Julrcsc

Membres

Afficher le profil Afficher son activité

Compteur de contenus
7
Inscription
le 28 novembre 2007
Dernière visite
le 1 décembre 2007

Autres informations

Mes langues
Francais

Julrcsc's Achievements

Junior Member (3/12)

Réputation sur la communauté

Infecté de virus

Julrcsc a répondu à un(e) sujet de Julrcsc dans Analyses et éradication malwares

Problème Résolu MErci A Tous
- le 1 décembre 2007
- 17 réponses
Infecté de virus

Julrcsc a répondu à un(e) sujet de Julrcsc dans Analyses et éradication malwares

Il etait déjà sur automatique ... Enfin bon tant pis, en tout cas je vous remercie grandement pour votre aide. L'essentiel c'est que les virus soient partis. Je vais réinstaller windows sait-on jamais
- le 29 novembre 2007
- 17 réponses
Infecté de virus

Julrcsc a répondu à un(e) sujet de Julrcsc dans Analyses et éradication malwares

Je n'ai que le style windows classique de disponible en fait :s Ici windows ressemble au 98 plutot qu'a l'XP
- le 29 novembre 2007
- 17 réponses
Infecté de virus

Julrcsc a répondu à un(e) sujet de Julrcsc dans Analyses et éradication malwares

Y a un léger problème :s Les apparences du bureau restent anciennes, je n'ai pas le choix pour les avoir arrondies ... Et donc je peux ouvrir le gestionnaire de tâches mais je n'ai pas les onglets applications, processus, performances ... Comment faire ?
- le 29 novembre 2007
- 17 réponses
Infecté de virus

Julrcsc a répondu à un(e) sujet de Julrcsc dans Analyses et éradication malwares

Hoooo miracle tout à disparu Merci beaucoup ComboFix 07-11-19.3 - Administrateur 2007-11-29 14:49:02.6 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.77 [GMT 1:00] Running from: C:\Downloads\Software\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt * Created a new restore point FILE C:\WINDOWS\system32\cyipusak.dll C:\WINDOWS\system32\fccccdb.dll C:\WINDOWS\system32\hggffef.dll C:\WINDOWS\system32\kasupiyc.ini C:\WINDOWS\system32\ljjhhhh.dll C:\WINDOWS\System32\ugkivldl.dll C:\WINDOWS\system32\zfkzjnen.dll . Incapable d'obtenir les privilèges Système (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk C:\WINDOWS\system32\ayadd.ini C:\WINDOWS\system32\ayadd.ini2 C:\WINDOWS\system32\cyipusak.dll C:\WINDOWS\System32\ddaya.dll C:\WINDOWS\system32\fccccdb.dll C:\WINDOWS\system32\hggffef.dll C:\WINDOWS\system32\kasupiyc.ini C:\WINDOWS\system32\ljjhhhh.dll C:\WINDOWS\System32\ugkivldl.dll C:\WINDOWS\system32\ygkp\ . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))))))) . 2007-11-29 14:51 <REP> d-------- C:\Program Files\Alwil Software 2007-11-29 14:41 <REP> d-------- C:\WINDOWS\system32\AVGUARD_4754e769 2007-11-29 14:11 <REP> d-------- C:\WINDOWS\system32\AVGUARD_47538735 2007-11-29 13:52 <REP> d-------- C:\Program Files\MansionPoker 2007-11-29 13:23 <REP> d-------- C:\WINDOWS\system32\AVGUARD_47514166 2007-11-29 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2007-11-28 21:53 <REP> d-------- C:\WINDOWS\ERUNT 2007-11-28 21:46 <REP> d-------- C:\Kaspersky 2007-11-28 17:02 <REP> d-------- C:\Program Files\Lavasoft 2007-11-28 17:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-28 16:46 <REP> d-------- C:\Program Files\Trend Micro 2007-11-28 16:41 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-28 16:18 <REP> d-------- C:\VundoFix Backups 2007-11-28 14:35 169,240 --a------ C:\WINDOWS\system32\wuaucpl.cpl 2007-11-28 14:26 150,016 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime 2007-11-28 14:26 150,016 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime 2007-11-28 14:26 150,016 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime 2007-11-28 14:26 74,752 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime 2007-11-28 14:26 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime 2007-11-28 14:26 61,952 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime 2007-11-28 14:26 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll 2007-11-28 14:26 31,360 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys 2007-11-28 14:25 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll 2007-11-28 14:24 129,536 --a--c--- C:\WINDOWS\system32\dllcache\iische51.dll 2007-11-28 14:24 65,536 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll 2007-11-28 14:24 60,928 --a--c--- C:\WINDOWS\system32\dllcache\iisclex4.dll 2007-11-28 14:24 21,504 --a--c--- C:\WINDOWS\system32\dllcache\iisadmin.dll 2007-11-28 14:23 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2007-11-28 14:23 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll 2007-11-28 14:23 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll 2007-11-28 14:23 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll 2007-11-28 14:23 240,640 --a--c--- C:\WINDOWS\system32\dllcache\httpext.dll 2007-11-28 14:23 74,752 --a--c--- C:\WINDOWS\system32\dllcache\dayi.ime 2007-11-28 14:23 55,296 --a--c--- C:\WINDOWS\system32\dllcache\httpod51.dll 2007-11-28 14:23 39,424 --a--c--- C:\WINDOWS\system32\dllcache\davcdata.exe 2007-11-28 14:23 24,632 --a--c--- C:\WINDOWS\system32\dllcache\fpadmcgi.exe 2007-11-28 14:23 20,541 --a--c--- C:\WINDOWS\system32\dllcache\fpadmdll.dll 2007-11-28 14:23 15,872 --a--c--- C:\WINDOWS\system32\dllcache\chgport.exe 2007-11-28 14:23 15,360 --a--c--- C:\WINDOWS\system32\dllcache\flattemp.exe 2007-11-28 14:23 14,848 --a--c--- C:\WINDOWS\system32\dllcache\chgusr.exe 2007-11-28 14:23 13,824 --a--c--- C:\WINDOWS\system32\dllcache\chglogon.exe 2007-11-28 14:23 13,312 --a--c--- C:\WINDOWS\system32\dllcache\exstrace.dll 2007-11-28 14:23 7,680 --a--c--- C:\WINDOWS\system32\dllcache\httpmb51.dll 2007-11-28 14:23 7,168 --a--c--- C:\WINDOWS\system32\dllcache\f3ahvoas.dll 2007-11-28 14:22 218,112 --a--c--- C:\WINDOWS\system32\dllcache\c_g18030.dll 2007-11-28 14:22 188,494 --a--c--- C:\WINDOWS\system32\dllcache\fpcount.exe 2007-11-28 14:22 173,056 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll 2007-11-28 14:22 71,680 --a--c--- C:\WINDOWS\system32\dllcache\logui.ocx 2007-11-28 14:22 20,536 --a--c--- C:\WINDOWS\system32\dllcache\shtml.dll 2007-11-28 14:22 16,437 --a--c--- C:\WINDOWS\system32\dllcache\shtml.exe 2007-11-28 14:22 10,752 --a--c--- C:\WINDOWS\system32\dllcache\c_iscii.dll 2007-11-28 14:22 7,168 --a--c--- C:\WINDOWS\system32\dllcache\wamregps.dll 2007-11-28 14:22 6,656 --a--c--- C:\WINDOWS\system32\dllcache\c_is2022.dll 2007-11-28 14:18 <REP> d-------- C:\WINDOWS\LastGood 2007-11-28 14:15 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2007-11-28 14:14 753,664 --a--c--- C:\WINDOWS\system32\dllcache\setup_wm.exe 2007-11-28 14:14 159,744 --a--c--- C:\WINDOWS\system32\dllcache\icwhelp.dll 2007-11-28 14:14 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe 2007-11-28 14:14 65,536 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll 2007-11-28 14:14 57,344 --a--c--- C:\WINDOWS\system32\dllcache\icwconn.dll 2007-11-28 14:14 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icwutil.dll 2007-11-28 14:14 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll 2007-11-28 14:14 24,576 --a--c--- C:\WINDOWS\system32\dllcache\icwrmind.exe 2007-11-28 14:12 1,081,112 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-11-28 14:12 190,464 --a--c--- C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-11-28 14:12 142,848 --a--c--- C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-11-28 14:12 115,480 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-11-28 14:03 56,081 --a--c--- C:\WINDOWS\system32\dllcache\DAJAVAC.CAT 2007-11-28 14:03 52,311 --a--c--- C:\WINDOWS\system32\dllcache\DX3.CAT 2007-11-28 14:03 31,405 --a--c--- C:\WINDOWS\system32\dllcache\FP4.CAT 2007-11-28 14:03 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-11-28 14:03 14,031 --a--c--- C:\WINDOWS\system32\dllcache\MSJDBC.CAT 2007-11-28 14:03 13,923 --a--c--- C:\WINDOWS\system32\dllcache\IMS.CAT 2007-11-28 14:03 13,497 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT 2007-11-28 14:03 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2007-11-28 14:03 8,599 --a--c--- C:\WINDOWS\system32\dllcache\IASNT4.CAT 2007-11-26 22:07 <REP> d-------- C:\WINDOWS\LastGood.Tmp 2007-11-26 17:34 208,896 --a------ C:\WINDOWS\system32\wmpns.dll 2007-11-26 17:30 <REP> d-------- C:\Documents and Settings\Default User\Application Data\DivX 2007-11-26 17:28 24,576 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll 2007-11-26 15:00 561,152 --a------ C:\WINDOWS\system32\tnwmtpj 2007-11-26 14:51 561,152 --a------ C:\WINDOWS\system32\ygkp 2007-11-25 14:49 <REP> d-------- C:\Program Files\PacificPoker4 2007-11-25 13:37 <REP> d-------- C:\Poker 2007-11-25 13:10 <REP> d-------- C:\Program Files\InstallShield Installation Information 2007-11-25 13:07 <REP> d-------- C:\WINDOWS\Downloaded Installations 2007-11-19 22:01 <REP> d-------- C:\Program Files\Sports Interactive 2007-11-18 16:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2007-11-18 16:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-18 16:44 <REP> d-------- C:\Program Files\CCleaner 2007-11-04 13:58 <REP> d-------- C:\Program Files\Microsoft.NET 2007-11-04 13:55 <REP> d--h----- C:\WINDOWS\ShellNew 2007-11-04 13:27 <REP> dr-h----- C:\MSOCache 2007-10-29 20:18 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2007-10-29 20:18 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2007-10-29 20:18 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-10-29 20:18 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2007-10-29 20:18 1,958 --a------ C:\WINDOWS\system32\tmp.reg 2007-10-29 19:51 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Weflirt . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-29 13:53 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Free Download Manager 2007-11-28 15:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire 2007-11-26 20:21 --------- d-----w C:\Program Files\DAEMON Tools 2007-11-26 20:18 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-25 13:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-11-19 20:57 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sports Interactive 2007-11-11 12:23 --------- d-----w C:\Program Files\DivX 2007-11-05 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2007-10-29 19:18 --------- d-----w C:\Program Files\Free Download Manager 2007-10-29 19:00 --------- d-----w C:\Program Files\TVUPlayer 2007-10-29 19:00 --------- d-----w C:\Program Files\SopCast 2007-10-29 19:00 --------- d-----w C:\Program Files\LimeWire 2007-10-28 13:11 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\SopCast 2007-10-28 09:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-18 19:04 --------- d-----w C:\Program Files\QuickTime 2007-10-18 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-18 19:02 --------- d-----w C:\Program Files\Apple Software Update 2007-10-18 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-10-18 15:10 --------- d--h--r C:\Documents and Settings\Administrateur\Application Data\SecuROM 2007-10-17 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG 2007-10-17 15:03 --------- d-----w C:\Program Files\Java 2007-10-17 14:58 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-10-16 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-10-14 17:04 --------- d-----w C:\Program Files\MSN Messenger 2007-10-14 11:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Spybot - Search & Destroy 2007-10-14 10:53 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-10-14 10:36 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-10-14 10:36 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-10-14 10:14 --------- d-----w C:\Program Files\Windows Live 2007-10-14 10:14 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-10-14 09:49 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-14 09:47 --------- d-----w C:\Program Files\Services en ligne 2007-10-14 09:44 --------- d-----w C:\Program Files\Fichiers communs\MSSoap . ((((((((((((((((((((((((((((( snapshot_2007-11-28_22.24.28.50 ))))))))))))))))))))))))))))))))))))))))) . + 2007-06-11 12:04:38 190,696 ----a-r C:\WINDOWS\LastGood\System32\Macromed\Flash\FlashUtil9d.exe + 2007-09-06 11:09:49 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe + 2007-09-06 11:00:07 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr + 2006-01-18 12:06:02 57,344 ----a-w C:\WINDOWS\system32\avsda.dll + 2007-11-29 09:30:06 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-11-29 09:30:06 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2007-11-28 15:19:52 241,664 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat + 2007-11-29 12:16:28 241,664 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat + 2007-09-06 11:00:53 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys + 2007-09-06 11:05:25 92,848 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys + 2007-09-06 11:05:10 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys + 2007-09-06 11:03:02 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys + 2007-09-06 11:02:20 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys + 2005-08-23 14:32:46 31,744 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2005-07-04 10:58:48 14,848 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys + 2005-07-18 07:05:26 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll + 2007-11-29 13:57:06 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_60c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-10-14 16:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-01-18 15:52] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 12:06] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisallowRun"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun] "Protected system files1"= avgupsvc.exe "Protected system files2"= avgamsvr.exe "Protected system files3"= avgcc.exe "Protected system files4"= nod32kui.exe "Protected system files5"= nod32krn.exe "Protected system files6"= ccSetMgr.exe "Protected system files7"= ccEvtMgr.exe "Protected system files8"= DefWatch.exe "Protected system files9"= SavRoam.exe "Protected system files10"= Rtvscan.exe "Protected system files11"= VPTray.exe "Protected system files12"= ccApp.exe "Protected system files13"= AluSchedulerSvc.exe "Protected system files14"= nod32.exe "Protected system files15"= nod32ra.exe "Protected system files16"= UpdaterUI.exe "Protected system files17"= tbmon.exe "Protected system files18"= Mcshield.exe "Protected system files19"= SHSTAT.exe "Protected system files20"= ashMaiSv.exe "Protected system files21"= ashServ.exe "Protected system files22"= ashWebSv.exe "Protected system files23"= aswUpdSv.exe "Protected system files24"= AVGUARD.exe "Protected system files25"= AVWUPSRV.exe "Protected system files26"= avscan.exe "Protected system files27"= guardgui.exe "Protected system files28"= VxMon.exe "Protected system files29"= AVGNT.exe "Protected system files30"= avgemc.exe "Protected system files31"= avp.exe "Protected system files32"= avp.com [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\System32\ddaya.dll R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\drivers\avgntmgr.sys R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys *Newly Created Service* - AAVMKER4 *Newly Created Service* - ASWMON2 *Newly Created Service* - ASWRDR *Newly Created Service* - ASWTDI *Newly Created Service* - ASWUPDSV *Newly Created Service* - AVAST!_ANTIVIRUS *Newly Created Service* - AVAST!_MAIL_SCANNER *Newly Created Service* - AVAST!_WEB_SCANNER . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-11-23 10:40:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-29 14:57:19 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-11-29 14:59:44 - machine was rebooted C:\ComboFix2.txt ... 2007-11-29 13:27 C:\ComboFix3.txt ... 2007-11-28 22:26 . --- E O F --- Voici le rapport Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:02:55, on 29/11/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir Scheduler (AntiVirScheduler) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- End of file - 5267 bytes Quel antivirus utiliser maintenant ? j'ai téléchargé Antivir par le lien donné plus haut mais la licence est expirée. En tout cas merci beaucoup, maintenant me reste plus qu'à remettre le bureau comme avant
- le 29 novembre 2007
- 17 réponses
Infecté de virus

Julrcsc a répondu à un(e) sujet de Julrcsc dans Analyses et éradication malwares

SmitFraudFix v2.253 Rapport fait à 13:11:59,23, 29/11/2007 Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Connexion réseau Intel® PRO/100 - Miniport d'ordonnancement de paquets DNS Server Search Order: 212.68.193.110 DNS Server Search Order: 212.68.193.196 HKLM\SYSTEM\CCS\Services\Tcpip\..\{3EA27213-492B-4BA1-B582-E2E14525E672}: DhcpNameServer=212.68.193.110 212.68.193.196 HKLM\SYSTEM\CS1\Services\Tcpip\..\{3EA27213-492B-4BA1-B582-E2E14525E672}: DhcpNameServer=212.68.193.110 212.68.193.196 HKLM\SYSTEM\CS2\Services\Tcpip\..\{3EA27213-492B-4BA1-B582-E2E14525E672}: DhcpNameServer=212.68.193.110 212.68.193.196 HKLM\SYSTEM\CS3\Services\Tcpip\..\{3EA27213-492B-4BA1-B582-E2E14525E672}: DhcpNameServer=212.68.193.110 212.68.193.196 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.68.193.110 212.68.193.196 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Et ComboFix 07-11-19.3 - Administrateur 2007-11-29 13:16:47.5 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.67 [GMT 1:00] Running from: C:\Downloads\Software\ComboFix.exe . Incapable d'obtenir les privilèges Système (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\Bureau\Live Safety Center.lnk C:\Documents and Settings\Administrateur\Bureau\Online Security Guide.lnk C:\Documents and Settings\Administrateur\Favoris\Online Security Guide.lnk C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk C:\WINDOWS\System32\awtsq.dll C:\WINDOWS\system32\qstwa.ini C:\WINDOWS\system32\qstwa.ini2 C:\WINDOWS\system32\zfkzjnen.dllbox . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))))))) . 2007-11-29 13:23 <REP> d-------- C:\WINDOWS\system32\AVGUARD_47514166 2007-11-29 13:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2007-11-29 13:03 1,047,552 --a------ C:\WINDOWS\system32\mfc71u.dll 2007-11-28 21:53 <REP> d-------- C:\WINDOWS\ERUNT 2007-11-28 21:46 <REP> d-------- C:\Kaspersky 2007-11-28 17:02 <REP> d-------- C:\Program Files\Lavasoft 2007-11-28 17:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-28 16:46 <REP> d-------- C:\Program Files\Trend Micro 2007-11-28 16:41 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard 2007-11-28 16:18 <REP> d-------- C:\VundoFix Backups 2007-11-28 14:35 169,240 --a------ C:\WINDOWS\system32\wuaucpl.cpl 2007-11-28 14:26 150,016 --a--c--- C:\WINDOWS\system32\dllcache\winzm.ime 2007-11-28 14:26 150,016 --a--c--- C:\WINDOWS\system32\dllcache\winsp.ime 2007-11-28 14:26 150,016 --a--c--- C:\WINDOWS\system32\dllcache\winpy.ime 2007-11-28 14:26 74,752 --a--c--- C:\WINDOWS\system32\dllcache\winar30.ime 2007-11-28 14:26 69,120 --a--c--- C:\WINDOWS\system32\dllcache\wingb.ime 2007-11-28 14:26 61,952 --a--c--- C:\WINDOWS\system32\dllcache\winime.ime 2007-11-28 14:26 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll 2007-11-28 14:26 31,360 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys 2007-11-28 14:25 15,872 --a--c--- C:\WINDOWS\system32\dllcache\padrs404.dll 2007-11-28 14:24 129,536 --a--c--- C:\WINDOWS\system32\dllcache\iische51.dll 2007-11-28 14:24 65,536 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_mailmsg.dll 2007-11-28 14:24 60,928 --a--c--- C:\WINDOWS\system32\dllcache\iisclex4.dll 2007-11-28 14:24 21,504 --a--c--- C:\WINDOWS\system32\dllcache\iisadmin.dll 2007-11-28 14:23 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll 2007-11-28 14:23 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll 2007-11-28 14:23 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll 2007-11-28 14:23 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll 2007-11-28 14:23 240,640 --a--c--- C:\WINDOWS\system32\dllcache\httpext.dll 2007-11-28 14:23 74,752 --a--c--- C:\WINDOWS\system32\dllcache\dayi.ime 2007-11-28 14:23 55,296 --a--c--- C:\WINDOWS\system32\dllcache\httpod51.dll 2007-11-28 14:23 39,424 --a--c--- C:\WINDOWS\system32\dllcache\davcdata.exe 2007-11-28 14:23 24,632 --a--c--- C:\WINDOWS\system32\dllcache\fpadmcgi.exe 2007-11-28 14:23 20,541 --a--c--- C:\WINDOWS\system32\dllcache\fpadmdll.dll 2007-11-28 14:23 15,872 --a--c--- C:\WINDOWS\system32\dllcache\chgport.exe 2007-11-28 14:23 15,360 --a--c--- C:\WINDOWS\system32\dllcache\flattemp.exe 2007-11-28 14:23 14,848 --a--c--- C:\WINDOWS\system32\dllcache\chgusr.exe 2007-11-28 14:23 13,824 --a--c--- C:\WINDOWS\system32\dllcache\chglogon.exe 2007-11-28 14:23 13,312 --a--c--- C:\WINDOWS\system32\dllcache\exstrace.dll 2007-11-28 14:23 7,680 --a--c--- C:\WINDOWS\system32\dllcache\httpmb51.dll 2007-11-28 14:23 7,168 --a--c--- C:\WINDOWS\system32\dllcache\f3ahvoas.dll 2007-11-28 14:22 218,112 --a--c--- C:\WINDOWS\system32\dllcache\c_g18030.dll 2007-11-28 14:22 188,494 --a--c--- C:\WINDOWS\system32\dllcache\fpcount.exe 2007-11-28 14:22 173,056 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll 2007-11-28 14:22 71,680 --a--c--- C:\WINDOWS\system32\dllcache\logui.ocx 2007-11-28 14:22 20,536 --a--c--- C:\WINDOWS\system32\dllcache\shtml.dll 2007-11-28 14:22 16,437 --a--c--- C:\WINDOWS\system32\dllcache\shtml.exe 2007-11-28 14:22 10,752 --a--c--- C:\WINDOWS\system32\dllcache\c_iscii.dll 2007-11-28 14:22 7,168 --a--c--- C:\WINDOWS\system32\dllcache\wamregps.dll 2007-11-28 14:22 6,656 --a--c--- C:\WINDOWS\system32\dllcache\c_is2022.dll 2007-11-28 14:18 <REP> d-------- C:\WINDOWS\LastGood 2007-11-28 14:15 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2007-11-28 14:15 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2007-11-28 14:15 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest 2007-11-28 14:15 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2007-11-28 14:15 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2007-11-28 14:14 753,664 --a--c--- C:\WINDOWS\system32\dllcache\setup_wm.exe 2007-11-28 14:14 159,744 --a--c--- C:\WINDOWS\system32\dllcache\icwhelp.dll 2007-11-28 14:14 73,728 --a--c--- C:\WINDOWS\system32\dllcache\icwtutor.exe 2007-11-28 14:14 65,536 --a--c--- C:\WINDOWS\system32\dllcache\icwres.dll 2007-11-28 14:14 57,344 --a--c--- C:\WINDOWS\system32\dllcache\icwconn.dll 2007-11-28 14:14 45,056 --a--c--- C:\WINDOWS\system32\dllcache\icwutil.dll 2007-11-28 14:14 40,960 --a--c--- C:\WINDOWS\system32\dllcache\trialoc.dll 2007-11-28 14:14 24,576 --a--c--- C:\WINDOWS\system32\dllcache\icwrmind.exe 2007-11-28 14:12 1,081,112 --a------ C:\WINDOWS\system32\wuaueng.dll 2007-11-28 14:12 190,464 --a--c--- C:\WINDOWS\system32\dllcache\wuaueng.dll 2007-11-28 14:12 142,848 --a--c--- C:\WINDOWS\system32\dllcache\wuauclt.exe 2007-11-28 14:12 115,480 --a------ C:\WINDOWS\system32\wuauclt.exe 2007-11-28 14:03 56,081 --a--c--- C:\WINDOWS\system32\dllcache\DAJAVAC.CAT 2007-11-28 14:03 52,311 --a--c--- C:\WINDOWS\system32\dllcache\DX3.CAT 2007-11-28 14:03 31,405 --a--c--- C:\WINDOWS\system32\dllcache\FP4.CAT 2007-11-28 14:03 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll 2007-11-28 14:03 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll 2007-11-28 14:03 14,031 --a--c--- C:\WINDOWS\system32\dllcache\MSJDBC.CAT 2007-11-28 14:03 13,923 --a--c--- C:\WINDOWS\system32\dllcache\IMS.CAT 2007-11-28 14:03 13,497 --a--c--- C:\WINDOWS\system32\dllcache\HPCRDP.CAT 2007-11-28 14:03 13,312 --a------ C:\WINDOWS\system32\irclass.dll 2007-11-28 14:03 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll 2007-11-28 14:03 8,599 --a--c--- C:\WINDOWS\system32\dllcache\IASNT4.CAT 2007-11-27 12:03 1,132,742 ---hs---- C:\WINDOWS\system32\kasupiyc.ini 2007-11-27 12:03 85,056 --a------ C:\WINDOWS\system32\cyipusak.dll 2007-11-27 12:01 145,984 --a------ C:\WINDOWS\system32\zfkzjnen.dll 2007-11-26 22:07 <REP> d-------- C:\WINDOWS\LastGood.Tmp 2007-11-26 17:30 <REP> d-------- C:\Documents and Settings\Default User\Application Data\DivX 2007-11-26 17:28 24,576 --a--c--- C:\WINDOWS\system32\dllcache\icwdl.dll 2007-11-26 14:51 561,152 --a------ C:\WINDOWS\system32\ygkp 2007-11-26 11:53 38,912 --a------ C:\WINDOWS\system32\fccccdb.dll 2007-11-26 11:51 38,912 --a------ C:\WINDOWS\system32\hggffef.dll 2007-11-26 11:49 38,912 --a------ C:\WINDOWS\system32\ljjhhhh.dll 2007-11-25 14:49 <REP> d-------- C:\Program Files\PacificPoker4 2007-11-25 13:37 <REP> d-------- C:\Poker 2007-11-25 13:10 <REP> d-------- C:\Program Files\InstallShield Installation Information 2007-11-25 13:07 <REP> d-------- C:\WINDOWS\Downloaded Installations 2007-11-19 22:01 <REP> d-------- C:\Program Files\Sports Interactive 2007-11-18 16:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft 2007-11-18 16:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-11-18 16:51 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-11-18 16:44 <REP> d-------- C:\Program Files\CCleaner 2007-11-04 14:02 17,920 --a------ C:\WINDOWS\system32\mdimon.dll 2007-11-04 13:58 <REP> d-------- C:\Program Files\Microsoft.NET . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-29 12:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Free Download Manager 2007-11-28 15:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire 2007-11-26 20:21 --------- d-----w C:\Program Files\DAEMON Tools 2007-11-26 20:18 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2007-11-25 13:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2007-11-19 20:57 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Sports Interactive 2007-11-11 12:23 --------- d-----w C:\Program Files\DivX 2007-11-05 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2007-10-29 19:18 --------- d-----w C:\Program Files\Free Download Manager 2007-10-29 19:00 --------- d-----w C:\Program Files\TVUPlayer 2007-10-29 19:00 --------- d-----w C:\Program Files\SopCast 2007-10-29 19:00 --------- d-----w C:\Program Files\LimeWire 2007-10-28 13:11 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\SopCast 2007-10-28 09:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-10-18 19:04 --------- d-----w C:\Program Files\QuickTime 2007-10-18 19:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2007-10-18 19:02 --------- d-----w C:\Program Files\Apple Software Update 2007-10-18 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2007-10-18 15:10 --------- d--h--r C:\Documents and Settings\Administrateur\Application Data\SecuROM 2007-10-17 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG 2007-10-17 15:03 --------- d-----w C:\Program Files\Java 2007-10-17 14:58 --------- d-----w C:\Program Files\Fichiers communs\Java 2007-10-16 19:25 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2007-10-14 17:04 --------- d-----w C:\Program Files\MSN Messenger 2007-10-14 11:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Spybot - Search & Destroy 2007-10-14 10:53 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-10-14 10:36 --------- d-----w C:\Program Files\Fichiers communs\SpeechEngines 2007-10-14 10:36 --------- d-----w C:\Program Files\Fichiers communs\ODBC 2007-10-14 10:14 --------- d-----w C:\Program Files\Windows Live 2007-10-14 10:14 --------- d-----w C:\Program Files\Messenger Plus! Live 2007-10-14 09:49 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-14 09:47 --------- d-----w C:\Program Files\Services en ligne 2007-10-14 09:44 --------- d-----w C:\Program Files\Fichiers communs\MSSoap . ((((((((((((((((((((((((((((( snapshot_2007-11-28_22.24.28.50 ))))))))))))))))))))))))))))))))))))))))) . + 2007-06-11 12:04:38 190,696 ----a-r C:\WINDOWS\LastGood\System32\Macromed\Flash\FlashUtil9d.exe + 2006-01-18 12:06:02 57,344 ----a-w C:\WINDOWS\system32\avsda.dll + 2007-11-29 09:30:06 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2007-11-29 09:30:06 16,384 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat - 2007-11-28 15:19:52 241,664 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat + 2007-11-29 12:16:28 241,664 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat + 2005-08-23 14:32:46 31,744 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys + 2005-07-04 10:58:48 14,848 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}] 2007-11-26 11:49 38912 --a------ C:\WINDOWS\System32\ljjhhhh.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e597aac-cf0b-4281-bd17-9b9bbb303a40}] 2007-11-27 12:01 78912 --a------ C:\WINDOWS\System32\ugkivldl.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}] 2007-11-27 12:01 145984 --a------ C:\WINDOWS\system32\zfkzjnen.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\zfkzjnen.dll [2007-11-27 12:01 145984] [HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-10-14 16:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25] "d444bc13"="C:\WINDOWS\System32\cyipusak.dll" [2007-11-27 12:03] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2006-01-18 15:52] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 10:45] [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisallowRun"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\disallowrun] "Protected system files1"= avgupsvc.exe "Protected system files2"= avgamsvr.exe "Protected system files3"= avgcc.exe "Protected system files4"= nod32kui.exe "Protected system files5"= nod32krn.exe "Protected system files6"= ccSetMgr.exe "Protected system files7"= ccEvtMgr.exe "Protected system files8"= DefWatch.exe "Protected system files9"= SavRoam.exe "Protected system files10"= Rtvscan.exe "Protected system files11"= VPTray.exe "Protected system files12"= ccApp.exe "Protected system files13"= AluSchedulerSvc.exe "Protected system files14"= nod32.exe "Protected system files15"= nod32ra.exe "Protected system files16"= UpdaterUI.exe "Protected system files17"= tbmon.exe "Protected system files18"= Mcshield.exe "Protected system files19"= SHSTAT.exe "Protected system files20"= ashMaiSv.exe "Protected system files21"= ashServ.exe "Protected system files22"= ashWebSv.exe "Protected system files23"= aswUpdSv.exe "Protected system files24"= AVGUARD.exe "Protected system files25"= AVWUPSRV.exe "Protected system files26"= avscan.exe "Protected system files27"= guardgui.exe "Protected system files28"= VxMon.exe "Protected system files29"= AVGNT.exe "Protected system files30"= avgemc.exe "Protected system files31"= avp.exe "Protected system files32"= avp.com [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}"= C:\WINDOWS\System32\ljjhhhh.dll [2007-11-26 11:49 38912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhhhh] ljjhhhh.dll 2007-11-26 11:49 38912 C:\WINDOWS\system32\ljjhhhh.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\zfkzjnen] zfkzjnen.dll 2007-11-27 12:01 145984 C:\WINDOWS\system32\zfkzjnen.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\System32\awtsq.dll R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\drivers\avgntmgr.sys R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-11-23 10:40:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-29 13:24:22 Windows 5.1.2600 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-11-29 13:27:01 - machine was rebooted . --- E O F ---
- le 29 novembre 2007
- 17 réponses
Infecté de virus

Julrcsc a posté un sujet dans Analyses et éradication malwares

Bonsoir à tous, Depuis hier mon PC est infecté de virus ... J'ai deux icones sur mon bureau : online security guide + live safety center. De plus j'ai dans la barre des tâches, un triangle jaune qui clignote et qui m'affiche des messages tels que critical system warning + system aler malware threats+ system performance monitor. Ma page d'accueil internet a changé aussi pour www.savetheinformation.com. J'ai une barre security toolbar 7.1 ... Est-ce grave docteur ? J'ai essayé plein de solutions trouvées sur le net mais rien ne change Voici mon rapport Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:56:04, on 28/11/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\zfkzjnen.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [d444bc13] rundll32.exe "C:\WINDOWS\System32\cyipusak.dll",b O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - C:\PROGRA~1\PACIFI~1\pacificpoker.exe O9 - Extra button: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra 'Tools' menuitem: CDPoker - {A68FC757-51CF-4f3c-B13A-BFB8CA69BB99} - C:\Poker\CDPoker\casino.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\FUM\fumiebtn.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- End of file - 3588 bytes Si quelqu'un peut m'aider rapidement ... Merci d'avance
- le 28 novembre 2007
- 17 réponses

Connexion

Julrcsc

Compteur de contenus

Inscription

Dernière visite

Autres informations

Julrcsc's Achievements

Junior Member (3/12)

Réputation sur la communauté

Infecté de virus

Infecté de virus

Infecté de virus

Infecté de virus

Infecté de virus

Infecté de virus

Infecté de virus

Zebulon

Outils en ligne

Naviguer