Aller au contenu

HAL

Membres
  • Compteur de contenus

    6
  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    Français

HAL's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Voici le rapport Hijackthis demandé ; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:26:06, on 02/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142694690890 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 7991 bytes
  2. J'ai lancé les 2 programmes, le premier OK, le second malwarebyte m'a trouvé une erreur. J'ai donc supprimer la sélection proposée mais je n'ai pas redémarré, le soft ne me l'a pas demandé... Voici le rapport de fin d'analyse : Malwarebytes' Anti-Malware 1.30 Version de la base de données: 1357 Windows 5.1.2600 Service Pack 2 02/11/2008 22:07:17 mbam-log-2008-11-02 (22-07-17).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 171260 Temps écoulé: 59 minute(s), 28 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) P.S. vous avez un nouveau MP @+
  3. Voici le nouveau rapport Hikjackthis, et concernant le PC je vais relancer un scan par Antivir et je vous tiendrai informé. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:31:25, on 02/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142694690890 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 7866 bytes Merci et @ bientot,
  4. Ca y est, l'analyse est terminée, voici le rapport de sopho ; Sophos Anti-Virus Version 4.35.0 [Win32/Intel] Virus data version 4.35E, November 2008 Includes detection for 536595 viruses, trojans and worms Copyright © 1989-2008 Sophos Plc, www.sophos.com System time 18:40:46, System date 02 November 2008 Command line qualifiers are: -f -di -nc -nb -dn --stop-scan -idedir=C:\SDFix\IDE -p=C:\SDFix\SophosReport.txt IDE directory is: C:\SDFix\IDE Using IDE file fakea-hd.ide Using IDE file offmsg-a.ide Using IDE file poiso-ad.ide Using IDE file linea-fl.ide Using IDE file ircb-acr.ide Using IDE file autor-jd.ide Using IDE file dloa-bsq.ide Using IDE file agen-hqg.ide Using IDE file delf-fbc.ide Using IDE file meredr-a.ide Using IDE file dloa-bss.ide Using IDE file buzus-o.ide Using IDE file fakea-dh.ide Using IDE file delban-a.ide Using IDE file backsp-a.ide Using IDE file bank-end.ide Using IDE file agen-hqm.ide Using IDE file autor-je.ide Using IDE file linea-fs.ide Using IDE file dload-di.ide Using IDE file rootk-dr.ide Using IDE file autor-jf.ide Using IDE file agen-hqq.ide Using IDE file tibs-uw.ide Using IDE file dwnl-hht.ide Using IDE file agen-hqs.ide Using IDE file bank-ene.ide Using IDE file rexplo-d.ide Using IDE file pws-atp.ide Using IDE file gaman-ch.ide Using IDE file ytkit-a.ide Using IDE file agen-hqw.ide Using IDE file linea-fy.ide Using IDE file linea-gc.ide Using IDE file pws-atr.ide Using IDE file autor-ji.ide Using IDE file gaman-ci.ide Using IDE file autor-jk.ide Using IDE file dload-dk.ide Using IDE file fakea-dm.ide Using IDE file agen-hrd.ide Using IDE file dropr-ac.ide Using IDE file pws-att.ide Using IDE file autoit-t.ide Using IDE file autor-jl.ide Using IDE file agen-hrf.ide Using IDE file autor-jm.ide Using IDE file autoit-v.ide Using IDE file killa-ey.ide Using IDE file psyme-jy.ide Using IDE file pws-atu.ide Using IDE file agen-hrh.ide Using IDE file bho-hc.ide Using IDE file agen-hri.ide Using IDE file hostin-a.ide Using IDE file ircb-acn.ide Using IDE file linea-gk.ide Using IDE file agen-hrl.ide Using IDE file agen-hrm.ide Using IDE file psyme-jw.ide Using IDE file autor-jo.ide Using IDE file banhos-y.ide Using IDE file agen-hro.ide Using IDE file dloa-btl.ide Using IDE file agen-hrp.ide Using IDE file autor-jp.ide Using IDE file he4hoo-g.ide Using IDE file agen-hrs.ide Using IDE file fakev-fy.ide Using IDE file buzus-p.ide Using IDE file fakea-ho.ide Using IDE file agen-hrw.ide Using IDE file agen-hrx.ide Using IDE file agen-hry.ide Using IDE file backd-ab.ide Using IDE file bank-eni.ide Using IDE file wlhack-g.ide Using IDE file injec-cx.ide Using IDE file fakea-hq.ide Using IDE file autor-ju.ide Using IDE file autor-jv.ide Using IDE file zlob-aol.ide Using IDE file agen-hsk.ide Using IDE file autor-jw.ide Using IDE file ntroo-dy.ide Using IDE file autor-jy.ide Using IDE file agen-hsm.ide Using IDE file bront-dw.ide Using IDE file click-ez.ide Using IDE file autor-ke.ide Using IDE file psyme-jx.ide Using IDE file backd-ac.ide Using IDE file rootk-ds.ide Using IDE file pswd-gen.ide Using IDE file agen-hst.ide Using IDE file dwnl-hie.ide Using IDE file dorf-bu.ide Using IDE file autor-kf.ide Using IDE file obfus-b.ide Using IDE file swfdlr-b.ide Using IDE file fakea-ht.ide Using IDE file vb-ebe.ide Using IDE file agen-htc.ide Using IDE file autor-kl.ide Using IDE file dwnl-hih.ide Using IDE file zlob-aop.ide Using IDE file psyme-kd.ide Using IDE file bank-enm.ide Using IDE file fakea-eb.ide Using IDE file usract-a.ide Using IDE file fakea-ed.ide Using IDE file agen-htk.ide Using IDE file pws-aty.ide Using IDE file pws-aua.ide Using IDE file geezo-e.ide Using IDE file banhos-z.ide Using IDE file agen-hto.ide Using IDE file dloa-btz.ide Using IDE file ntroo-dz.ide Using IDE file fakea-hu.ide Using IDE file agen-htv.ide Using IDE file agen-hty.ide Using IDE file agen-hub.ide Using IDE file ntroo-ea.ide Using IDE file bankd-dj.ide Using IDE file agen-hud.ide Using IDE file swizz-og.ide Using IDE file agen-huf.ide Using IDE file sdbo-dla.ide Using IDE file pushdo-w.ide Using IDE file dwnl-hin.ide Using IDE file autor-ku.ide Using IDE file agen-hul.ide Using IDE file poiso-af.ide Using IDE file looke-ej.ide Using IDE file agen-huq.ide Using IDE file agen-hur.ide Using IDE file fakev-gf.ide Using IDE file fakev-gh.ide Using IDE file asp-c.ide Using IDE file salit-an.ide Using IDE file fakea-eh.ide Using IDE file agen-hnf.ide Using IDE file wow-kd.ide Using IDE file stayt-a.ide Using IDE file zlob-anz.ide Using IDE file autor-kx.ide Using IDE file fakea-ei.ide Using IDE file snpves-c.ide Using IDE file kolabc-d.ide Using IDE file delpdl-c.ide Using IDE file geezo-f.ide Using IDE file delf-fbf.ide Using IDE file dloa-bun.ide Using IDE file agen-hvk.ide Using IDE file agen-hvm.ide Using IDE file dwnl-his.ide Using IDE file tileb-kz.ide Using IDE file zlob-aox.ide Using IDE file autor-lb.ide Using IDE file maldoc-f.ide Using IDE file agen-hvv.ide Using IDE file dloa-bus.ide Using IDE file zlob-apa.ide Using IDE file banho-ab.ide Using IDE file drop-az.ide Using IDE file malas-h.ide Using IDE file buzus-r.ide Using IDE file agen-hwd.ide Using IDE file autor-ld.ide Using IDE file fakea-en.ide Using IDE file autor-lf.ide Using IDE file zlob-apd.ide Using IDE file pushdo-x.ide Using IDE file bancb-qz.ide Using IDE file dwnl-hiw.ide Using IDE file bho-hh.ide Using IDE file agen-hwr.ide Using IDE file yahlov-a.ide Using IDE file agen-hwt.ide Using IDE file poiso-ag.ide Using IDE file autor-li.ide Using IDE file pws-auf.ide Using IDE file agen-hwu.ide Using IDE file bckd-qpt.ide Using IDE file bank-ens.ide Using IDE file autor-lj.ide Using IDE file mdro-bwg.ide Using IDE file agen-hwy.ide Using IDE file zapch-eh.ide Using IDE file agen-hxb.ide Using IDE file emold-a.ide Using IDE file dorf-bv.ide Using IDE file zlob-ape.ide Using IDE file vb-ebj.ide Using IDE file autor-ln.ide Using IDE file autor-lq.ide Using IDE file autor-lr.ide Using IDE file dwnl-hjg.ide Using IDE file merein-a.ide Using IDE file zlob-apg.ide Using IDE file dwnl-hjh.ide Using IDE file mdro-bwh.ide Using IDE file autor-lt.ide Using IDE file agen-hxo.ide Using IDE file obfjs-bd.ide Using IDE file agen-hxq.ide Using IDE file drop-bb.ide Using IDE file autor-ly.ide Using IDE file autor-lz.ide Using IDE file fakev-gl.ide Using IDE file silly-cr.ide Using IDE file bank-ent.ide Using IDE file fakea-et.ide Using IDE file pdfex-w.ide Using IDE file zlob-api.ide Using IDE file autor-mb.ide Using IDE file agen-hxw.ide Using IDE file agen-hxy.ide Using IDE file ifram-bh.ide Using IDE file fakea-ev.ide Using IDE file agen-hyc.ide Using IDE file autor-mc.ide Using IDE file acespa-a.ide Using IDE file asp-d.ide Using IDE file autor-md.ide Using IDE file onlin-be.ide Using IDE file onlin-bf.ide Using IDE file renos-be.ide Using IDE file banc-bep.ide Using IDE file agen-hym.ide Using IDE file psw-fw.ide Using IDE file pws-aup.ide Using IDE file onlin-bh.ide Using IDE file autor-me.ide Using IDE file zlob-apn.ide Using IDE file agen-hyo.ide Using IDE file dloa-bwh.ide Using IDE file autor-mf.ide Using IDE file pws-auq.ide Using IDE file agen-hyv.ide Using IDE file agen-hyy.ide Using IDE file bho-hj.ide Using IDE file agen-hzb.ide Using IDE file pws-aut.ide Using IDE file dloa-bwo.ide Using IDE file dloa-bwr.ide Using IDE file pdfex-aa.ide Using IDE file agen-hzu.ide Using IDE file fakev-go.ide Using IDE file autor-ml.ide Using IDE file zimeno-c.ide Using IDE file obfjs-bf.ide Using IDE file autor-mo.ide Using IDE file bank-e.ide Using IDE file ifgif-a.ide Using IDE file agen-iab.ide Using IDE file wowpw-bf.ide Using IDE file pws-auy.ide Using IDE file bckd-qpz.ide Using IDE file gimmiv-a.ide Using IDE file injec-db.ide Using IDE file agen-iaj.ide Using IDE file pdfex-ac.ide Using IDE file dwnl-hjp.ide Using IDE file agen-iam.ide Using IDE file meredr-b.ide Using IDE file agen-iao.ide Using IDE file agen-ias.ide Using IDE file formad-a.ide Using IDE file dwnl-hjq.ide Using IDE file ambler-g.ide Using IDE file agen-iaw.ide Using IDE file fakea-iy.ide Using IDE file agen-iaz.ide Using IDE file swizz-oj.ide Using IDE file dloa-bwz.ide Using IDE file fakeal-a.ide Using IDE file skintr-d.ide Using IDE file agen-hny.ide Using IDE file votera-b.ide Using IDE file agen-ibh.ide Using IDE file imaut-d.ide Using IDE file fanbot-l.ide Using IDE file agen-ibm.ide Using IDE file dloa-bxb.ide Using IDE file mdro-bwl.ide Using IDE file freezo-d.ide Using IDE file dload-ed.ide Using IDE file ircb-acv.ide Using IDE file fakev-gt.ide Using IDE file agen-ibw.ide Using IDE file wimad-k.ide Using IDE file zbot-ar.ide Using IDE file agen-ibz.ide Using IDE file dloa-bxh.ide Using IDE file dloa-bxj.ide Using IDE file autor-nc.ide Using IDE file fanbot-m.ide Using IDE file fakea-fp.ide Using IDE file drop-bg.ide Using IDE file agen-ice.ide Using IDE file dwnld-e.ide Using IDE file agen-ich.ide Using IDE file zipcar-b.ide Using IDE file tiotua-w.ide Using IDE file fakea-fs.ide Using IDE file fakev-gw.ide Using IDE file dloa-bxm.ide Using IDE file dloa-bsb.ide Using IDE file smal-emq.ide Using IDE file mourn-a.ide Using IDE file autor-nj.ide Using IDE file dloa-bxp.ide Using IDE file banlo-fz.ide Using IDE file autor-nk.ide Using IDE file bho-hp.ide Using IDE file swfdlr-c.ide Using IDE file zlob-aqd.ide Full Scanning Could not open C:\Documents and Settings\Bouhy\Local Settings\Temp\etilqs_hPc1pGw0rLz7xJH5ufm9 Could not open C:\WINDOWS\system32\drivers\sptd.sys 1 boot sector swept. 56727 files swept in 1 hour, 28 minutes and 8 seconds. 2 errors were encountered. No viruses were discovered. Ending Sophos Anti-Virus. Et merci de votre aide ! ! !
  5. Hijackthis a été installé puis lancé correctement. Voici le rapport généré ; Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:55:41, on 02/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1142694690890 O16 - DPF: {EFFDEEEC-F9E1-4461-91D2-DAEB8CC595F1} (CSViewer Control) - http://192.168.1.5/CSViewer.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8395 bytes @+
  6. Bonjour, Après un scan d'antivir, ce dernier m'indique une infection par le malware DR/Gifar.gen Je lance donc une opération nettoyage avec Spybot + Ad Aware mais sans résultat, le malware est toujours là. Sur le net je ne trouve pas de méthode pour m'en débarrasser, tout ce que je trouve c'est sa description : http://www.avira.com/fr/threats/section/fu..._gifar.gen.html Si quelqu'un connait une procédure pour le supprimer, je suis preneur. En vous remerciant pour vos réponses. [EDIT] UN GRAND MERCI A APOLLO POUR SON AIDE !
×
×
  • Créer...