Contenu de drims

Plus de connexion wifi

drims a posté un sujet dans Internet & Réseaux

Bonjour, Je viens de changer d'ordinateur (ordinateur de récupération) et je n'arrive pas à me connecter à internet avec le wifi. Ethernet fonctionne sans problème. Ma carte réseau fonctionne normalement. J'ai contacté mon fournisseur d'accès et passé une demi heure avec un conseiller, mais sans résultats. Y aurait-il quelqu'un pour me porter assistance ? Merci

le 10 mars 2010
2 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Salut Falkra, Juste un petit mot pour terminer. Je pense avoir trouvé l'origine de l'infection de mon ordi. Mon ami qui est indien regarde des films en streaming sur un site qui s'appelle TAMILPEEK. J'ai frôlé de peu la ré-infection l'autre jour... Bon mon ordi est au top de sa forme, ma connexion internet pas trop... Je vais peut-être créer un nouveau post... Merci pour tout !

le 27 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Mille mercis Falkra ! Pour bien finir la série, ma Live Box m'a lâchée et je ne pouvais plus te répondre, Je n'aurais jamais assez de mots pour te dire ma reconnaissance ! Un gros merci pour avoir pris le temps de m'aider, et aussi pour tous ces conseils et les liens vers les tuto Ciao

le 25 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Le dernier rapport ... je croise les doigts ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:41:43, on 23/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Acer\eManager\anbmServ.exe C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\internet explorer\iexplore.exe C:\DOCUME~1\SENTIE~1\LOCALS~1\Temp\Répertoire temporaire 1 pour HiJackThis[3].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86" O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe -- End of file - 6205 bytes

le 23 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

J'ai profité que antivir soit à nouveau actif pour scanner mon ordi. Je t'envoie le rapport : Avira AntiVir Personal Report file date: mardi 22 juillet 2008 12:33 Scanning for 1487515 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: ACER-86ABAAF10A Version information: BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16 ANTIVIR2.VDF : 7.0.5.144 1690624 Bytes 21/07/2008 10:22:26 ANTIVIR3.VDF : 7.0.5.150 37376 Bytes 22/07/2008 10:22:26 Engineversion : 8.1.1.11 AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:52 AESCRIPT.DLL : 8.1.0.59 307579 Bytes 22/07/2008 10:22:36 AESCN.DLL : 8.1.0.23 119156 Bytes 22/07/2008 10:22:34 AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:52 AEPACK.DLL : 8.1.2.1 364917 Bytes 22/07/2008 10:22:34 AEOFFICE.DLL : 8.1.0.21 192891 Bytes 22/07/2008 10:22:32 AEHEUR.DLL : 8.1.0.43 1339767 Bytes 22/07/2008 10:22:32 AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:52 AEGEN.DLL : 8.1.0.29 307573 Bytes 09/07/2008 08:46:52 AEEMU.DLL : 8.1.0.6 430451 Bytes 09/07/2008 08:46:52 AECORE.DLL : 8.1.1.6 172405 Bytes 22/07/2008 10:22:28 AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02 AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:22 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 22 juillet 2008 12:33 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'WiFiStation.exe' - '1' Module(s) have been scanned Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'E_S4I0R2.EXE' - '1' Module(s) have been scanned Scan process 'HKCMD.EXE' - '1' Module(s) have been scanned Scan process 'IGFXTRAY.EXE' - '1' Module(s) have been scanned Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned Scan process 'REALPLAY.EXE' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'anbmServ.exe' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 37 processes with 37 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '67' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\a [DETECTION] Is the TR/Hoax.Renos.bfn Trojan [NOTE] The file was moved to '48bfb7cb.qua'! C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48bfb7cb.qua [0] Archive type: HIDDEN --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48bfb7cb.qua [DETECTION] Is the TR/Hoax.Renos.bfn Trojan [NOTE] The file was moved to '48e7ba32.qua'! C:\Documents and Settings\sentier nature\Application Data\Sun\Java\Deployment\cache\6.0\16\2635d3d0-64f77813 [0] Archive type: ZIP --> OP.class [DETECTION] Contains recognition pattern of the EXP/ByteVerify.I exploit [NOTE] The file was moved to '48b8ba76.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP12\A0000834.exe [DETECTION] Is the TR/Tibs.NJ.3 Trojan [NOTE] The file was moved to '48b5bc66.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP13\A0001022.DLL [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc71.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP14\A0002049.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc76.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP15\A0002282.DLL [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc80.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP16\A0002298.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc85.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP16\A0002299.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc88.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP19\A0002339.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc8d.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP19\A0002340.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc8f.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP19\A0002355.DLL [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc92.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP19\A0002371.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc95.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP19\A0002372.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bc99.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002472.dll [DETECTION] Is the TR/Vundo.Gen Trojan [NOTE] The file was moved to '48b5bca0.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002542.DLL [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48b5bca7.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002559.exe [DETECTION] Is the TR/Tibs.NJ.3 Trojan [NOTE] The file was moved to '48b5bcab.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002560.exe [DETECTION] Is the TR/Hoax.Renos.bfn Trojan [NOTE] The file was moved to '48b5bcae.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002567.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5bcb2.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002617.DLL [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48b5bcb6.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002631.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5be45.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002661.exe [DETECTION] Is the TR/Vapsup.hbh.2 Trojan [NOTE] The file was moved to '48b5be4d.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002662.EXE [DETECTION] Is the TR/Hoax.Renos.bfn Trojan [NOTE] The file was moved to '48b5be4e.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002678.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5be4f.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002681.DLL [DETECTION] Is the TR/Vundo.FAT.1 Trojan [NOTE] The file was moved to '4914f2c8.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002704.DLL [DETECTION] Is the TR/Monderb.92672 Trojan [NOTE] The file was moved to '48b5be50.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP20\A0002733.dll [DETECTION] Is the TR/Monderb.93248 Trojan [NOTE] The file was moved to '48b5be51.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002779.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be53.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002781.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f2cc.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002783.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be54.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002784.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f2cd.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002785.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be55.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002786.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f3f6.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002787.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be57.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002788.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be56.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002789.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f3f7.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002790.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f3f8.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002791.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be58.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002792.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f2c1.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002793.exe [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be5a.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002794.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be59.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002795.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f2c2.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002796.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be5b.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002797.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f2c3.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002798.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be5c.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP21\A0002799.dll [DETECTION] Is the TR/Killav.28714 Trojan [NOTE] The file was moved to '4914f3fd.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0002962.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48b5be63.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0002964.dll [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48b5be64.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0002965.dll [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '4914f3c5.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0002966.DLL [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48b5be66.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0003001.exe [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0003001.exe [0] Archive type: RAR SFX (self extracting) --> SmitfraudFix\IEDFix.C.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5be68.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP22\A0003009.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5be69.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP23\A0003236.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5be6e.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP27\A0003586.exe [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP27\A0003586.exe [0] Archive type: RAR SFX (self extracting) --> SmitfraudFix\IEDFix.C.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/IRC.Chazz.41 back-door program [NOTE] The file was moved to '48b5be78.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\ogvgxevb.dll.vir [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48fbbebe.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\opnolMCr.dll.vir [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48f3bec7.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\qtccqool.dll.vir [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48e8becb.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\tuvVOGyw.dll.vir [DETECTION] Is the TR/Trash.Gen Trojan [NOTE] The file was moved to '48fbbecd.qua'! C:\QooBox\Quarantine\C\WINDOWS\system32\wntnjx.dll.vir [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '48f9bec6.qua'! Begin scan in 'D:\' <ACERDATA> End of the scan: mardi 22 juillet 2008 13:03 Used time: 29:46 Minute(s) The scan has been done completely. 2773 Scanning directories 219344 Files were scanned 61 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 59 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 219281 Files not concerned 6432 Archives were scanned 2 Warnings 59 Notes

le 22 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Youpi, le parapluie de antivir s'est enfin ouvert Et la mise à jour fonctionne aussi Trop le bonheur Est-ce qu'il reste autre chose à faire ?

le 22 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Bonjour Falkra, Ca y est j'ai réussi à désinstaller Avast de mon ordi en passant par le mode sans échec... Ouf ! Je suis prête pour la suite

le 22 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Salut Falkra Bon t'en as pas encore fini avec moi... J'avais déjà essayé de désinstaller Avast en passant par ajout/suppression de programmes mais à chaque fois un message d'erreur apparaissait. C'est toujours le cas : Erreur inconnue, le programme ne peut pas charger iNews (C:\Program Files\Alwil Software\Avast4\DATA\iNews.htm). J'ai voulu télécharger aswClear sur mon bureau, mais un message d'erreur s'affiche : The avast self protection module is enabled. For this reason, the operation cannot be completed. To complete the operation, either run this program from Window Safe Mode, or disable the Avast self protection (Via settings / Troubleshooting page). Je fais quoi ?

le 21 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Falkra mon sauveur Effectivement je sens que mon ordi va beaucoup mieux ! Plus de pages de pub qui s'ouvrent sans arrêt, ça fait du bien ! Mes mises à jour qui étaient désactivées sont réactivées. Antivir, par contre, j'ai toujours pas compris comment le remettre en route Je te poste le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:19, on 20/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\internet explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86" O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 6390 bytes

le 20 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Bonjour Falkra, J'ai ici le rapport de Combo Fix. J'ai eu 5 minutes de doute car il ne voulait pas s'exécuter et m'affichait un message "Date Error, check your settings". Après traduction, j'ai vérifié la date de mon ordi et tout s'est arrangé ComboFix 08-07-19.1 - sentier nature 2008-07-20 11:29:10.1 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.206 [GMT 2:00] Endroit: C:\Documents and Settings\sentier nature\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\sentier nature\Menu Démarrer\Programmes\Antivirus 2008 PRO C:\WINDOWS\system32\aajhrdpm.ini C:\WINDOWS\system32\bvtkjnob.ini C:\WINDOWS\system32\hycjsrxs.ini C:\WINDOWS\system32\jfuafobv.ini C:\WINDOWS\system32\kpaigpbs.ini C:\WINDOWS\system32\lfigndqu.ini C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\mcrmuhvu.ini C:\WINDOWS\system32\ogvgxevb.dll C:\WINDOWS\system32\opnolMCr.dll C:\WINDOWS\system32\peobvpqx.ini C:\WINDOWS\system32\pwwvlmdh.ini C:\WINDOWS\system32\qtccqool.dll C:\WINDOWS\system32\quhckoug.ini C:\WINDOWS\system32\tnclolko.ini C:\WINDOWS\system32\tuvVOGyw.dll C:\WINDOWS\system32\wntnjx.dll C:\WINDOWS\system32\wrotclxe.ini C:\WINDOWS\system32\wyGOVvut.ini . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))))))) . 2008-07-14 13:31 . 2008-07-14 13:31 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-14 13:31 . 2008-07-14 13:31 <REP> d-------- C:\Documents and Settings\sentier nature\Application Data\Malwarebytes 2008-07-14 13:31 . 2008-07-14 13:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-14 13:31 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-07-14 13:31 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-11 11:18 . 2008-07-11 11:18 <REP> d-------- C:\Lop SD 2008-07-10 23:54 . 2008-07-10 23:54 <REP> d-------- C:\Program Files\Navilog1 2008-07-03 12:59 . 2008-03-29 22:59 33,224 --a------ C:\a 2008-07-03 12:33 . 2008-07-03 12:33 <REP> d-------- C:\Program Files\Enigma Software Group 2008-06-22 21:02 . 2004-09-20 11:09 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-06-22 21:02 . 2004-09-20 11:09 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-06-22 21:02 . 2004-09-20 11:09 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-06-22 21:02 . 2004-09-20 19:10 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-06-22 21:02 . 2004-09-20 11:09 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-06-22 21:02 . 2004-09-20 19:10 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris 2008-06-22 21:02 . 2004-09-20 11:09 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau 2008-06-22 21:02 . 2008-06-22 21:02 <REP> d-------- C:\Documents and Settings\Administrateur 2008-06-22 20:55 . 2008-06-22 20:55 <REP> d--hs---- C:\FOUND.000 2008-06-22 20:17 . 2008-06-22 20:17 <REP> d-------- C:\Program Files\Avira 2008-06-22 15:49 . 2008-06-22 15:49 <REP> d-------- C:\Program Files\Avira(2) . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-10 15:21 4,566 ----a-w C:\WINDOWS\system32\tmp.reg 2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "epm-dm"="c:\acer\epm\epm-dm.exe" [2004-07-14 14:19 151552] "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-20 19:57 98304] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-20 19:57 532480] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-21 11:52 40960] "RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-03-20 14:11 26112] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392] "LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2004-07-30 11:30 319488] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-11 01:55 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-11 01:51 118784] "EPSON Stylus C86 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE" [2003-11-25 05:00 99840] "EPSON Stylus C66 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE" [2003-11-26 09:00 99840] "EPSON Stylus C64 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 05:08 99840] "ePowerManagement"="C:\Acer\ePM\ePM.exe" [2004-09-01 17:38 2876416] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 05:00 110592 C:\WINDOWS\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\System32\\java.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] R1 SMBHC;Pilote de contrôleur hôte du bus de gestion du système Microsoft;C:\WINDOWS\system32\DRIVERS\SMBHC.sys [2001-08-17 21:57] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2004-08-14 20:59] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2004-06-01 11:50] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2004-06-01 11:50] R3 IPN2220;acer IPN2220 Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\i2220ntx.sys [2004-03-30 08:23] R3 SMBBATT;Pilote de batterie intelligente Microsoft;C:\WINDOWS\system32\DRIVERS\SMBBATT.sys [2004-08-03 23:07] S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{366efef0-7ed2-11db-9b2d-00c09f843bc1}] \Shell\AutoRun\command - setupSNK.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-gufyjtgj - C:\WINDOWS\system32\eduxyjet.exe HKLM-Explorer_Run-1A1ktngkj5 - C:\Documents and Settings\All Users\Application Data\uzifcbmv\mdolevob.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-20 11:32:34 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\ACER\EMANAGER\ANBMSERV.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\PROGRAM FILES\HERCULES\WIFI STATION\WIFISTATION.EXE C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE . ************************************************************************** . Temps d'accomplissement: 2008-07-20 11:33:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-20 09:33:52 Pre-Run: 11,182,473,216 octets libres Post-Run: 11,784,093,696 octets libres 142 --- E O F --- 2008-06-17 14:43:50

le 20 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Salut Falkra ! Bon ben ça me rassure d'entendre que mon ordi va mieux... Voici le rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:04:55, on 16/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: {bad3a609-c6db-69db-6584-39104bf2dcf7} - {7fcd2fb4-0193-4856-bd96-bd6c906a3dab} - C:\WINDOWS\system32\wntnjx.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86" O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [gufyjtgj] C:\WINDOWS\system32\eduxyjet.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe O4 - HKLM\..\Policies\Explorer\Run: [1A1ktngkj5] C:\Documents and Settings\All Users\Application Data\uzifcbmv\mdolevob.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 6515 bytes

le 19 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Salut Falkra , Je t'envoie le rapport (éloquent !) de Malwarebytes et j'attends la suite Malwarebytes' Anti-Malware 1.20 Version de la base de données: 960 Windows 5.1.2600 Service Pack 2 13:45:32 14/07/2008 mbam-log-7-14-2008 (13-45-32).txt Type de recherche: Examen rapide Eléments examinés: 48906 Temps écoulé: 4 minute(s), 48 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 3 Clé(s) du Registre infectée(s): 20 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 4 Fichier(s) infecté(s): 31 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\tuvVOGyw.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\ogvgxevb.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\opnolMCr.dll (Trojan.Vundo) -> Unloaded module successfully. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3f113f5e-db47-42e5-8d86-a0a00bd8c1c0} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{3f113f5e-db47-42e5-8d86-a0a00bd8c1c0} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{84aa61c2-a977-4fd8-9e2f-c768f0387572} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{84aa61c2-a977-4fd8-9e2f-c768f0387572} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\opnolmcr (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\qvdntlmw.befq (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\qvdntlmw.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{0250b459-0f71-48f6-9784-cb7f2c338a0a} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{573d3df2-27cd-450c-b8e1-e055ad084307} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{2aec1dbc-9b63-4d34-ae5c-7c646abbb9a0} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c4c6922e-e06f-4ec1-89af-3f8ece0122f4} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\320d18a1 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{84aa61c2-a977-4fd8-9e2f-c768f0387572} (Trojan.Vundo) -> Delete on reboot. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvvogyw -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\tuvvogyw -> Delete on reboot. Dossier(s) infecté(s): C:\Program Files\SystemDefender (Rogue.SystemDefender) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\Suspicious (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\Infected (Rogue.Antivirus2008) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\tuvVOGyw.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\wyGOVvut.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\wyGOVvut.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qpxrrrmq.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qmrrrxpq.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\dgvrjiju.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ujijrvgd.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ogvgxevb.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\bvexgvgo.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\opnolMCr.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\edla.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\system32\tisffinn.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\idtdgayd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bgdmgz.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fnukrl.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sbhxjxgm.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bukahr.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ropkkvpd.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\xizxwg.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\zlib.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Program Files\Antivirus 2008 PRO\vscan.tsi (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\fmsxwqs.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\altvxvm.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\dwnrpofk.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\xvorfwbd.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\wpvmqosg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\vrmdtneg.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\ksendlbtrkd.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

le 18 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Et le rapport Hijackthis. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:21:41, on 11/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wscntfy.exe C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86" O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\qpxrrrmq.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [gufyjtgj] C:\WINDOWS\system32\eduxyjet.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe O4 - HKLM\..\Policies\Explorer\Run: [1A1ktngkj5] C:\Documents and Settings\All Users\Application Data\uzifcbmv\mdolevob.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://xscanner.spyshredderscanner.com/setup/webinst_fr.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 6353 bytes

le 14 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Salut Falkra, je t'envoie le premier rapport tout frais tout chaud : -----------------------[ Lop S&D 4.2.2-1 XP/Vista ]--------------------- [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : sentier nature ] [ "C:\Lop SD" ] [ Selection : 2 ] [ 11/07/2008 | 12:13:06,41 ] [ PC : ACER-86ABAAF10A ] [ MAJ : 09-07-2008 | 21:02 ] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ///////////////////////////// Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@adultfriendfinder[2].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@adin.bigpoint[1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@bigpoint[2].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@bigpoint[3].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@www.bigpoint[1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@banner.cotedazurpalace[2].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@cotedazurpalace[1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@banner.cotedazurpalace[3].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@cotedazurpalace[2].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@adopt.euroclick[1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@partygaming.122.2o7[1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@partypoker[1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@888[1].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@888[3].txt Supprime! - C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@888[2].txt //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ -------------[ Listing des dossiers dans APPLIC~1 ]------------ [20/09/2004|11:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [20/09/2004|11:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [20/09/2004|11:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [29/03/2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html [21/03/2008|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [29/03/2008|19:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [20/09/2004|11:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [20/09/2004|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [26/03/2007|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JARDIN8 [20/09/2004|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [25/04/2005|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [24/03/2008|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\uzifcbmv [20/09/2004|11:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [15/02/2008|16:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec [20/09/2004|11:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [20/03/2006|14:08] C:\DOCUME~1\SENTIE~1\APPLIC~1\Adobe [28/11/2006|12:07] C:\DOCUME~1\SENTIE~1\APPLIC~1\AdobeUM [05/03/2008|19:13] C:\DOCUME~1\SENTIE~1\APPLIC~1\Cabos [18/03/2008|22:24] C:\DOCUME~1\SENTIE~1\APPLIC~1\Cabos.plist [22/05/2005|22:37] C:\DOCUME~1\SENTIE~1\APPLIC~1\CyberLink [20/09/2004|11:09] C:\DOCUME~1\SENTIE~1\APPLIC~1\desktop.ini [02/03/2008|13:08] C:\DOCUME~1\SENTIE~1\APPLIC~1\dvdcss [07/05/2005|17:04] C:\DOCUME~1\SENTIE~1\APPLIC~1\Help [20/09/2004|11:23] C:\DOCUME~1\SENTIE~1\APPLIC~1\Identities [27/02/2008|09:38] C:\DOCUME~1\SENTIE~1\APPLIC~1\InstallShield [18/03/2008|21:36] C:\DOCUME~1\SENTIE~1\APPLIC~1\LimeWire [15/02/2008|17:30] C:\DOCUME~1\SENTIE~1\APPLIC~1\Macromedia [20/09/2004|11:09] C:\DOCUME~1\SENTIE~1\APPLIC~1\Microsoft [17/03/2008|18:44] C:\DOCUME~1\SENTIE~1\APPLIC~1\Sun [25/04/2005|20:41] C:\DOCUME~1\SENTIE~1\APPLIC~1\Symantec [24/03/2006|12:08] C:\DOCUME~1\SENTIE~1\APPLIC~1\vlc [20/09/2004|11:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini [20/09/2004|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [20/09/2004|11:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------------- [11/07/2008 11:00][--ah-----] C:\WINDOWS\tasks\SA.DAT [05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [20/09/2004|11:28] C:\Program Files\Acer Inc [20/09/2004|11:32] C:\Program Files\Adobe [28/02/2008|19:51] C:\Program Files\Alwil Software [22/06/2008|20:17] C:\Program Files\Antivirus 2008 PRO [26/03/2007|21:06] C:\Program Files\Anuman Interactive [22/06/2008|20:17] C:\Program Files\Avira [22/06/2008|15:49] C:\Program Files\Avira(2) [12/07/2005|10:11] C:\Program Files\Common Files [20/09/2004|11:14] C:\Program Files\ComPlus Applications [20/09/2004|11:25] C:\Program Files\CONEXANT [20/09/2004|11:30] C:\Program Files\CyberLink [03/09/2005|18:41] C:\Program Files\EA Games [03/07/2008|12:33] C:\Program Files\Enigma Software Group [16/05/2005|15:23] C:\Program Files\EPSON [20/09/2004|11:09] C:\Program Files\Fichiers communs [08/06/2005|20:21] C:\Program Files\GameSpy Arcade [16/02/2008|20:27] C:\Program Files\Gpotato.eu [27/02/2008|09:38] C:\Program Files\Hercules [20/09/2004|11:21] C:\Program Files\InstallShield Installation Information [20/09/2004|11:22] C:\Program Files\Intel [20/09/2004|11:15] C:\Program Files\Internet Explorer [11/01/1988|22:30] C:\Program Files\Inventel [26/03/2007|21:11] C:\Program Files\Jardin [05/03/2008|19:12] C:\Program Files\Java [25/04/2005|20:33] C:\Program Files\Launch Manager [18/03/2008|21:35] C:\Program Files\LimeWire [20/09/2004|11:14] C:\Program Files\Messenger [20/09/2004|11:17] C:\Program Files\microsoft frontpage [25/04/2005|20:49] C:\Program Files\Microsoft Office [25/04/2005|21:00] C:\Program Files\Microsoft Plus! [25/04/2005|20:51] C:\Program Files\Microsoft Visual Studio [25/04/2005|20:52] C:\Program Files\Microsoft Works [25/04/2005|20:53] C:\Program Files\Microsoft.NET [20/09/2004|11:15] C:\Program Files\Movie Maker [20/09/2004|11:14] C:\Program Files\MSN [20/09/2004|11:14] C:\Program Files\MSN Gaming Zone [10/07/2008|23:54] C:\Program Files\Navilog1 [20/09/2004|11:15] C:\Program Files\NetMeeting [20/03/2006|14:10] C:\Program Files\Netscape [15/02/2008|16:38] C:\Program Files\Neuf [20/09/2004|11:31] C:\Program Files\NewTech Infosystems [20/09/2004|11:14] C:\Program Files\Online Services [20/09/2004|11:15] C:\Program Files\Outlook Express [20/03/2006|14:11] C:\Program Files\Real [20/09/2004|11:15] C:\Program Files\Services en ligne [20/09/2004|11:27] C:\Program Files\Synaptics [24/06/2008|13:28] C:\Program Files\SystemDefender [03/06/2006|19:22] C:\Program Files\THQ [26/03/2008|19:50] C:\Program Files\Trend Micro [20/09/2004|11:23] C:\Program Files\Uninstall Information [24/03/2006|12:08] C:\Program Files\VideoLAN [29/04/2005|00:33] C:\Program Files\Warcraft III [20/09/2004|11:14] C:\Program Files\Windows Media Player [20/09/2004|11:14] C:\Program Files\Windows NT [20/09/2004|11:15] C:\Program Files\WindowsUpdate [20/09/2004|11:17] C:\Program Files\xerox ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------ [20/03/2006|14:08] C:\Program Files\Fichiers communs\Adobe [25/04/2005|20:52] C:\Program Files\Fichiers communs\DESIGNER [05/09/2005|12:00] C:\Program Files\Fichiers communs\EPSON [20/09/2004|11:21] C:\Program Files\Fichiers communs\InstallShield [05/03/2008|19:12] C:\Program Files\Fichiers communs\Java [20/09/2004|11:09] C:\Program Files\Fichiers communs\Microsoft Shared [20/09/2004|11:15] C:\Program Files\Fichiers communs\MSSoap [20/09/2004|11:09] C:\Program Files\Fichiers communs\ODBC [20/03/2006|14:11] C:\Program Files\Fichiers communs\Real [20/09/2004|11:15] C:\Program Files\Fichiers communs\Services [20/09/2004|11:09] C:\Program Files\Fichiers communs\SpeechEngines [20/09/2004|11:15] C:\Program Files\Fichiers communs\System ---------------------------[ Process ]-------------------------- ... 40 ... OK ! ----------------------[ Recherche avec S_Lop ]--------------------- Aucun fichier / dossier Lop trouvé ! -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@es.bigpoint[2].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@fr1.darkorbit.bigpoint[1].txt ----------------------[ Verification du Registre ]---------------------- ..... OK ! --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts PROPRE ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-11 12:15:01 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- C:\WINDOWS\system32\wyGOVvut.ini2 C:\WINDOWS\system32\wyGOVvut.ini ! VUNDO Possible ! [F:2][D:1]-> C:\DOCUME~1\SENTIE~1\LOCALS~1\Temp [F:689][D:0]-> C:\DOCUME~1\SENTIE~1\Cookies [F:7679][D:20]-> C:\DOCUME~1\SENTIE~1\LOCALS~1\TEMPOR~1\content.IE5 [F:27][D:1]-> C:\Recycled --------------------[ Fin du rapport a 12:15:31,08 ]---------------------- Et le rapport Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:21:41, on 11/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wscntfy.exe C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86" O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\qpxrrrmq.dll",b O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [gufyjtgj] C:\WINDOWS\system32\eduxyjet.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe O4 - HKLM\..\Policies\Explorer\Run: [1A1ktngkj5] C:\Documents and Settings\All Users\Application Data\uzifcbmv\mdolevob.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://xscanner.spyshredderscanner.com/setup/webinst_fr.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 6353 bytes

le 14 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Falkra, voici le rapport Lop S&D. En voulant désactiver antivir, j'ai eu la surprise de voir qu'il était déjà désactivé et qu'il m'est impossible de le réactiver... J'y comprends rien. -----------------------[ Lop S&D 4.2.2-1 XP/Vista ]--------------------- [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : sentier nature ] [ "C:\Lop SD" ] [ Selection : 1 ] [ 11/07/2008 | 11:18:40,41 ] [ PC : ACER-86ABAAF10A ] [ MAJ : 09-07-2008 | 21:02 ] -------------[ Listing des dossiers dans Application Data ]------------ [20/09/2004|11:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [20/09/2004|11:23] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [20/09/2004|11:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [29/03/2008|19:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html [21/03/2008|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [29/03/2008|19:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira [20/09/2004|11:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [20/09/2004|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [26/03/2007|21:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JARDIN8 [20/09/2004|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [25/04/2005|20:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [24/03/2008|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\uzifcbmv [20/09/2004|11:09] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [15/02/2008|16:38] C:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec [20/09/2004|11:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [20/03/2006|14:08] C:\DOCUME~1\SENTIE~1\APPLIC~1\Adobe [28/11/2006|12:07] C:\DOCUME~1\SENTIE~1\APPLIC~1\AdobeUM [05/03/2008|19:13] C:\DOCUME~1\SENTIE~1\APPLIC~1\Cabos [18/03/2008|22:24] C:\DOCUME~1\SENTIE~1\APPLIC~1\Cabos.plist [22/05/2005|22:37] C:\DOCUME~1\SENTIE~1\APPLIC~1\CyberLink [20/09/2004|11:09] C:\DOCUME~1\SENTIE~1\APPLIC~1\desktop.ini [02/03/2008|13:08] C:\DOCUME~1\SENTIE~1\APPLIC~1\dvdcss [07/05/2005|17:04] C:\DOCUME~1\SENTIE~1\APPLIC~1\Help [20/09/2004|11:23] C:\DOCUME~1\SENTIE~1\APPLIC~1\Identities [27/02/2008|09:38] C:\DOCUME~1\SENTIE~1\APPLIC~1\InstallShield [18/03/2008|21:36] C:\DOCUME~1\SENTIE~1\APPLIC~1\LimeWire [15/02/2008|17:30] C:\DOCUME~1\SENTIE~1\APPLIC~1\Macromedia [20/09/2004|11:09] C:\DOCUME~1\SENTIE~1\APPLIC~1\Microsoft [17/03/2008|18:44] C:\DOCUME~1\SENTIE~1\APPLIC~1\Sun [25/04/2005|20:41] C:\DOCUME~1\SENTIE~1\APPLIC~1\Symantec [24/03/2006|12:08] C:\DOCUME~1\SENTIE~1\APPLIC~1\vlc [20/09/2004|11:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini [20/09/2004|11:23] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [20/09/2004|11:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]--------------- [11/07/2008 11:00][--ah-----] C:\WINDOWS\tasks\SA.DAT [05/08/2004 05:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini ---------------[ Listing des dossiers dans C:\Program Files ]-------------- [20/09/2004|11:28] C:\Program Files\Acer Inc [20/09/2004|11:32] C:\Program Files\Adobe [28/02/2008|19:51] C:\Program Files\Alwil Software [22/06/2008|20:17] C:\Program Files\Antivirus 2008 PRO [26/03/2007|21:06] C:\Program Files\Anuman Interactive [22/06/2008|20:17] C:\Program Files\Avira [22/06/2008|15:49] C:\Program Files\Avira(2) [12/07/2005|10:11] C:\Program Files\Common Files [20/09/2004|11:14] C:\Program Files\ComPlus Applications [20/09/2004|11:25] C:\Program Files\CONEXANT [20/09/2004|11:30] C:\Program Files\CyberLink [03/09/2005|18:41] C:\Program Files\EA Games [03/07/2008|12:33] C:\Program Files\Enigma Software Group [16/05/2005|15:23] C:\Program Files\EPSON [20/09/2004|11:09] C:\Program Files\Fichiers communs [08/06/2005|20:21] C:\Program Files\GameSpy Arcade [16/02/2008|20:27] C:\Program Files\Gpotato.eu [27/02/2008|09:38] C:\Program Files\Hercules [20/09/2004|11:21] C:\Program Files\InstallShield Installation Information [20/09/2004|11:22] C:\Program Files\Intel [20/09/2004|11:15] C:\Program Files\Internet Explorer [11/01/1988|22:30] C:\Program Files\Inventel [26/03/2007|21:11] C:\Program Files\Jardin [05/03/2008|19:12] C:\Program Files\Java [25/04/2005|20:33] C:\Program Files\Launch Manager [18/03/2008|21:35] C:\Program Files\LimeWire [20/09/2004|11:14] C:\Program Files\Messenger [20/09/2004|11:17] C:\Program Files\microsoft frontpage [25/04/2005|20:49] C:\Program Files\Microsoft Office [25/04/2005|21:00] C:\Program Files\Microsoft Plus! [25/04/2005|20:51] C:\Program Files\Microsoft Visual Studio [25/04/2005|20:52] C:\Program Files\Microsoft Works [25/04/2005|20:53] C:\Program Files\Microsoft.NET [20/09/2004|11:15] C:\Program Files\Movie Maker [20/09/2004|11:14] C:\Program Files\MSN [20/09/2004|11:14] C:\Program Files\MSN Gaming Zone [10/07/2008|23:54] C:\Program Files\Navilog1 [20/09/2004|11:15] C:\Program Files\NetMeeting [20/03/2006|14:10] C:\Program Files\Netscape [15/02/2008|16:38] C:\Program Files\Neuf [20/09/2004|11:31] C:\Program Files\NewTech Infosystems [20/09/2004|11:14] C:\Program Files\Online Services [20/09/2004|11:15] C:\Program Files\Outlook Express [20/03/2006|14:11] C:\Program Files\Real [20/09/2004|11:15] C:\Program Files\Services en ligne [20/09/2004|11:27] C:\Program Files\Synaptics [24/06/2008|13:28] C:\Program Files\SystemDefender [03/06/2006|19:22] C:\Program Files\THQ [26/03/2008|19:50] C:\Program Files\Trend Micro [20/09/2004|11:23] C:\Program Files\Uninstall Information [24/03/2006|12:08] C:\Program Files\VideoLAN [29/04/2005|00:33] C:\Program Files\Warcraft III [20/09/2004|11:14] C:\Program Files\Windows Media Player [20/09/2004|11:14] C:\Program Files\Windows NT [20/09/2004|11:15] C:\Program Files\WindowsUpdate [20/09/2004|11:17] C:\Program Files\xerox ------[ Listing des dossiers dans C:\Program Files\Fichiers communs ]------ [20/03/2006|14:08] C:\Program Files\Fichiers communs\Adobe [25/04/2005|20:52] C:\Program Files\Fichiers communs\DESIGNER [05/09/2005|12:00] C:\Program Files\Fichiers communs\EPSON [20/09/2004|11:21] C:\Program Files\Fichiers communs\InstallShield [05/03/2008|19:12] C:\Program Files\Fichiers communs\Java [20/09/2004|11:09] C:\Program Files\Fichiers communs\Microsoft Shared [20/09/2004|11:15] C:\Program Files\Fichiers communs\MSSoap [20/09/2004|11:09] C:\Program Files\Fichiers communs\ODBC [20/03/2006|14:11] C:\Program Files\Fichiers communs\Real [20/09/2004|11:15] C:\Program Files\Fichiers communs\Services [20/09/2004|11:09] C:\Program Files\Fichiers communs\SpeechEngines [20/09/2004|11:15] C:\Program Files\Fichiers communs\System ---------------------------[ Process ]-------------------------- ... 42 IEXPLORE.EXE ~ [3960] ----------------------[ Recherche avec S_Lop ]--------------------- Aucun fichier / dossier Lop trouvé ! -----------------[ Recherche de Fichiers / Dossiers Lop ]----------------- C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@adultfriendfinder[2].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@adin.bigpoint[1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@bigpoint[2].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@bigpoint[3].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@www.bigpoint[1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@es.bigpoint[1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@fr1.darkorbit.bigpoint[2].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@banner.cotedazurpalace[2].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@cotedazurpalace[1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@banner.cotedazurpalace[3].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@cotedazurpalace[2].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@adopt.euroclick[1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@partygaming.122.2o7[1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@partypoker[1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@888[1].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@888[3].txt C:\DOCUME~1\SENTIE~1\Cookies\sentier nature@888[2].txt ----------------------[ Verification du Registre ]---------------------- ..... OK ! --------------------[ Verification du fichier Hosts ]--------------------- Fichier Hosts PROPRE ----------------[ Recherche de fichiers avec Catchme ]----------------- catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-11 11:20:34 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------[ Recherche d'autres infections ]--------------------- C:\WINDOWS\system32\wyGOVvut.ini2 C:\WINDOWS\system32\wyGOVvut.ini ! VUNDO Possible ! [F:1][D:1]-> C:\DOCUME~1\SENTIE~1\LOCALS~1\Temp [F:703][D:0]-> C:\DOCUME~1\SENTIE~1\Cookies [F:7630][D:20]-> C:\DOCUME~1\SENTIE~1\LOCALS~1\TEMPOR~1\content.IE5 [F:25][D:1]-> C:\Recycled --------------------[ Fin du rapport a 11:21:07,02 ]----------------------

le 14 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Voici le rapport que tu m'as demandé de t'envoyer : Search Navipromo version 3.6.0 commencé le 10/07/2008 à 23:56:12,02 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "sentier nature" Mise à jour le 27.06.2008 à 23h00 par IL-MAFIOSO Microsoft Windows XP [version 5.1.2600] Internet Explorer : 6.0.2900.2180 Système de fichiers : FAT32 Recherche executé en mode normal *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\WINDOWS" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" *** *** Recherche dossiers dans "c:\docume~1\alluse~1\menudÉ~1\progra~1" *** *** Recherche dossiers dans "C:\Documents and Settings\sentier nature\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\sentier nature\locals~1\applic~1" *** *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** *** Recherche dossiers dans "C:\Documents and Settings\sentier nature\menud+~1\progra~1" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net Aucun Fichier trouvé *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\WINDOWS\system32" * * Recherche dans "C:\Documents and Settings\sentier nature\locals~1\applic~1" * * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * *** Recherche fichiers *** C:\WINDOWS\system32\nvs2.inf trouvé ! *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\WINDOWS\system32" : * Dans "C:\Documents and Settings\sentier nature\locals~1\applic~1" : auwje.dat trouvé ! auwje_nav.dat trouvé ! auwje_navps.dat trouvé ! * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : C:\WINDOWS\system32\wyGOVvut.ini2 trouvé ! infection Vundo possible non traitée par cet outil ! *** Analyse terminée le 10/07/2008 à 23:57:27,92 ***

le 13 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Salut Falkra, Je viens de recevoir ton message. Je te renvoie le rapport SmitFraudFix comme tu me l'as demandé. Sinon le soir je bosse, donc je sais pas trop quand je rentre... Inchallah je serais là, mais pas avant 23 heures. SmitFraudFix v2.329 Rapport fait à 17:21:22,17, 10/07/2008 Executé à partir de C:\Documents and Settings\sentier nature\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\sentier nature\Bureau\SmitfraudFix\Policies.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\sentier nature »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\sentier nature\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SENTIE~1\FAVORIS »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Hercules Wireless G USB - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{D48F1699-C2D2-4F96-BA73-D28F7B2848AD}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{D48F1699-C2D2-4F96-BA73-D28F7B2848AD}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

le 13 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Et à suivre la rapport Hijackthis. J'attends tes prochaines instructions ! A+ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:30:54, on 09/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\cmd.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86" O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\uvhumrcm.dll",b O4 - HKCU\..\Run: [auwje] c:\documents and settings\sentier nature\local settings\application data\auwje.exe auwje O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [gufyjtgj] C:\WINDOWS\system32\eduxyjet.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe O4 - HKLM\..\Policies\Explorer\Run: [1A1ktngkj5] C:\Documents and Settings\All Users\Application Data\uzifcbmv\mdolevob.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://xscanner.spyshredderscanner.com/setup/webinst_fr.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 6445 bytes

le 12 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Falkra j'ai tout bien fait comme tu m'as dit. Merci pour tes explications claires ! Voici le rapport SmitFraudFix SmitFraudFix v2.329 Rapport fait à 23:26:10,67, 09/07/2008 Executé à partir de C:\Documents and Settings\sentier nature\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri Error while deleting C:\WINDOWS\ksendlbtrkd.dll. Error while deleting C:\WINDOWS\vrmdtneg.dll. »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\neltabxw.exe supprimé C:\WINDOWS\xpupdate.exe supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Hercules Wireless G USB - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{D48F1699-C2D2-4F96-BA73-D28F7B2848AD}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{D48F1699-C2D2-4F96-BA73-D28F7B2848AD}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{D48F1699-C2D2-4F96-BA73-D28F7B2848AD}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

le 12 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Bonjour, Falkra merci de ta réponse rapide, je n'étais pas là aussi j'ai un peu trainé à répondre. Pour avast, j'aimerais bien le virer mais il refuse obstinément. Sinon, j'ai antivir qui est actif mais j'ai eu un souci avec la clé qui était périmée et il ne fonctionnait plus... D'où les problèmes de virus apparus entretemps. J'ai réussi à le remettre en route mais un message d'erreur empêche la mise à jour. Enfin bref, comme tu le dis si bien, il y a du boulot ! A+ J'envoie le rapport SmitFraudFix : SmitFraudFix v2.329 Rapport fait à 9:40:10,60, 09/07/2008 Executé à partir de C:\Documents and Settings\sentier nature\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\neltabxw.exe PRESENT ! C:\WINDOWS\xpupdate.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\sentier nature »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\sentier nature\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SENTIE~1\FAVORIS »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri +--------------------------------------------------+ [!] Suspicious: ksendlbtrkd.dll BHO: QXK Olive - {F353D443-1CA5-45A9-AC79-66C5564A7FA8} TypeLib: {D466187F-B666-4EA5-BB43-E6854B102E4C} Interface: {70DFBEF5-DC3D-4468-A262-C23BEB5813ED} Interface: {8911F1B1-5AB7-42DB-B750-0D9AF843C831} [!] Suspicious: vrmdtneg.dll Toolbar: vrmdtneg - {46F332C7-D5E7-42BB-88FC-25CA1AB9BA20} TypeLib: {747547D7-5963-4F47-AE6B-38CFB7FA8198} Interface: {98F33BE4-FCBC-4704-A26C-863A6C0B175C} Classe: vrmdtneg.bfdv Classe: vrmdtneg.ToolBar.1 »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Hercules Wireless G USB - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{D48F1699-C2D2-4F96-BA73-D28F7B2848AD}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{D48F1699-C2D2-4F96-BA73-D28F7B2848AD}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{D48F1699-C2D2-4F96-BA73-D28F7B2848AD}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

le 12 juillet 2008
35 réponses

Ordi pollué (résolu)

drims a posté un sujet dans Analyses et éradication malwares

Bonjour à tous, Il y a quelques mois j'étais venue sur Zebulon pour des problèmes de pubs intempestives, qui avaient été résolus efficacement et rapidement. Et bien me voici de retour avec de nouvelles galères... J'en ai résolu un certain nombre dans la limite de mes compétences. J'envoie mon rapport Hijackthis pour savoir l'étendue du travail restant à faire... Qui peut me donner son avis ? En passant, j'ai effectué un scan avec Spyhunter qui m'a détecté 362 éléments "inquiétants" !? Qu'en penser ? J'ai enregistré le scan et je pourrais le poster au besoin. Bon ben merci des réponses ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:18:33, on 03/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\acer\epm\epm-dm.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Launch Manager\QtZgAcer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hercules\WiFi Station\WifiStation.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: vrmdtneg - {46F332C7-D5E7-42BB-88FC-25CA1AB9BA20} - C:\WINDOWS\vrmdtneg.dll O4 - HKLM\..\Run: [epm-dm] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [EPSON Stylus C86 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0R2.EXE /P23 "EPSON Stylus C86 Series" /O6 "USB002" /M "Stylus C86" O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB002" /M "Stylus C66" O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64" O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\oklolcnt.dll",b O4 - HKCU\..\Run: [auwje] c:\documents and settings\sentier nature\local settings\application data\auwje.exe auwje O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [gufyjtgj] C:\WINDOWS\system32\eduxyjet.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKLM\..\Policies\Explorer\Run: [1A1ktngkj5] C:\Documents and Settings\All Users\Application Data\uzifcbmv\mdolevob.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WiFi Station.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://xscanner.spyshredderscanner.com/setup/webinst_fr.cab O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- End of file - 6666 bytes

le 6 juillet 2008
35 réponses

Spyware secure : je nage dans le marasme

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Bon ben voilà, j'ai fait ce que tu m'as dit et effectivement il semble que je n'ai plus de soucis sur mon ordi, tout semble de retour à la normale. Alors je te dis vraiment un grand grand merci !

le 31 mars 2008
12 réponses

Spyware secure : je nage dans le marasme

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Et le second quand j'ai tout fait dans les règles : J'ai mis tout ce qui a été trouvé au scan en quarantaine !? Voilà, j'attends le retour ! Bonne soirée et bon week-end ! AntiVir PersonalEdition Classic Report file date: samedi 29 mars 2008 20:26 Scanning for 1169688 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: sentier nature Computer name: ACER-86ABAAF10A Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:33:04 ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 18:33:04 ANTIVIR3.VDF : 7.0.3.92 20480 Bytes 28/03/2008 18:33:04 AVEWIN32.DLL : 7.6.0.78 3408384 Bytes 29/03/2008 18:33:04 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 29/03/2008 18:33:04 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 29 mars 2008 20:26 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 11 processes with 11 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '44' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP1\A0001085.dll [DETECTION] Is the Trojan horse TR/BHO.Agent.221184 [iNFO] The file was moved to '481e9ef5.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP1\A0001086.dll [DETECTION] Is the Trojan horse TR/Shell.Eviell [iNFO] The file was moved to '481e9ef7.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP1\A0001087.dll [DETECTION] Is the Trojan horse TR/Shell.Eviell [iNFO] The file was moved to '481e9efa.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP1\A0001089.exe [DETECTION] Is the Trojan horse TR/Agent.fwi [iNFO] The file was moved to '481e9efc.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP1\A0001090.exe [DETECTION] Is the Trojan horse TR/Agent.fwi [iNFO] The file was moved to '481e9efe.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP1\A0001091.exe [DETECTION] Is the Trojan horse TR/Agent.fwi [iNFO] The file was moved to '481e9f01.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP1\A0001092.exe [DETECTION] Is the Trojan horse TR/Agent.fwi [iNFO] The file was moved to '481e9f02.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP1\A0001093.exe [DETECTION] Is the Trojan horse TR/Agent.fwi [iNFO] The file was moved to '481e9f05.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP2\A0001209.EXE [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '481e9f0c.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP2\A0001210.EXE [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [iNFO] The file was moved to '481e9f0e.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP2\A0001211.EXE [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '481e9f11.qua'! C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP2\A0001212.dll [DETECTION] Is the Trojan horse TR/BHO.Agent.221184 [iNFO] The file was moved to '481e9f15.qua'! Begin scan in 'D:\' <ACERDATA> End of the scan: samedi 29 mars 2008 20:57 Used time: 30:52 min The scan has been done completely. 2538 Scanning directories 199216 Files were scanned 12 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 12 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 199204 Files not concerned 6469 Archives were scanned 1 Warnings 0 Notes

le 29 mars 2008
12 réponses

Spyware secure : je nage dans le marasme

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Bonsoir ! J'ai désinstallé Avast pour le remplacer par Antivir. J'ai un ptit peu cafouillé par contre Bon, du coup il y a 2 rapports... Le premier avant que je lise toute la procédure et que je m'apercoive qu'il fallait d'abord redémarrer en mode sans échec Je l'ai interrompu en cours... Le voici : AntiVir PersonalEdition Classic Report file date: samedi 29 mars 2008 19:36 Scanning for 1169688 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: ACER-86ABAAF10A Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:33:04 ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 18:33:04 ANTIVIR3.VDF : 7.0.3.92 20480 Bytes 28/03/2008 18:33:04 AVEWIN32.DLL : 7.6.0.78 3408384 Bytes 29/03/2008 18:33:04 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 29/03/2008 18:33:04 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 29 mars 2008 19:36 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'WiFiStation.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned Scan process 'EDUXYJET.EXE' - '1' Module(s) have been scanned Module is infected -> 'C:\WINDOWS\system32\eduxyjet.exe' Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned Scan process 'AUWJE.EXE' - '1' Module(s) have been scanned Module is infected -> 'C:\documents and settings\sentier nature\local settings\application data\auwje.exe' Scan process '9WIFI.EXE' - '1' Module(s) have been scanned Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned Scan process 'E_S4I0R2.EXE' - '1' Module(s) have been scanned Scan process 'HKCMD.EXE' - '1' Module(s) have been scanned Scan process 'IGFXTRAY.EXE' - '1' Module(s) have been scanned Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned Scan process 'REALPLAY.EXE' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned Scan process 'MDOLEVOB.EXE' - '1' Module(s) have been scanned Module is infected -> 'C:\Documents and Settings\All Users\Application Data\uzifcbmv\mdolevob.exe' Scan process 'anbmServ.exe' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'ashServ.exe' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned Process 'EDUXYJET.EXE' has been terminated Process 'AUWJE.EXE' has been terminated Process 'MDOLEVOB.EXE' has been terminated C:\WINDOWS\system32\eduxyjet.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '48638cbd.qua'! C:\documents and settings\sentier nature\local settings\application data\auwje.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [iNFO] The file was moved to '48658cd1.qua'! C:\Documents and Settings\All Users\Application Data\uzifcbmv\mdolevob.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '485d8cd4.qua'! 44 processes with 41 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '40' files ). Starting the file scan: Begin scan in 'C:\' <ACER> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\drnpfdxrgq.dll [DETECTION] Is the Trojan horse TR/BHO.Agent.221184 [iNFO] The file was moved to '485c9120.qua'! End of the scan: samedi 29 mars 2008 20:21 Used time: 45:34 min The scan has been canceled! 2387 Scanning directories 192248 Files were scanned 7 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 4 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 192241 Files not concerned 6333 Archives were scanned 2 Warnings 0 Notes

le 29 mars 2008
12 réponses

Spyware secure : je nage dans le marasme

drims a répondu à un(e) sujet de drims dans Analyses et éradication malwares

Merci de ta précieuse aide, tu m'es d'un grand secours ! Je voudrais aussi savoir si je peux supprimer sans danger pour le fonctionnement de mon ordinateur les fichiers mis en quarantaine par avast : kernel32.dll, qvdntlmw.dll, winsock.dll, wsock32.dll ?

le 29 mars 2008
12 réponses

Connexion

drims

Compteur de contenus

Inscription

Dernière visite

Type de contenu

Profils

Forums

Blogs

Tout ce qui a été posté par drims

Plus de connexion wifi

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Ordi pollué (résolu)

Spyware secure : je nage dans le marasme

Spyware secure : je nage dans le marasme

Spyware secure : je nage dans le marasme

Spyware secure : je nage dans le marasme

Zebulon

Outils en ligne

Naviguer