luminy

Membres

Afficher le profil Afficher son activité

Compteur de contenus
7
Inscription
le 14 janvier 2007
Dernière visite
le 22 juillet 2010

luminy's Achievements

Junior Member (3/12)

Réputation sur la communauté

virus

luminy a répondu à un(e) sujet de luminy dans Analyses et éradication malwares

Bonjour, le nécessaire est fait, voici le dernier rapport hijackthis. ************************************************************************************************************* ************************************************************************************************************* ************************************************************************************************************* Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:30:12, on 22/07/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\cpqapps\Aclient\Aclient.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\cpqapps\Aclient\AClntUsr.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe C:\WINDOWS\System32\WScript.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\System32\WScript.exe C:\Documents and Settings\dalila.souami\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP® - Laptops, Desktop, Printers, Servers, and more R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Kubernesis infected R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe O4 - HKLM\..\Run: [AClntUsr] c:\cpqapps\Aclient\AClntUsr.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" O4 - HKLM\..\Run: [winlogon.dll] C:\WINDOWS\winlogon.dll.vbe O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\winlogon.vbe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\dalila.souami\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: winlogon.vbe O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = webcom.com O17 - HKLM\Software\..\Telephony: DomainName = webcom.com O17 - HKLM\System\CCS\Services\Tcpip\..\{639BD4B2-5DDB-4B21-BA4E-9951E5CFE057}: NameServer = 80.246.0.2,80.246.0.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = webcom.com O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0FO\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0FO\kloehk.dll O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - c:\cpqapps\Aclient\Aclient.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: ManageEngineOpManagerApache - Apache Software Foundation - C:\Program Files\Adverts\OpManager\conf\backup\OpManager\apache\bin\Apache.exe O23 - Service: ManageEngine OpManager (OpManager) - Unknown owner - C:\Program Files\Adverts\OpManager\conf\backup\OpManager\wrapper.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O24 - Desktop Component 0: (no name) - http://syndication.multimania.lycos.fr/resources/img/webbuilder/templates/empty.gif -- End of file - 7989 bytes ************************************************************************************************************* ************************************************************************************************************* ************************************************************************************************************* merci
- le 22 juillet 2010
- 5 réponses
virus

luminy a répondu à un(e) sujet de luminy dans Analyses et éradication malwares

Bonjour, en premier lieu merci pour votre précieuse aide: voici le premier rapport généré avec l'option 1: ************************************************************************************************************ --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.20GHz ) BIOS : Default System BIOS USER : dalila.souami ( Not Administrator ! ) BOOT : Normal boot Antivirus : Kaspersky Anti-Virus 6.0.4.1212 (Activated) Firewall : Kaspersky Anti-Virus 6.0.4.1212 (Activated) C:\ (Local Disk) - NTFS - Total:31 Go (Free:7 Go) D:\ (CD or DVD) F:\ (Local Disk) - NTFS - Total:42 Go (Free:26 Go) Z:\ (Network Disk) - NTFS - Total:136 Go (Free:130 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 22/07/2010| 9:21 ) --------------------\\ Listing des dossiers dans APPLIC~1 [26/09/2006|14:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe [26/09/2006|15:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM [10/10/2006|18:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ethereal [27/09/2006|17:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google [10/06/2006|13:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [01/10/2006|16:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia [26/09/2006|14:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [19/07/2006|10:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real [01/10/2006|18:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype [10/06/2006|13:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun [10/06/2006|13:12] C:\DOCUME~1\ADMINI~1.WEB\APPLIC~1\Identities [26/07/2006|10:19] C:\DOCUME~1\ADMINI~1.WEB\APPLIC~1\Microsoft [26/07/2006|10:17] C:\DOCUME~1\ADMINI~1.WEB\APPLIC~1\Real [10/06/2006|13:19] C:\DOCUME~1\ADMINI~1.WEB\APPLIC~1\Sun [10/06/2006|13:12] C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Identities [08/10/2006|13:17] C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Microsoft [08/10/2006|13:04] C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Real [10/06/2006|13:19] C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Sun [27/10/2007|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [22/07/2010|08:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab [19/07/2006|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [16/09/2009|16:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [11/02/2010|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [10/03/2010|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real [03/05/2010|13:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sage [21/12/2006|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [06/07/2008|17:45] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Adobe [08/01/2008|13:20] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\AdobeUM [07/12/2006|15:12] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Help [10/06/2006|13:12] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Identities [10/10/2006|10:43] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Macromedia [19/07/2010|14:28] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Microsoft [16/08/2008|17:26] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Real [03/05/2010|13:46] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Sage [29/11/2006|13:22] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Skype [10/06/2006|13:19] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Sun [10/06/2006|13:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [10/06/2006|13:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [10/06/2006|13:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun [10/06/2006|13:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [19/07/2006|16:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [10/06/2006|13:12] C:\DOCUME~1\samira\APPLIC~1\Identities [10/06/2006|13:12] C:\DOCUME~1\samira\APPLIC~1\Microsoft [08/10/2006|13:31] C:\DOCUME~1\samira\APPLIC~1\Real [10/06/2006|13:19] C:\DOCUME~1\samira\APPLIC~1\Sun [10/06/2006|13:12] C:\DOCUME~1\SAMIRA~1.DAG\APPLIC~1\Identities [26/07/2006|11:47] C:\DOCUME~1\SAMIRA~1.DAG\APPLIC~1\Microsoft [26/07/2006|10:46] C:\DOCUME~1\SAMIRA~1.DAG\APPLIC~1\Real [10/06/2006|13:19] C:\DOCUME~1\SAMIRA~1.DAG\APPLIC~1\Sun [02/10/2006|13:23] C:\DOCUME~1\webcom\APPLIC~1\Adobe [10/06/2006|13:12] C:\DOCUME~1\webcom\APPLIC~1\Identities [02/10/2006|14:43] C:\DOCUME~1\webcom\APPLIC~1\Macromedia [03/10/2006|09:59] C:\DOCUME~1\webcom\APPLIC~1\Microsoft [20/09/2006|15:47] C:\DOCUME~1\webcom\APPLIC~1\Real [01/10/2006|16:18] C:\DOCUME~1\webcom\APPLIC~1\Skype [10/06/2006|13:19] C:\DOCUME~1\webcom\APPLIC~1\Sun --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [22/07/2010 08:11][--ah-----] C:\WINDOWS\tasks\SA.DAT [04/08/2004 19:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ MsgPlus SPONSOR INSTALLED ! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MsgPlus! Plugin] "DisplayName"="Messenger Plus! 3 & Sponsor" "SponsorInstalled"=dword:00000001 --------------------\\ Listing des dossiers dans C:\Program Files [26/09/2006|14:29] C:\Program Files\Adobe [28/09/2006|12:21] C:\Program Files\AdventNet [21/03/2007|15:06] C:\Program Files\Adverts [14/06/2006|14:54] C:\Program Files\Altiris [10/06/2006|13:19] C:\Program Files\Analog Devices [26/09/2006|13:53] C:\Program Files\CDP Monitor [03/05/2010|13:43] C:\Program Files\Common Files [10/06/2006|13:20] C:\Program Files\Compaq [10/06/2006|13:12] C:\Program Files\ComPlus Applications [04/11/2009|12:17] C:\Program Files\DLG [03/05/2010|13:40] C:\Program Files\Fichiers communs [27/09/2006|17:06] C:\Program Files\Google [10/06/2006|13:22] C:\Program Files\Hewlett-Packard [01/02/2010|11:04] C:\Program Files\HP [10/06/2006|13:20] C:\Program Files\HPQ [14/07/2010|09:28] C:\Program Files\InstallShield Installation Information [03/03/2010|11:15] C:\Program Files\Internet Explorer [10/06/2006|13:20] C:\Program Files\InterVideo [10/06/2006|13:19] C:\Program Files\Java [14/03/2010|12:14] C:\Program Files\Kaspersky Lab [01/08/2006|15:47] C:\Program Files\Lavasoft [03/05/2010|13:42] C:\Program Files\Ligne 100 Edition Pilotee [26/09/2006|14:23] C:\Program Files\LUTEUS [03/05/2010|13:40] C:\Program Files\Maestria [13/05/2009|12:51] C:\Program Files\Messenger [27/09/2006|17:23] C:\Program Files\MessengerPlus! 3 [08/08/2007|17:09] C:\Program Files\Micro Application [28/09/2009|17:14] C:\Program Files\Microsoft [10/06/2006|13:12] C:\Program Files\microsoft frontpage [07/07/2009|16:27] C:\Program Files\Microsoft Office [18/07/2006|12:38] C:\Program Files\Microsoft Visual Studio [30/11/2009|09:30] C:\Program Files\Microsoft Works [07/07/2009|16:26] C:\Program Files\Microsoft.NET [11/03/2010|10:05] C:\Program Files\Movie Maker [07/07/2009|16:28] C:\Program Files\MSBuild [11/06/2006|15:09] C:\Program Files\MSN [10/06/2006|13:12] C:\Program Files\MSN Gaming Zone [13/05/2009|12:34] C:\Program Files\NetMeeting [10/10/2006|18:36] C:\Program Files\Network Chemistry [10/06/2006|13:12] C:\Program Files\Online Services [13/05/2010|07:21] C:\Program Files\Outlook Express [10/10/2006|12:35] C:\Program Files\PRTG Traffic Grapher [10/06/2006|14:37] C:\Program Files\Raccourcis de programmes [03/06/2008|13:07] C:\Program Files\Real [03/05/2010|13:46] C:\Program Files\Sage [10/06/2006|13:12] C:\Program Files\Services en ligne [27/09/2006|17:27] C:\Program Files\Skype [21/07/2010|16:06] C:\Program Files\Trend Micro [10/06/2006|13:12] C:\Program Files\Uninstall Information [28/09/2009|17:14] C:\Program Files\Windows Live [28/09/2009|17:13] C:\Program Files\Windows Live SkyDrive [13/05/2009|12:38] C:\Program Files\Windows Media Player [13/05/2009|12:34] C:\Program Files\Windows NT [10/06/2006|13:12] C:\Program Files\WindowsUpdate [26/09/2006|13:49] C:\Program Files\WinPcap [19/07/2006|10:33] C:\Program Files\WinRAR [10/06/2006|13:12] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [27/10/2007|10:04] C:\Program Files\Fichiers communs\Adobe [07/07/2009|16:27] C:\Program Files\Fichiers communs\DESIGNER [06/11/2007|17:32] C:\Program Files\Fichiers communs\InstallShield [10/06/2006|13:19] C:\Program Files\Fichiers communs\Java [06/11/2007|17:30] C:\Program Files\Fichiers communs\KAV Shared Files [30/11/2009|09:31] C:\Program Files\Fichiers communs\Microsoft Shared [10/06/2006|13:12] C:\Program Files\Fichiers communs\MSSoap [10/06/2006|13:12] C:\Program Files\Fichiers communs\ODBC [19/07/2006|10:32] C:\Program Files\Fichiers communs\Real [03/05/2010|13:46] C:\Program Files\Fichiers communs\SAGE [10/06/2006|13:12] C:\Program Files\Fichiers communs\Services [10/06/2006|13:12] C:\Program Files\Fichiers communs\SpeechEngines [30/11/2009|09:28] C:\Program Files\Fichiers communs\System [16/09/2009|16:00] C:\Program Files\Fichiers communs\Windows Live [19/07/2006|10:32] C:\Program Files\Fichiers communs\xing shared --------------------\\ Process ( 38 Processes ) MsgPlus.exe ~ [PID:1696] --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\Program Files\Adverts C:\Program Files\Adverts\OpManager C:\DOCUME~1\DALILA~1.SOU\Cookies\dalila.souami@advertising[2].txt --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-22 09:24:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 153 --------------------\\ Recherche d'autres infections C:\WINDOWS\Pack.epk ==> EGDACCESS <== [F:829][D:38]-> C:\DOCUME~1\DALILA~1.SOU\LOCALS~1\Temp [F:518][D:0]-> C:\DOCUME~1\DALILA~1.SOU\Cookies [F:16010][D:18]-> C:\DOCUME~1\DALILA~1.SOU\LOCALS~1\TEMPOR~1\content.IE5 [F:2][D:0]-> C:\Recycled 1 - "C:\Lop SD\LopR_1.txt" - 22/07/2010| 9:25 - Option : [1] --------------------\\ Fin du rapport a 9:25:33 ************************************************************************************************************ ************************************************************************************************************ ************************************************************************************************************ ************************************************************************************************************ ************************************************************************************************************ et voici le deuxième avec l'option 2 ************************************************************************************************************ --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 3.20GHz ) BIOS : Default System BIOS USER : dalila.souami ( Not Administrator ! ) BOOT : Normal boot Antivirus : Kaspersky Anti-Virus 6.0.4.1212 (Activated) Firewall : Kaspersky Anti-Virus 6.0.4.1212 (Activated) C:\ (Local Disk) - NTFS - Total:31 Go (Free:7 Go) D:\ (CD or DVD) F:\ (Local Disk) - NTFS - Total:42 Go (Free:26 Go) Z:\ (Network Disk) - NTFS - Total:136 Go (Free:130 Go) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 22/07/2010| 9:26 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Echec ! - C:\Program Files\Adverts\OpManager Supprime! - C:\DOCUME~1\DALILA~1.SOU\Cookies\dalila.souami@advertising[2].txt Echec ! - C:\Program Files\Adverts \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE Echec ! - C:\Program Files\Adverts\OpManager Echec ! - C:\Program Files\Adverts \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [26/09/2006|14:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Adobe [26/09/2006|15:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\AdobeUM [10/10/2006|18:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Ethereal [27/09/2006|17:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\Google [10/06/2006|13:12] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [01/10/2006|16:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia [26/09/2006|14:22] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [19/07/2006|10:33] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real [01/10/2006|18:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Skype [10/06/2006|13:19] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun [10/06/2006|13:12] C:\DOCUME~1\ADMINI~1.WEB\APPLIC~1\Identities [26/07/2006|10:19] C:\DOCUME~1\ADMINI~1.WEB\APPLIC~1\Microsoft [26/07/2006|10:17] C:\DOCUME~1\ADMINI~1.WEB\APPLIC~1\Real [10/06/2006|13:19] C:\DOCUME~1\ADMINI~1.WEB\APPLIC~1\Sun [10/06/2006|13:12] C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Identities [08/10/2006|13:17] C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Microsoft [08/10/2006|13:04] C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Real [10/06/2006|13:19] C:\DOCUME~1\ADMINI~1.000\APPLIC~1\Sun [27/10/2007|10:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [22/07/2010|08:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab [19/07/2006|11:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [16/09/2009|16:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [11/02/2010|09:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help [10/03/2010|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real [03/05/2010|13:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sage [21/12/2006|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [06/07/2008|17:45] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Adobe [08/01/2008|13:20] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\AdobeUM [07/12/2006|15:12] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Help [10/06/2006|13:12] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Identities [10/10/2006|10:43] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Macromedia [19/07/2010|14:28] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Microsoft [16/08/2008|17:26] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Real [03/05/2010|13:46] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Sage [29/11/2006|13:22] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Skype [10/06/2006|13:19] C:\DOCUME~1\DALILA~1.SOU\APPLIC~1\Sun [10/06/2006|13:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [10/06/2006|13:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [10/06/2006|13:19] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun [10/06/2006|13:12] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [19/07/2006|16:04] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [10/06/2006|13:12] C:\DOCUME~1\samira\APPLIC~1\Identities [10/06/2006|13:12] C:\DOCUME~1\samira\APPLIC~1\Microsoft [08/10/2006|13:31] C:\DOCUME~1\samira\APPLIC~1\Real [10/06/2006|13:19] C:\DOCUME~1\samira\APPLIC~1\Sun [10/06/2006|13:12] C:\DOCUME~1\SAMIRA~1.DAG\APPLIC~1\Identities [26/07/2006|11:47] C:\DOCUME~1\SAMIRA~1.DAG\APPLIC~1\Microsoft [26/07/2006|10:46] C:\DOCUME~1\SAMIRA~1.DAG\APPLIC~1\Real [10/06/2006|13:19] C:\DOCUME~1\SAMIRA~1.DAG\APPLIC~1\Sun [02/10/2006|13:23] C:\DOCUME~1\webcom\APPLIC~1\Adobe [10/06/2006|13:12] C:\DOCUME~1\webcom\APPLIC~1\Identities [02/10/2006|14:43] C:\DOCUME~1\webcom\APPLIC~1\Macromedia [03/10/2006|09:59] C:\DOCUME~1\webcom\APPLIC~1\Microsoft [20/09/2006|15:47] C:\DOCUME~1\webcom\APPLIC~1\Real [01/10/2006|16:18] C:\DOCUME~1\webcom\APPLIC~1\Skype [10/06/2006|13:19] C:\DOCUME~1\webcom\APPLIC~1\Sun --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [22/07/2010 08:11][--ah-----] C:\WINDOWS\tasks\SA.DAT [04/08/2004 19:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [26/09/2006|14:29] C:\Program Files\Adobe [28/09/2006|12:21] C:\Program Files\AdventNet [21/03/2007|15:06] C:\Program Files\Adverts [14/06/2006|14:54] C:\Program Files\Altiris [10/06/2006|13:19] C:\Program Files\Analog Devices [26/09/2006|13:53] C:\Program Files\CDP Monitor [03/05/2010|13:43] C:\Program Files\Common Files [10/06/2006|13:20] C:\Program Files\Compaq [10/06/2006|13:12] C:\Program Files\ComPlus Applications [04/11/2009|12:17] C:\Program Files\DLG [03/05/2010|13:40] C:\Program Files\Fichiers communs [27/09/2006|17:06] C:\Program Files\Google [10/06/2006|13:22] C:\Program Files\Hewlett-Packard [01/02/2010|11:04] C:\Program Files\HP [10/06/2006|13:20] C:\Program Files\HPQ [14/07/2010|09:28] C:\Program Files\InstallShield Installation Information [03/03/2010|11:15] C:\Program Files\Internet Explorer [10/06/2006|13:20] C:\Program Files\InterVideo [10/06/2006|13:19] C:\Program Files\Java [14/03/2010|12:14] C:\Program Files\Kaspersky Lab [01/08/2006|15:47] C:\Program Files\Lavasoft [03/05/2010|13:42] C:\Program Files\Ligne 100 Edition Pilotee [26/09/2006|14:23] C:\Program Files\LUTEUS [03/05/2010|13:40] C:\Program Files\Maestria [13/05/2009|12:51] C:\Program Files\Messenger [27/09/2006|17:23] C:\Program Files\MessengerPlus! 3 [08/08/2007|17:09] C:\Program Files\Micro Application [28/09/2009|17:14] C:\Program Files\Microsoft [10/06/2006|13:12] C:\Program Files\microsoft frontpage [07/07/2009|16:27] C:\Program Files\Microsoft Office [18/07/2006|12:38] C:\Program Files\Microsoft Visual Studio [30/11/2009|09:30] C:\Program Files\Microsoft Works [07/07/2009|16:26] C:\Program Files\Microsoft.NET [11/03/2010|10:05] C:\Program Files\Movie Maker [07/07/2009|16:28] C:\Program Files\MSBuild [11/06/2006|15:09] C:\Program Files\MSN [10/06/2006|13:12] C:\Program Files\MSN Gaming Zone [13/05/2009|12:34] C:\Program Files\NetMeeting [10/10/2006|18:36] C:\Program Files\Network Chemistry [10/06/2006|13:12] C:\Program Files\Online Services [13/05/2010|07:21] C:\Program Files\Outlook Express [10/10/2006|12:35] C:\Program Files\PRTG Traffic Grapher [10/06/2006|14:37] C:\Program Files\Raccourcis de programmes [03/06/2008|13:07] C:\Program Files\Real [03/05/2010|13:46] C:\Program Files\Sage [10/06/2006|13:12] C:\Program Files\Services en ligne [27/09/2006|17:27] C:\Program Files\Skype [21/07/2010|16:06] C:\Program Files\Trend Micro [10/06/2006|13:12] C:\Program Files\Uninstall Information [28/09/2009|17:14] C:\Program Files\Windows Live [28/09/2009|17:13] C:\Program Files\Windows Live SkyDrive [13/05/2009|12:38] C:\Program Files\Windows Media Player [13/05/2009|12:34] C:\Program Files\Windows NT [10/06/2006|13:12] C:\Program Files\WindowsUpdate [26/09/2006|13:49] C:\Program Files\WinPcap [19/07/2006|10:33] C:\Program Files\WinRAR [10/06/2006|13:12] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [27/10/2007|10:04] C:\Program Files\Fichiers communs\Adobe [07/07/2009|16:27] C:\Program Files\Fichiers communs\DESIGNER [06/11/2007|17:32] C:\Program Files\Fichiers communs\InstallShield [10/06/2006|13:19] C:\Program Files\Fichiers communs\Java [06/11/2007|17:30] C:\Program Files\Fichiers communs\KAV Shared Files [30/11/2009|09:31] C:\Program Files\Fichiers communs\Microsoft Shared [10/06/2006|13:12] C:\Program Files\Fichiers communs\MSSoap [10/06/2006|13:12] C:\Program Files\Fichiers communs\ODBC [19/07/2006|10:32] C:\Program Files\Fichiers communs\Real [03/05/2010|13:46] C:\Program Files\Fichiers communs\SAGE [10/06/2006|13:12] C:\Program Files\Fichiers communs\Services [10/06/2006|13:12] C:\Program Files\Fichiers communs\SpeechEngines [30/11/2009|09:28] C:\Program Files\Fichiers communs\System [16/09/2009|16:00] C:\Program Files\Fichiers communs\Windows Live [19/07/2006|10:32] C:\Program Files\Fichiers communs\xing shared --------------------\\ Process ( 39 Processes ) MsgPlus.exe ~ [PID:1696] --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\Program Files\Adverts C:\Program Files\Adverts\OpManager --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2010-07-22 09:29:05 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 153 --------------------\\ Recherche d'autres infections C:\WINDOWS\Pack.epk ==> EGDACCESS <== [F:829][D:38]-> C:\DOCUME~1\DALILA~1.SOU\LOCALS~1\Temp [F:517][D:0]-> C:\DOCUME~1\DALILA~1.SOU\Cookies [F:16010][D:18]-> C:\DOCUME~1\DALILA~1.SOU\LOCALS~1\TEMPOR~1\content.IE5 [F:2][D:0]-> C:\Recycled 1 - "C:\Lop SD\LopR_1.txt" - 22/07/2010| 9:25 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 22/07/2010| 9:30 - Option : [2] --------------------\\ Fin du rapport a 9:30:16 ************************************************************************************************************ Merci
- le 22 juillet 2010
- 5 réponses
virus

luminy a posté un sujet dans Analyses et éradication malwares

Bonjour, j'ai un pc portable avec du XP professionnel installé. ces derniers jours je reçoit le message suivant : infected by virus kubernesis j'ai fait une analyse avec hijackthis qui a donné le résultat suivant: // Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:05:44, on 21/07/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\cpqapps\Aclient\Aclient.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe C:\Program Files\Adverts\OpManager\conf\backup\OpManager\apache\bin\Apache.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Adverts\OpManager\conf\backup\OpManager\apache\bin\Apache.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\cpqapps\Aclient\AClntUsr.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\MessengerPlus! 3\MsgPlus.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe C:\WINDOWS\System32\WScript.exe C:\WINDOWS\System32\WScript.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\System32\WScript.exe C:\Documents and Settings\dalila.souami\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = HP® - Laptops, Desktop, Printers, Servers, and more R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Kubernesis infected R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [setRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe O4 - HKLM\..\Run: [AClntUsr] c:\cpqapps\Aclient\AClntUsr.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" O4 - HKLM\..\Run: [winlogon.dll] C:\WINDOWS\winlogon.dll.vbe O4 - HKLM\..\Run: [winlogon] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\winlogon.vbe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-188573140-1144765229-2517584884-1105\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-188573140-1144765229-2517584884-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2000478354-1482476501-725345543-1109\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-21-2000478354-1482476501-725345543-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') O4 - Startup: Notification de cadeaux MSN.lnk = C:\Documents and Settings\dalila.souami\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: winlogon.vbe O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = webcom.com O17 - HKLM\Software\..\Telephony: DomainName = webcom.com O17 - HKLM\System\CCS\Services\Tcpip\..\{639BD4B2-5DDB-4B21-BA4E-9951E5CFE057}: NameServer = 80.246.0.2,80.246.0.3 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = webcom.com O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0FO\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~2.0FO\kloehk.dll O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - c:\cpqapps\Aclient\Aclient.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe O23 - Service: ManageEngineOpManagerApache - Apache Software Foundation - C:\Program Files\Adverts\OpManager\conf\backup\OpManager\apache\bin\Apache.exe O23 - Service: ManageEngine OpManager (OpManager) - Unknown owner - C:\Program Files\Adverts\OpManager\conf\backup\OpManager\wrapper.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O24 - Desktop Component 0: (no name) - http://syndication.multimania.lycos.fr/resources/img/webbuilder/templates/empty.gif -- End of file - 8522 bytes // d'avance merci pour votre aide
- le 21 juillet 2010
- 5 réponses
mon pcest infectée

luminy a répondu à un(e) sujet de luminy dans Analyses et éradication malwares

bonjour, j'ai suivi tout ce ue vous avez demander, voici le resultat /* Malwarebytes' Anti-Malware 1.42 Version de la base de données: 3383 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 18/12/2009 14:57:00 mbam-log-2009-12-18 (14-57-00).txt Type de recherche: Examen rapide Eléments examinés: 110258 Temps écoulé: 9 minute(s), 30 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 6 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 5 Dossier(s) infecté(s): 8 Fichier(s) infecté(s): 24 Processus mémoire infecté(s): C:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\mawso3a.ebooknshandler (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mawso3a.externalnshandler (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9c453f21-396d-11d5-9734-70e252c10127} (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{d173e10a-001d-4318-9822-8c97a8418482} (Backdoor.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df1c8e21-4045-4d67-b528-335f1a4f0de9} (Adware.NaviPromo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\egdhtml (Adware.EGDAccess) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runver (Worm.AutoRun) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer (Trojan.Agent) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe RunVer.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\Program Files\Instant Access (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Center (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\DesktopIcons (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi\20091112231159 (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi\20091112231159\Common (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi\20091112231159\js (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi\20091112231159\medias (Adware.EGDAccess) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> Quarantined and deleted successfully. C:\WINDOWS\system32\nsinet.exe (Adware.NaviPromo) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Center\KooAccess.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\DesktopIcons\KooAccess.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi\20091112231159\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi\20091112231159\instant access.exe (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi\20091112231159\Common\module.php (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi\20091112231159\js\js_api_dialer.php (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi\20091112231159\medias\button1.gif (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi\20091112231159\medias\button2.gif (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi\20091112231159\medias\button3.gif (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi\20091112231159\medias\button4.gif (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Program Files\Instant Access\Multi\20091112231159\medias\dialer.ico (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\Documents and Settings\ZALA JUNIOR\Application Data\tazebama\zPharaoh.dat (Worm.Mabezat) -> Quarantined and deleted successfully. C:\Documents and Settings\hook.dl_ (Worm.Mabezat) -> Quarantined and deleted successfully. C:\Documents and Settings\tazebama.dl_ (Worm.Mabezat) -> Quarantined and deleted successfully. C:\explorer.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\Nouveau dossier.exe (Worm.AutoRun) -> Quarantined and deleted successfully. C:\RECYCLER\explorer.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\autorun.inf (Worm.Mabezat) -> Quarantined and deleted successfully. C:\zPharaoh.exe (Worm.Mabezat) -> Quarantined and deleted successfully. C:\WINDOWS\dialerexe.ini (Adware.EGDAccess) -> Quarantined and deleted successfully. C:\WINDOWS\system32\RunVer.exe (Worm.AutoRun) -> Delete on reboot. C:\Program Files\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. */
- le 18 décembre 2009
- 3 réponses
mon pcest infectée

luminy a posté un sujet dans Analyses et éradication malwares

bonjour, j'ai un mini portable avec le le system xp instale, depuis hier je constate une longteur et des accés desactiver comme le gestionnaire des taches, j'ai fait un scan avec hijackthis, et avec antivirus avira mais rien ne marche voici leresultat du sa avec hijackthis /* hijackthis debut Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:56:38, on 18/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\RunVer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\HotKey\ControlCenter.exe C:\Program Files\camera\camera.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\RunVer.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\ZALA JUNIOR\Mes documents\Téléchargements\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll F2 - REG:system.ini: Shell=Explorer.exe RunVer.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyPl.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ControlCenter_D9] C:\Program Files\HotKey\ControlCenter.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [camera.exe] C:\Program Files\camera\camera.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [explorer] C:\WINDOWS\BackUp\explorer.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RunVer] C:\WINDOWS\system32\RunVer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1238403172234 O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://ma-config.com/activex/hardwaredetection_3_1_2_0.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 5729 bytes /* fin d'avance merci pour votre aide
- le 18 décembre 2009
- 3 réponses
mon pc est infecte

luminy a posté un sujet dans Analyses et éradication malwares

Bonsoir, je vous envoi ce mail vous demandant de bien m'aider, mon pc est infecter, j'ai un windows xp pro installer, j'ai installer avast et maintennat je viens d'installer avira antivir, mais le problème persiste mes symptômes sont ma ventilation n'arrête pas de ytav ailler, mon processeur est à chaque fois à plus de 60%, lorsque je lance firefox pour des video de youtub par exemple c'est le galaire ma ventilation n'arrête pas avira me signal la présence de TR/cryptXPACK.Gen sur le fichier c:\wondows\system32\e8main0.dll voici les logs générer par HiJackThis ---------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:49:27, on 15/06/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\gh\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{5446D2F4-495C-490F-B781-4632090BC7C4}: NameServer = 192.168.1.2 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Google Update (gupdate1c9ed16cdce600c) (gupdate1c9ed16cdce600c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe -- End of file - 3451 bytes --------------
- le 15 juin 2009
- 3 réponses
infection port 135

luminy a posté un sujet dans Analyses et éradication malwares

Bonjour, j'ai une machine sous windows 2000 server, j'ai remarqué ces derniers jours qu'elle est en train de faire des requettes vers l'extèrieure ( divers machines) vers le port 135. merci de m'informer sur ce cas la
- le 14 janvier 2007
- 1 réponse

Connexion

luminy

Compteur de contenus

Inscription

Dernière visite

luminy's Achievements

Junior Member (3/12)

Réputation sur la communauté

virus

virus

virus

mon pcest infectée

mon pcest infectée

mon pc est infecte

infection port 135

Zebulon

Outils en ligne

Naviguer