d-f93d-4d40-8f70-654cc2fcba2e} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\nqgpedlr.bmfr (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\nqgpedlr.toolbar.1 (Trojan.FakeAlert) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\axrfgvek (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\okmdepgb (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76412-OEM-0011903-00117) -> No action taken.
Folders Infected:
J:\Program Files\webHancer (Adware.Webhancer) -> No action taken.
J:\Program Files\webHancer\Programs (Adware.Webhancer) -> No action taken.
J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc (Trojan.Agent) -> No action taken.
Files Infected:
J:\WINDOWS\kgqfweltgbn.dll (Trojan.FakeAlert) -> No action taken.
J:\WINDOWS\enwa.exe (Trojan.FakeAlert) -> No action taken.
J:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> No action taken.
J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe (Trojan.Agent) -> No action taken.
J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\s (Trojan.Agent) -> No action taken.
J:\WINDOWS\mrvtdpqe.exe (Trojan.FakeAlert) -> No action taken.
Est-ce que ce scan est supposé avoir tout enlevé?
Le "Virus Alert" est encore présent un peu partout.
Voici le rapport :
Malwarebytes' Anti-Malware 1.20
Database version: 931
Windows 5.1.2600 Service Pack 2
13:26:26 08/07/2008
mbam-log-7-8-2008 (13-26-22).txt
Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 91106
Time elapsed: 2 hour(s), 3 minute(s), 38 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{50365571-a7c7-47b3-854d-f45fdfc6687e} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aaaac6f5-a653-4b2a-9c02-8ebd19366183} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{da6ebdce-4207-455c-b9db-c3fa5e440c20} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{830af45a-70fe-4f42-820c-478e6f07bd92} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{28eaf37d-f93d-4d40-8f70-654cc2fcba2e} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\nqgpedlr.bmfr (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\nqgpedlr.toolbar.1 (Trojan.FakeAlert) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\axrfgvek (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\okmdepgb (Trojan.FakeAlert) -> No action taken.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76412-OEM-0011903-00117) -> No action taken.
Folders Infected:
J:\Program Files\webHancer (Adware.Webhancer) -> No action taken.
J:\Program Files\webHancer\Programs (Adware.Webhancer) -> No action taken.
J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc (Trojan.Agent) -> No action taken.
Files Infected:
J:\WINDOWS\kgqfweltgbn.dll (Trojan.FakeAlert) -> No action taken.
J:\WINDOWS\enwa.exe (Trojan.FakeAlert) -> No action taken.
J:\Program Files\webHancer\Programs\webhdll.dll (Adware.Webhancer) -> No action taken.
J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe (Trojan.Agent) -> No action taken.
J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\s (Trojan.Agent) -> No action taken.
J:\WINDOWS\mrvtdpqe.exe (Trojan.FakeAlert) -> No action taken.
fiat500
Messages postés
2621
Date d'inscription
vendredi 30 mai 2008
Statut
Membre
Dernière intervention
25 mars 2009
82
8 juil. 2008 à 13:34
8 juil. 2008 à 13:34
ta cliquer sur supprimer la selection?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
fiat500
Messages postés
2621
Date d'inscription
vendredi 30 mai 2008
Statut
Membre
Dernière intervention
25 mars 2009
82
8 juil. 2008 à 13:35
8 juil. 2008 à 13:35
ok reposte moi un log hijackthis
Voici le second rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36: VIRUS ALERT!, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\csrss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
J:\Program Files\COMODO\Firewall\cfp.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
J:\Program Files\a-squared Anti-Malware\a2guard.exe
J:\Program Files\DNA\btdna.exe
J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
J:\Program Files\a-squared Anti-Malware\a2service.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
J:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\Program Files\COMODO\Firewall\cmdagent.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\System32\alg.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Mozilla Firefox\firefox.exe
J:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Windows Live\Messenger\usnsvc.exe
J:\Documents and Settings\pascal\Bureau\HijackThis.exe
J:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD} - (no file)
O3 - Toolbar: nqgpedlr - {DFD3C411-B6E4-49E6-A4D9-88F45FE2556D} - J:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "J:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "J:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [BitTorrent DNA] "J:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: J:\WINDOWS\system32\guard32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - J:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - J:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - J:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - J:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - J:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:36: VIRUS ALERT!, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\csrss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
J:\WINDOWS\Explorer.EXE
J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
J:\Program Files\COMODO\Firewall\cfp.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
J:\Program Files\a-squared Anti-Malware\a2guard.exe
J:\Program Files\DNA\btdna.exe
J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
J:\Program Files\a-squared Anti-Malware\a2service.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
J:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\Program Files\COMODO\Firewall\cmdagent.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\System32\alg.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Mozilla Firefox\firefox.exe
J:\Program Files\Windows Live\Messenger\msnmsgr.exe
J:\Program Files\Windows Live\Messenger\usnsvc.exe
J:\Documents and Settings\pascal\Bureau\HijackThis.exe
J:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD} - (no file)
O3 - Toolbar: nqgpedlr - {DFD3C411-B6E4-49E6-A4D9-88F45FE2556D} - J:\WINDOWS\nqgpedlr.dll (file missing)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "J:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "J:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [BitTorrent DNA] "J:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: J:\WINDOWS\system32\guard32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - J:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - J:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - J:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - J:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - J:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
fiat500
Messages postés
2621
Date d'inscription
vendredi 30 mai 2008
Statut
Membre
Dernière intervention
25 mars 2009
82
8 juil. 2008 à 13:39
8 juil. 2008 à 13:39
coche les case:
O4 - HKCU\..\Run: [BitTorrent DNA] "J:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe
puis clic sur fix cheked
O4 - HKCU\..\Run: [BitTorrent DNA] "J:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Microsoft Windows Installer] J:\Documents and Settings\pascal\Application Data\Microsoft\dtsc\31270.exe
puis clic sur fix cheked
fiat500
Messages postés
2621
Date d'inscription
vendredi 30 mai 2008
Statut
Membre
Dernière intervention
25 mars 2009
82
8 juil. 2008 à 13:43
8 juil. 2008 à 13:43
ok reposte un log hijackthis!
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
8 juil. 2008 à 14:54
8 juil. 2008 à 14:54
ok
Télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le Bureau
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le Bureau
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
8 juil. 2008 à 14:55
8 juil. 2008 à 14:55
normal
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
8 juil. 2008 à 14:57
8 juil. 2008 à 14:57
ok après si non dispo pour avancer colle un rapport avec antivir
puis
installe la derniere version internet explorer:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
puis recolle un hijackthis et dis tes problèmes actuels
puis
installe la derniere version internet explorer:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
puis recolle un hijackthis et dis tes problèmes actuels
Voici le rapport ComboFix :
ComboFix 08-07-07.3 - pascal 2008-07-08 14:59:05.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.656 [GMT 2:00]
Endroit: J:\Documents and Settings\pascal\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))))))))
.
2008-07-08 13:54 . 2008-07-08 13:54 <REP> d-------- J:\WINDOWS\ERUNT
2008-07-08 13:47 . 2008-07-08 13:47 <REP> d-------- J:\SDFix
2008-07-08 11:18 . 2008-07-08 11:18 <REP> d-------- J:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-07-08 11:09 . 2008-07-08 11:09 <REP> d-------- J:\Program Files\Malwarebytes' Anti-Malware
2008-07-08 11:09 . 2008-07-08 11:09 <REP> d-------- J:\Documents and Settings\pascal\Application Data\Malwarebytes
2008-07-08 11:09 . 2008-07-08 11:09 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-08 11:09 . 2008-07-07 17:35 34,296 --a------ J:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-08 11:09 . 2008-07-07 17:35 17,144 --a------ J:\WINDOWS\system32\drivers\mbam.sys
2008-07-04 19:13 . 2008-07-04 19:21 664 --a------ J:\WINDOWS\system32\d3d9caps.dat
2008-07-04 19:01 . 2008-07-08 13:42 <REP> d-------- J:\Program Files\a-squared Anti-Malware
2008-07-04 18:42 . 2008-07-04 18:42 <REP> d-------- J:\Documents and Settings\pascal\Application Data\Grisoft
2008-07-04 18:41 . 2008-07-04 18:41 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-04 18:41 . 2007-05-30 14:10 10,872 --a------ J:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-04 18:33 . 2008-06-29 20:54 <REP> d--h----- J:\Documents and Settings\Administrateur\Voisinage réseau
2008-07-04 18:33 . 2008-06-29 20:54 <REP> d--h----- J:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-04 18:33 . 2008-06-29 19:12 <REP> d--h----- J:\Documents and Settings\Administrateur\Modèles
2008-07-04 18:33 . 2008-06-29 20:54 <REP> d-------- J:\Documents and Settings\Administrateur\Mes documents
2008-07-04 18:33 . 2008-06-29 20:54 <REP> dr------- J:\Documents and Settings\Administrateur\Menu Démarrer
2008-07-04 18:33 . 2008-06-29 20:54 <REP> d-------- J:\Documents and Settings\Administrateur\Favoris
2008-07-04 18:33 . 2008-07-08 15:00 <REP> d-------- J:\Documents and Settings\Administrateur\Bureau
2008-07-04 18:33 . 2008-07-04 18:34 <REP> d-------- J:\Documents and Settings\Administrateur
2008-07-04 18:29 . 2008-07-04 18:35 1,160 --a------ J:\WINDOWS\system32\tmp.reg
2008-07-04 14:03 . 2008-07-04 14:48 388 --a------ J:\WINDOWS\wininit.ini
2008-07-04 13:32 . 2008-07-04 13:32 <REP> d-------- J:\Program Files\LETMIN
2008-07-04 13:32 . 2008-07-04 13:32 <REP> d-------- J:\Program Files\Icone
2008-07-04 13:17 . 2008-07-04 13:17 <REP> d-------- J:\Program Files\Spybot - Search & Destroy
2008-07-04 13:17 . 2008-07-04 14:04 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 11:34 . 2008-07-04 11:34 <REP> d-------- J:\Program Files\iTunes
2008-07-04 11:34 . 2008-07-04 11:34 <REP> d-------- J:\Program Files\iPod
2008-07-04 11:34 . 2008-07-04 11:34 <REP> d-------- J:\Documents and Settings\pascal\Application Data\Apple Computer
2008-07-04 11:33 . 2008-07-04 11:33 <REP> d-------- J:\Program Files\QuickTime
2008-07-04 11:33 . 2008-07-04 11:34 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-04 11:32 . 2008-07-04 11:32 <REP> d-------- J:\Program Files\Fichiers communs\Apple
2008-07-04 11:32 . 2008-07-04 11:32 <REP> d-------- J:\Program Files\Apple Software Update
2008-07-04 11:32 . 2008-07-04 11:32 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Apple
2008-07-04 11:32 . 2008-02-18 11:16 30,464 --a------ J:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-03 21:30 . 2008-07-03 21:30 <REP> d-------- J:\Program Files\COMODO
2008-07-03 21:30 . 2008-07-03 21:30 <REP> d-------- J:\Documents and Settings\pascal\Application Data\Comodo
2008-07-03 21:30 . 2008-07-04 00:09 <REP> d-------- J:\Documents and Settings\All Users\Application Data\comodo
2008-07-03 21:30 . 2008-07-03 21:30 139,008 --a------ J:\WINDOWS\system32\guard32.dll
2008-07-03 21:30 . 2008-07-03 21:30 79,096 --a------ J:\WINDOWS\system32\drivers\cmdGuard.sys
2008-07-03 21:30 . 2008-07-03 21:30 23,672 --a------ J:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-03 21:18 . 2008-07-08 11:13 <REP> d-------- J:\Documents and Settings\pascal\Application Data\uTorrent
2008-07-03 21:17 . 2008-07-03 21:18 <REP> d-------- J:\Program Files\uTorrent
2008-07-01 14:48 . 2008-07-01 14:48 <REP> d-------- J:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-01 14:03 . 2008-07-04 11:33 <REP> d-------- J:\Program Files\Bonjour
2008-07-01 13:56 . 2008-07-01 13:56 <REP> d-------- J:\Program Files\Fichiers communs\Macrovision Shared
2008-07-01 13:55 . 2008-07-01 14:03 <REP> d-------- J:\Program Files\Fichiers communs\Adobe
2008-07-01 10:55 . 2006-10-05 04:42 2,560 --------- J:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-01 10:55 . 2006-10-05 04:42 2,432 --------- J:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-01 10:54 . 2008-07-01 10:55 <REP> d-------- J:\Program Files\Picasa2
2008-07-01 10:54 . 2008-07-01 10:54 <REP> d-------- J:\Program Files\Google
2008-07-01 10:47 . 2008-07-08 11:05 <REP> d-------- J:\~~Marine Docs
2008-06-30 22:30 . 2008-06-30 22:30 <REP> d-------- J:\Documents and Settings\pascal\Application Data\Media Player Classic
2008-06-30 22:27 . 2008-06-30 22:27 <REP> d-------- J:\Program Files\K-Lite Codec Pack
2008-06-30 22:27 . 2008-06-30 22:27 <REP> d-------- J:\Program Files\Astonsoft
2008-06-30 22:27 . 2008-06-30 22:32 <REP> d-------- J:\Documents and Settings\pascal\Application Data\DeepBurner
2008-06-30 15:06 . 2007-07-30 19:19 271,224 --a------ J:\WINDOWS\system32\mucltui.dll
2008-06-30 15:06 . 2007-07-30 19:19 207,736 --a------ J:\WINDOWS\system32\muweb.dll
2008-06-30 15:06 . 2007-07-30 19:18 30,072 --a------ J:\WINDOWS\system32\mucltui.dll.mui
2008-06-30 14:11 . 2008-07-05 13:08 <REP> d-------- J:\Program Files\eMule
2008-06-30 14:05 . 2008-07-04 03:51 <REP> d-------- J:\Program Files\LimeWire
2008-06-30 14:05 . 2008-07-04 11:49 <REP> d-------- J:\Documents and Settings\pascal\Application Data\LimeWire
2008-06-30 11:50 . 2008-02-22 02:33 69,632 --a------ J:\WINDOWS\system32\javacpl.cpl
2008-06-30 11:36 . 2008-07-03 19:35 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-30 11:33 . 2008-06-30 11:33 <REP> d-------- J:\Program Files\Messenger Plus! Live
2008-06-30 11:33 . 2008-06-30 11:33 <REP> d---s---- J:\Documents and Settings\pascal\UserData
2008-06-30 11:26 . 2008-07-04 11:32 <REP> d----c--- J:\WINDOWS\system32\DRVSTORE
2008-06-30 11:26 . 2008-06-30 11:33 <REP> d-------- J:\Documents and Settings\pascal\Contacts
2008-06-30 11:17 . 2008-06-30 11:31 <REP> d-------- J:\Program Files\Windows Live
2008-06-30 11:17 . 2008-06-30 11:23 <REP> d--hsc--- J:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-30 11:16 . 2008-06-30 11:16 <REP> d-------- J:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-30 11:07 . 2008-06-30 11:07 <REP> d-------- J:\Program Files\Avira
2008-06-30 11:07 . 2008-06-30 11:07 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Avira
2008-06-30 11:04 . 2008-07-01 14:15 <REP> d-------- J:\~~PHOTOS D70
2008-06-30 11:04 . 2008-06-30 11:04 8,192 --ahs---- J:\WINDOWS\Thumbs.db
2008-06-30 10:48 . 2008-06-30 10:48 <REP> d-------- J:\Program Files\DNA
2008-06-30 10:48 . 2008-06-30 10:48 <REP> d-------- J:\Program Files\BitTorrent
2008-06-30 10:48 . 2008-07-08 13:37 <REP> d-------- J:\Documents and Settings\pascal\Application Data\DNA
2008-06-30 10:48 . 2008-07-06 15:21 <REP> d-------- J:\Documents and Settings\pascal\Application Data\BitTorrent
2008-06-30 10:45 . 2008-06-30 10:45 0 --a------ J:\WINDOWS\nsreg.dat
2008-06-30 09:08 . 2008-06-14 19:59 272,768 --------- J:\WINDOWS\system32\drivers\bthport.sys
2008-06-30 09:08 . 2008-06-14 19:59 272,768 -----c--- J:\WINDOWS\system32\dllcache\bthport.sys
2008-06-30 09:03 . 2007-02-28 18:08 2,184,192 -----c--- J:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-06-30 09:03 . 2007-02-28 18:08 2,139,648 -----c--- J:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-06-30 09:03 . 2007-02-28 18:08 2,019,328 -----c--- J:\WINDOWS\system32\dllcache\ntkrpamp.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 09:50 --------- d-----w J:\Program Files\Java
2008-06-29 18:55 9,388 ----a-w J:\WINDOWS\system32\drivers\iaStor.PNF
2008-06-29 18:55 7,280 ----a-w J:\WINDOWS\system32\drivers\viamraid.PNF
2008-06-29 18:55 63,240 ----a-w J:\WINDOWS\system32\drivers\Si3112r.PNF
2008-06-29 18:55 6,984 ----a-w J:\WINDOWS\system32\drivers\SiSRaid.PNF
2008-06-29 18:55 20,152 ----a-w J:\WINDOWS\system32\drivers\INFCACHE.1
2008-06-29 18:55 12,432 ----a-w J:\WINDOWS\system32\drivers\adpu320.PNF
2008-06-29 18:55 12,204 ----a-w J:\WINDOWS\system32\drivers\nvraid.PNF
2008-06-29 18:55 10,828 ----a-w J:\WINDOWS\system32\drivers\iaAHCI.PNF
2008-06-29 18:50 --------- d-----w J:\Documents and Settings\pascal\Application Data\MSNInstaller
2008-06-29 17:23 --------- d-----w J:\Program Files\microsoft frontpage
2008-06-29 17:21 --------- d-----w J:\Program Files\Fichiers communs\Java
2008-06-29 17:15 --------- d-----w J:\Program Files\Services en ligne
2008-05-08 12:28 202,752 ----a-w J:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w J:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 663,552 ----a-w J:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"COMODO Firewall Pro"="J:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-03 21:30 1481984]
"QuickTime Task"="J:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="J:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"!AVG Anti-Spyware"="J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"a-squared"="J:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-08 13:42 2132112]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 J:\WINDOWS\system32\HdAShCut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="J:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= J:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"J:\\Program Files\\Messenger\\msmsgs.exe"=
"J:\\Program Files\\DNA\\btdna.exe"=
"J:\\Program Files\\BitTorrent\\bittorrent.exe"=
"J:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"J:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"J:\\Program Files\\eMule\\emule.exe"=
"J:\\Program Files\\uTorrent\\uTorrent.exe"=
"J:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"J:\\Program Files\\iTunes\\iTunes.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;J:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-03 21:30]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;J:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-03 21:30]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-04 09:32:56 J:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- J:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 15:00:30
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: J:\WINDOWS\system32\winlogon.exe
-> J:\WINDOWS\system32\guard32.dll
PROCESS: J:\WINDOWS\system32\lsass.exe
-> J:\WINDOWS\system32\guard32.dll
.
Temps d'accomplissement: 2008-07-08 15:01:21
ComboFix-quarantined-files.txt 2008-07-08 13:01:04
Pre-Run: 182,377,123,840 octets libres
Post-Run: 183,182,532,608 octets libres
177 --- E O F --- 2008-06-30 21:45:27
Les "Virus Alert" semblent avoir disparu et j'ai à nouveau accès au gestionnaire des tâches, ce qui n'était pas possible avant...
Je fais un scan Antivir et Hijackthis.
Je n'utilise pas IE... Pourquoi dois-je le mettre à jour?
ComboFix 08-07-07.3 - pascal 2008-07-08 14:59:05.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.656 [GMT 2:00]
Endroit: J:\Documents and Settings\pascal\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-08 to 2008-07-08 ))))))))))))))))))))))))))))))))))))
.
2008-07-08 13:54 . 2008-07-08 13:54 <REP> d-------- J:\WINDOWS\ERUNT
2008-07-08 13:47 . 2008-07-08 13:47 <REP> d-------- J:\SDFix
2008-07-08 11:18 . 2008-07-08 11:18 <REP> d-------- J:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-07-08 11:09 . 2008-07-08 11:09 <REP> d-------- J:\Program Files\Malwarebytes' Anti-Malware
2008-07-08 11:09 . 2008-07-08 11:09 <REP> d-------- J:\Documents and Settings\pascal\Application Data\Malwarebytes
2008-07-08 11:09 . 2008-07-08 11:09 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-08 11:09 . 2008-07-07 17:35 34,296 --a------ J:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-08 11:09 . 2008-07-07 17:35 17,144 --a------ J:\WINDOWS\system32\drivers\mbam.sys
2008-07-04 19:13 . 2008-07-04 19:21 664 --a------ J:\WINDOWS\system32\d3d9caps.dat
2008-07-04 19:01 . 2008-07-08 13:42 <REP> d-------- J:\Program Files\a-squared Anti-Malware
2008-07-04 18:42 . 2008-07-04 18:42 <REP> d-------- J:\Documents and Settings\pascal\Application Data\Grisoft
2008-07-04 18:41 . 2008-07-04 18:41 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-04 18:41 . 2007-05-30 14:10 10,872 --a------ J:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-04 18:33 . 2008-06-29 20:54 <REP> d--h----- J:\Documents and Settings\Administrateur\Voisinage réseau
2008-07-04 18:33 . 2008-06-29 20:54 <REP> d--h----- J:\Documents and Settings\Administrateur\Voisinage d'impression
2008-07-04 18:33 . 2008-06-29 19:12 <REP> d--h----- J:\Documents and Settings\Administrateur\Modèles
2008-07-04 18:33 . 2008-06-29 20:54 <REP> d-------- J:\Documents and Settings\Administrateur\Mes documents
2008-07-04 18:33 . 2008-06-29 20:54 <REP> dr------- J:\Documents and Settings\Administrateur\Menu Démarrer
2008-07-04 18:33 . 2008-06-29 20:54 <REP> d-------- J:\Documents and Settings\Administrateur\Favoris
2008-07-04 18:33 . 2008-07-08 15:00 <REP> d-------- J:\Documents and Settings\Administrateur\Bureau
2008-07-04 18:33 . 2008-07-04 18:34 <REP> d-------- J:\Documents and Settings\Administrateur
2008-07-04 18:29 . 2008-07-04 18:35 1,160 --a------ J:\WINDOWS\system32\tmp.reg
2008-07-04 14:03 . 2008-07-04 14:48 388 --a------ J:\WINDOWS\wininit.ini
2008-07-04 13:32 . 2008-07-04 13:32 <REP> d-------- J:\Program Files\LETMIN
2008-07-04 13:32 . 2008-07-04 13:32 <REP> d-------- J:\Program Files\Icone
2008-07-04 13:17 . 2008-07-04 13:17 <REP> d-------- J:\Program Files\Spybot - Search & Destroy
2008-07-04 13:17 . 2008-07-04 14:04 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 11:34 . 2008-07-04 11:34 <REP> d-------- J:\Program Files\iTunes
2008-07-04 11:34 . 2008-07-04 11:34 <REP> d-------- J:\Program Files\iPod
2008-07-04 11:34 . 2008-07-04 11:34 <REP> d-------- J:\Documents and Settings\pascal\Application Data\Apple Computer
2008-07-04 11:33 . 2008-07-04 11:33 <REP> d-------- J:\Program Files\QuickTime
2008-07-04 11:33 . 2008-07-04 11:34 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-04 11:32 . 2008-07-04 11:32 <REP> d-------- J:\Program Files\Fichiers communs\Apple
2008-07-04 11:32 . 2008-07-04 11:32 <REP> d-------- J:\Program Files\Apple Software Update
2008-07-04 11:32 . 2008-07-04 11:32 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Apple
2008-07-04 11:32 . 2008-02-18 11:16 30,464 --a------ J:\WINDOWS\system32\drivers\usbaapl.sys
2008-07-03 21:30 . 2008-07-03 21:30 <REP> d-------- J:\Program Files\COMODO
2008-07-03 21:30 . 2008-07-03 21:30 <REP> d-------- J:\Documents and Settings\pascal\Application Data\Comodo
2008-07-03 21:30 . 2008-07-04 00:09 <REP> d-------- J:\Documents and Settings\All Users\Application Data\comodo
2008-07-03 21:30 . 2008-07-03 21:30 139,008 --a------ J:\WINDOWS\system32\guard32.dll
2008-07-03 21:30 . 2008-07-03 21:30 79,096 --a------ J:\WINDOWS\system32\drivers\cmdGuard.sys
2008-07-03 21:30 . 2008-07-03 21:30 23,672 --a------ J:\WINDOWS\system32\drivers\cmdhlp.sys
2008-07-03 21:18 . 2008-07-08 11:13 <REP> d-------- J:\Documents and Settings\pascal\Application Data\uTorrent
2008-07-03 21:17 . 2008-07-03 21:18 <REP> d-------- J:\Program Files\uTorrent
2008-07-01 14:48 . 2008-07-01 14:48 <REP> d-------- J:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-01 14:03 . 2008-07-04 11:33 <REP> d-------- J:\Program Files\Bonjour
2008-07-01 13:56 . 2008-07-01 13:56 <REP> d-------- J:\Program Files\Fichiers communs\Macrovision Shared
2008-07-01 13:55 . 2008-07-01 14:03 <REP> d-------- J:\Program Files\Fichiers communs\Adobe
2008-07-01 10:55 . 2006-10-05 04:42 2,560 --------- J:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-01 10:55 . 2006-10-05 04:42 2,432 --------- J:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-01 10:54 . 2008-07-01 10:55 <REP> d-------- J:\Program Files\Picasa2
2008-07-01 10:54 . 2008-07-01 10:54 <REP> d-------- J:\Program Files\Google
2008-07-01 10:47 . 2008-07-08 11:05 <REP> d-------- J:\~~Marine Docs
2008-06-30 22:30 . 2008-06-30 22:30 <REP> d-------- J:\Documents and Settings\pascal\Application Data\Media Player Classic
2008-06-30 22:27 . 2008-06-30 22:27 <REP> d-------- J:\Program Files\K-Lite Codec Pack
2008-06-30 22:27 . 2008-06-30 22:27 <REP> d-------- J:\Program Files\Astonsoft
2008-06-30 22:27 . 2008-06-30 22:32 <REP> d-------- J:\Documents and Settings\pascal\Application Data\DeepBurner
2008-06-30 15:06 . 2007-07-30 19:19 271,224 --a------ J:\WINDOWS\system32\mucltui.dll
2008-06-30 15:06 . 2007-07-30 19:19 207,736 --a------ J:\WINDOWS\system32\muweb.dll
2008-06-30 15:06 . 2007-07-30 19:18 30,072 --a------ J:\WINDOWS\system32\mucltui.dll.mui
2008-06-30 14:11 . 2008-07-05 13:08 <REP> d-------- J:\Program Files\eMule
2008-06-30 14:05 . 2008-07-04 03:51 <REP> d-------- J:\Program Files\LimeWire
2008-06-30 14:05 . 2008-07-04 11:49 <REP> d-------- J:\Documents and Settings\pascal\Application Data\LimeWire
2008-06-30 11:50 . 2008-02-22 02:33 69,632 --a------ J:\WINDOWS\system32\javacpl.cpl
2008-06-30 11:36 . 2008-07-03 19:35 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-30 11:33 . 2008-06-30 11:33 <REP> d-------- J:\Program Files\Messenger Plus! Live
2008-06-30 11:33 . 2008-06-30 11:33 <REP> d---s---- J:\Documents and Settings\pascal\UserData
2008-06-30 11:26 . 2008-07-04 11:32 <REP> d----c--- J:\WINDOWS\system32\DRVSTORE
2008-06-30 11:26 . 2008-06-30 11:33 <REP> d-------- J:\Documents and Settings\pascal\Contacts
2008-06-30 11:17 . 2008-06-30 11:31 <REP> d-------- J:\Program Files\Windows Live
2008-06-30 11:17 . 2008-06-30 11:23 <REP> d--hsc--- J:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-06-30 11:16 . 2008-06-30 11:16 <REP> d-------- J:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-30 11:07 . 2008-06-30 11:07 <REP> d-------- J:\Program Files\Avira
2008-06-30 11:07 . 2008-06-30 11:07 <REP> d-------- J:\Documents and Settings\All Users\Application Data\Avira
2008-06-30 11:04 . 2008-07-01 14:15 <REP> d-------- J:\~~PHOTOS D70
2008-06-30 11:04 . 2008-06-30 11:04 8,192 --ahs---- J:\WINDOWS\Thumbs.db
2008-06-30 10:48 . 2008-06-30 10:48 <REP> d-------- J:\Program Files\DNA
2008-06-30 10:48 . 2008-06-30 10:48 <REP> d-------- J:\Program Files\BitTorrent
2008-06-30 10:48 . 2008-07-08 13:37 <REP> d-------- J:\Documents and Settings\pascal\Application Data\DNA
2008-06-30 10:48 . 2008-07-06 15:21 <REP> d-------- J:\Documents and Settings\pascal\Application Data\BitTorrent
2008-06-30 10:45 . 2008-06-30 10:45 0 --a------ J:\WINDOWS\nsreg.dat
2008-06-30 09:08 . 2008-06-14 19:59 272,768 --------- J:\WINDOWS\system32\drivers\bthport.sys
2008-06-30 09:08 . 2008-06-14 19:59 272,768 -----c--- J:\WINDOWS\system32\dllcache\bthport.sys
2008-06-30 09:03 . 2007-02-28 18:08 2,184,192 -----c--- J:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-06-30 09:03 . 2007-02-28 18:08 2,139,648 -----c--- J:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-06-30 09:03 . 2007-02-28 18:08 2,019,328 -----c--- J:\WINDOWS\system32\dllcache\ntkrpamp.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-30 09:50 --------- d-----w J:\Program Files\Java
2008-06-29 18:55 9,388 ----a-w J:\WINDOWS\system32\drivers\iaStor.PNF
2008-06-29 18:55 7,280 ----a-w J:\WINDOWS\system32\drivers\viamraid.PNF
2008-06-29 18:55 63,240 ----a-w J:\WINDOWS\system32\drivers\Si3112r.PNF
2008-06-29 18:55 6,984 ----a-w J:\WINDOWS\system32\drivers\SiSRaid.PNF
2008-06-29 18:55 20,152 ----a-w J:\WINDOWS\system32\drivers\INFCACHE.1
2008-06-29 18:55 12,432 ----a-w J:\WINDOWS\system32\drivers\adpu320.PNF
2008-06-29 18:55 12,204 ----a-w J:\WINDOWS\system32\drivers\nvraid.PNF
2008-06-29 18:55 10,828 ----a-w J:\WINDOWS\system32\drivers\iaAHCI.PNF
2008-06-29 18:50 --------- d-----w J:\Documents and Settings\pascal\Application Data\MSNInstaller
2008-06-29 17:23 --------- d-----w J:\Program Files\microsoft frontpage
2008-06-29 17:21 --------- d-----w J:\Program Files\Fichiers communs\Java
2008-06-29 17:15 --------- d-----w J:\Program Files\Services en ligne
2008-05-08 12:28 202,752 ----a-w J:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w J:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 663,552 ----a-w J:\WINDOWS\system32\wininet.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avgnt"="J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"COMODO Firewall Pro"="J:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-03 21:30 1481984]
"QuickTime Task"="J:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"iTunesHelper"="J:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 11:13 267048]
"!AVG Anti-Spyware"="J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"a-squared"="J:\Program Files\a-squared Anti-Malware\a2guard.exe" [2008-07-08 13:42 2132112]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAShCut.exe" [2005-01-07 17:07 61952 J:\WINDOWS\system32\HdAShCut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="J:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= J:\WINDOWS\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"J:\\Program Files\\Messenger\\msmsgs.exe"=
"J:\\Program Files\\DNA\\btdna.exe"=
"J:\\Program Files\\BitTorrent\\bittorrent.exe"=
"J:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"J:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"J:\\Program Files\\eMule\\emule.exe"=
"J:\\Program Files\\uTorrent\\uTorrent.exe"=
"J:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"J:\\Program Files\\iTunes\\iTunes.exe"=
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;J:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-07-03 21:30]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;J:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-07-03 21:30]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-04 09:32:56 J:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- J:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 15:00:30
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: J:\WINDOWS\system32\winlogon.exe
-> J:\WINDOWS\system32\guard32.dll
PROCESS: J:\WINDOWS\system32\lsass.exe
-> J:\WINDOWS\system32\guard32.dll
.
Temps d'accomplissement: 2008-07-08 15:01:21
ComboFix-quarantined-files.txt 2008-07-08 13:01:04
Pre-Run: 182,377,123,840 octets libres
Post-Run: 183,182,532,608 octets libres
177 --- E O F --- 2008-06-30 21:45:27
Les "Virus Alert" semblent avoir disparu et j'ai à nouveau accès au gestionnaire des tâches, ce qui n'était pas possible avant...
Je fais un scan Antivir et Hijackthis.
Je n'utilise pas IE... Pourquoi dois-je le mettre à jour?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
8 juil. 2008 à 15:08
8 juil. 2008 à 15:08
il faut mettre ie a jour car windows n'utilise quelui pour se mettre a jour et de plus certains sites ne marchent qu'avec IE
Voici le rapport Avira :
Avira AntiVir Personal
Report file date: mardi 8 juillet 2008 15:04
Scanning for 1391314 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PRINCIPAL
Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 09:13:55
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 12:12:38
ANTIVIR3.VDF : 7.0.5.67 168448 Bytes 08/07/2008 12:12:31
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 03/07/2008 12:12:36
AESCN.DLL : 8.1.0.22 119157 Bytes 30/06/2008 09:14:29
AERDL.DLL : 8.1.0.20 418165 Bytes 30/06/2008 09:14:28
AEPACK.DLL : 8.1.1.6 364918 Bytes 30/06/2008 09:14:25
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 30/06/2008 09:14:22
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 03/07/2008 12:12:34
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/06/2008 09:14:06
AEGEN.DLL : 8.1.0.29 307573 Bytes 30/06/2008 09:14:05
AEEMU.DLL : 8.1.0.6 430451 Bytes 30/06/2008 09:14:03
AECORE.DLL : 8.1.0.32 168311 Bytes 03/07/2008 12:12:26
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: j:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, J:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 8 juillet 2008 15:04
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'J:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '16' files ).
Starting the file scan:
Begin scan in 'C:\' <FAT32MINUS>
Begin scan in 'J:\'
J:\pagefile.sys
[WARNING] The file could not be opened!
J:\Program Files\a-squared Anti-Malware\unins000.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.vmp
[NOTE] The file was deleted!
J:\System Volume Information\_restore{995A04C1-DDB3-4BF5-9557-209D5BAF7692}\RP17\A0007875.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.vgl
[NOTE] The file was deleted!
J:\System Volume Information\_restore{995A04C1-DDB3-4BF5-9557-209D5BAF7692}\RP17\A0008204.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.105
[NOTE] The file was deleted!
J:\System Volume Information\_restore{995A04C1-DDB3-4BF5-9557-209D5BAF7692}\RP18\A0008567.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.vmp
[NOTE] The file was deleted!
End of the scan: mardi 8 juillet 2008 15:30
Used time: 25:56 min
The scan has been done completely.
4935 Scanning directories
208517 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
208513 Files not concerned
1213 Archives were scanned
6 Warnings
4 Notes
Ainsi que le Hijackthis AVANT la mise à jour d'IE :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
J:\Program Files\a-squared Anti-Malware\a2service.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
J:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\Program Files\COMODO\Firewall\cmdagent.exe
J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Windows Live\Messenger\usnsvc.exe
J:\WINDOWS\explorer.exe
J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
J:\Program Files\COMODO\Firewall\cfp.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
J:\Program Files\Mozilla Firefox\firefox.exe
J:\WINDOWS\system32\svchost.exe
J:\Documents and Settings\pascal\Bureau\IE7-WindowsXP-x86-fra.exe
j:\5979495059bcf12226f8\update\iesetup.exe
J:\WINDOWS\system32\notepad.exe
J:\Documents and Settings\pascal\Bureau\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD} - (no file)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "J:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "J:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [SpybotSD TeaTimer] J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: J:\WINDOWS\system32\guard32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - J:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - J:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - J:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - J:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - J:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
Avira AntiVir Personal
Report file date: mardi 8 juillet 2008 15:04
Scanning for 1391314 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PRINCIPAL
Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 09:13:55
ANTIVIR2.VDF : 7.0.5.51 273408 Bytes 04/07/2008 12:12:38
ANTIVIR3.VDF : 7.0.5.67 168448 Bytes 08/07/2008 12:12:31
Engineversion : 8.1.0.64
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 03/07/2008 12:12:36
AESCN.DLL : 8.1.0.22 119157 Bytes 30/06/2008 09:14:29
AERDL.DLL : 8.1.0.20 418165 Bytes 30/06/2008 09:14:28
AEPACK.DLL : 8.1.1.6 364918 Bytes 30/06/2008 09:14:25
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 30/06/2008 09:14:22
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 03/07/2008 12:12:34
AEHELP.DLL : 8.1.0.15 115063 Bytes 30/06/2008 09:14:06
AEGEN.DLL : 8.1.0.29 307573 Bytes 30/06/2008 09:14:05
AEEMU.DLL : 8.1.0.6 430451 Bytes 30/06/2008 09:14:03
AECORE.DLL : 8.1.0.32 168311 Bytes 03/07/2008 12:12:26
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: j:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, J:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 8 juillet 2008 15:04
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'J:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '16' files ).
Starting the file scan:
Begin scan in 'C:\' <FAT32MINUS>
Begin scan in 'J:\'
J:\pagefile.sys
[WARNING] The file could not be opened!
J:\Program Files\a-squared Anti-Malware\unins000.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.vmp
[NOTE] The file was deleted!
J:\System Volume Information\_restore{995A04C1-DDB3-4BF5-9557-209D5BAF7692}\RP17\A0007875.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.vgl
[NOTE] The file was deleted!
J:\System Volume Information\_restore{995A04C1-DDB3-4BF5-9557-209D5BAF7692}\RP17\A0008204.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.105
[NOTE] The file was deleted!
J:\System Volume Information\_restore{995A04C1-DDB3-4BF5-9557-209D5BAF7692}\RP18\A0008567.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.vmp
[NOTE] The file was deleted!
End of the scan: mardi 8 juillet 2008 15:30
Used time: 25:56 min
The scan has been done completely.
4935 Scanning directories
208517 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
208513 Files not concerned
1213 Archives were scanned
6 Warnings
4 Notes
Ainsi que le Hijackthis AVANT la mise à jour d'IE :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31, on 08/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
J:\WINDOWS\System32\smss.exe
J:\WINDOWS\system32\winlogon.exe
J:\WINDOWS\system32\services.exe
J:\WINDOWS\system32\lsass.exe
J:\WINDOWS\system32\svchost.exe
J:\WINDOWS\System32\svchost.exe
J:\WINDOWS\system32\spoolsv.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
J:\Program Files\a-squared Anti-Malware\a2service.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
J:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
J:\Program Files\Bonjour\mDNSResponder.exe
J:\Program Files\COMODO\Firewall\cmdagent.exe
J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
J:\Program Files\iTunes\iTunesHelper.exe
J:\Program Files\iPod\bin\iPodService.exe
J:\WINDOWS\System32\svchost.exe
J:\Program Files\Windows Live\Messenger\usnsvc.exe
J:\WINDOWS\explorer.exe
J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
J:\Program Files\COMODO\Firewall\cfp.exe
J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
J:\Program Files\Mozilla Firefox\firefox.exe
J:\WINDOWS\system32\svchost.exe
J:\Documents and Settings\pascal\Bureau\IE7-WindowsXP-x86-fra.exe
j:\5979495059bcf12226f8\update\iesetup.exe
J:\WINDOWS\system32\notepad.exe
J:\Documents and Settings\pascal\Bureau\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD} - (no file)
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "J:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "J:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [a-squared] "J:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
O4 - HKCU\..\Run: [SpybotSD TeaTimer] J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - J:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - J:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - J:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: J:\WINDOWS\system32\guard32.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - J:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - J:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - J:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - J:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - J:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - J:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - J:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - J:\Program Files\iPod\bin\iPodService.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
8 juil. 2008 à 19:36
8 juil. 2008 à 19:36
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
________________________
pour virer ce que l'on t'a fais utiliser:
utilise tools cleaner:
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
_ç_____________
encore des soucis???
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MALWAREBYTE'S ANTIMALWARE + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
rq: mettre a jour internet explorer et windows (le sp3 et internet explorer 7)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {EC77EAFC-62D0-42B4-B2FB-64D6B18C5BDD} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "J:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "J:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "J:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "J:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] J:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
________________________
pour virer ce que l'on t'a fais utiliser:
utilise tools cleaner:
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
_ç_____________
encore des soucis???
pour protéger gratos ton ordi
http://www.commentcamarche.net/telecharger/logiciel 4 securite
mettre un antivirus
AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MALWAREBYTE'S ANTIMALWARE + SPYBOT
+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...
Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm
-----------
CCLEANER pour effacer les traces de surf
rq: mettre a jour internet explorer et windows (le sp3 et internet explorer 7)
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
9 juil. 2008 à 14:12
9 juil. 2008 à 14:12
ok pour finir
désactive ta restauration comme ceci
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020830101856924
puis redemarre ton ordi
puis réactive la
bonne continuation
désactive ta restauration comme ceci
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fdocid/20020830101856924
puis redemarre ton ordi
puis réactive la
bonne continuation
guitou429
Messages postés
198
Date d'inscription
jeudi 22 novembre 2007
Statut
Membre
Dernière intervention
17 septembre 2012
17
9 juil. 2008 à 14:13
9 juil. 2008 à 14:13
Mr blonde de Darnetal ?
8 juil. 2008 à 14:52
[b]SDFix: Version 1.203 [/b]
Run by Administrateur on 08/07/2008 at 13:58
Microsoft Windows XP [version 5.1.2600]
Running From: J:\SDFix\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
No Trojan Files Found
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-08 14:04:37
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000004b
"TracesSuccessful"=dword:00000021
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"J:\\Program Files\\Messenger\\msmsgs.exe"="J:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"J:\\Program Files\\DNA\\btdna.exe"="J:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"J:\\Program Files\\BitTorrent\\bittorrent.exe"="J:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"J:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="J:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"J:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="J:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"J:\\Program Files\\eMule\\emule.exe"="J:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"J:\\Program Files\\uTorrent\\uTorrent.exe"="J:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"J:\\Program Files\\Bonjour\\mDNSResponder.exe"="J:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"J:\\Program Files\\iTunes\\iTunes.exe"="J:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"J:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="J:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"J:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="J:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - J:\SDFix\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Tue 1 Jul 2008 6,104,632 A..H. --- "J:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "J:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "J:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "J:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 29 Jun 2008 848,264 A..H. --- "J:\WINDOWS\SoftwareDistribution\Download\813a989071c1720c8fca52f421b7b9e5\BIT2E.tmp"
Mon 30 Jun 2008 3,010,560 A..H. --- "J:\Documents and Settings\pascal\Local Settings\Temp\dotnetfx3521022.08\1033\dotnetfx20\BIT16E.tmp"
[b]Finished![/b]