gguilhem
-
Compteur de contenus
19 -
Inscription
-
Dernière visite
gguilhem's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
bhin merci beaucoup... j'ai fais c'que tu m'as dis. En ce qui conserne IE je voulais le virer carrément après un virus qui me fesait des attaques de pop up mais apperement c'était pas une bonne idée Wé je crois que ça devrait suffire pour l'instant ça tourne bien et antivir me trouve pleins de trojans que je mets en access deny. Ah oui juste vaudrait mieux que je vire mes rapports non ?? C'est que y'a tout mon ordi la dessus je me sens... tout nu -
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
Voila le rapport... Y'a encore des problèmes ?? parce que la machine roule bien maintenant. En tout cas merci de ta patience... J'serais pas capable de comprendre toute ces ligne de textes -
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
-
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
Ola... Arf oui désolé pour les cracks, je dois pas en avoir beaucoup... J'essaye le plus possible de toper des licences libres mais desfois -
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
ComboFix 08-09-05.09 - Administrateur 2008-09-08 18:37:41.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.644 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\ravmonlog C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk C:\Program Files\antispy C:\Program Files\antispy\xp-AntiSpy.exe . ((((((((((((((((((((((((((((( Fichiers créés 2008-08-08 to 2008-09-08 )))))))))))))))))))))))))))))))))))) . 2008-09-08 18:01 . 2008-09-08 18:01 <REP> d-------- C:\WINDOWS\system32\xircom 2008-09-08 18:01 . 2008-09-08 18:01 <REP> d-------- C:\Program Files\microsoft frontpage 2008-09-08 17:53 . 2008-09-08 17:53 <REP> d-------- C:\WINDOWS\ERUNT 2008-09-07 23:05 . 2008-09-08 18:05 <REP> d-------- C:\SDFix 2008-09-07 22:08 . 2008-09-07 22:08 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-07 22:08 . 2008-09-07 22:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-07 22:08 . 2008-09-07 22:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-09-07 22:08 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-07 22:08 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-07 19:59 . 2008-09-07 20:15 106,496 --a------ C:\WINDOWS\system32\A3.tmp 2008-09-07 17:45 . 2008-09-07 18:53 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\VMNTOOLBAR 2008-09-06 02:35 . 2008-09-07 17:28 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-09-06 02:35 . 2008-09-06 02:35 1,409 --a------ C:\WINDOWS\QTFont.for 2008-08-26 21:39 . 2008-08-26 21:39 <REP> d-------- C:\Program Files\ASIO4ALL v2 2008-08-26 21:38 . 2008-08-26 21:38 <REP> d-------- C:\Program Files\Outsim 2008-08-25 13:19 . 2008-08-25 13:26 2,756 --a------ C:\WINDOWS\system32\tmp.reg 2008-08-25 13:18 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-08-25 13:18 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-08-25 13:18 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-08-25 13:18 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-08-25 13:18 . 2008-08-14 21:52 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-08-25 13:18 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe 2008-08-25 13:18 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-08-25 13:18 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-08-25 13:18 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-08-25 13:15 . 2008-08-25 13:15 <REP> d-------- C:\Program Files\Trend Micro 2008-08-23 14:02 . 2008-08-23 14:02 39 --a------ C:\Piste 12jitt 2008-08-23 13:59 . 2008-08-23 14:02 10,082,847 --a------ C:\Piste 12.mp3 2008-08-23 13:59 . 2008-08-23 14:02 1,690,966 --a------ C:\Piste 02.mp3 2008-08-23 13:59 . 2008-08-23 13:59 39 --a------ C:\Piste 01jitt 2008-08-23 13:57 . 2008-08-23 13:59 5,093,250 --a------ C:\Piste 01.mp3 2008-08-23 13:54 . 2008-08-23 13:54 <REP> d-------- C:\Program Files\AudioCDMagic 2008-08-13 20:39 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll 2008-08-13 00:13 . 2008-08-13 00:13 <REP> d-------- C:\Program Files\Plan play . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-08 16:08 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2 2008-09-08 15:40 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\.purple 2008-09-07 18:31 106,496 ----a-w C:\WINDOWS\system32\5D.tmp 2008-09-07 18:31 106,496 ----a-w C:\WINDOWS\system32\59.tmp 2008-09-07 18:31 106,496 ----a-w C:\WINDOWS\system32\55.tmp 2008-09-07 18:31 106,496 ----a-w C:\WINDOWS\system32\54.tmp 2008-09-07 18:31 106,496 ----a-w C:\WINDOWS\system32\53.tmp 2008-09-07 18:30 106,496 ----a-w C:\WINDOWS\system32\52.tmp 2008-09-07 18:30 106,496 ----a-w C:\WINDOWS\system32\51.tmp 2008-09-07 18:30 106,496 ----a-w C:\WINDOWS\system32\50.tmp 2008-09-07 18:30 106,496 ----a-w C:\WINDOWS\system32\4F.tmp 2008-09-07 18:30 106,496 ----a-w C:\WINDOWS\system32\4E.tmp 2008-09-07 18:30 106,496 ----a-w C:\WINDOWS\system32\4D.tmp 2008-09-07 18:30 106,496 ----a-w C:\WINDOWS\system32\4C.tmp 2008-09-07 18:30 106,496 ----a-w C:\WINDOWS\system32\4B.tmp 2008-09-07 18:12 106,496 ----a-w C:\WINDOWS\system32\91.tmp 2008-09-07 18:12 106,496 ----a-w C:\WINDOWS\system32\90.tmp 2008-09-07 18:11 106,496 ----a-w C:\WINDOWS\system32\8A.tmp 2008-09-07 18:10 106,496 ----a-w C:\WINDOWS\system32\85.tmp 2008-09-07 18:08 106,496 ----a-w C:\WINDOWS\system32\72.tmp 2008-09-07 18:07 106,496 ----a-w C:\WINDOWS\system32\6A.tmp 2008-09-07 18:07 106,496 ----a-w C:\WINDOWS\system32\69.tmp 2008-09-07 18:07 106,496 ----a-w C:\WINDOWS\system32\68.tmp 2008-09-07 18:07 106,496 ----a-w C:\WINDOWS\system32\67.tmp 2008-09-07 18:06 106,496 ----a-w C:\WINDOWS\system32\66.tmp 2008-09-07 18:06 106,496 ----a-w C:\WINDOWS\system32\65.tmp 2008-09-07 18:06 106,496 ----a-w C:\WINDOWS\system32\64.tmp 2008-09-07 18:06 106,496 ----a-w C:\WINDOWS\system32\63.tmp 2008-09-07 18:06 106,496 ----a-w C:\WINDOWS\system32\62.tmp 2008-09-07 18:06 106,496 ----a-w C:\WINDOWS\system32\61.tmp 2008-09-07 18:05 106,496 ----a-w C:\WINDOWS\system32\5C.tmp 2008-09-07 18:05 106,496 ----a-w C:\WINDOWS\system32\5B.tmp 2008-09-07 18:05 106,496 ----a-w C:\WINDOWS\system32\5A.tmp 2008-09-07 18:04 106,496 ----a-w C:\WINDOWS\system32\58.tmp 2008-09-07 18:04 106,496 ----a-w C:\WINDOWS\system32\57.tmp 2008-09-07 18:04 106,496 ----a-w C:\WINDOWS\system32\56.tmp 2008-09-07 18:02 106,496 ----a-w C:\WINDOWS\system32\46.tmp 2008-09-07 16:59 --------- d-----w C:\Program Files\Mozilla Thunderbird 2008-09-07 16:23 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\vmntoolbar 2008-09-07 14:10 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\foobar2000 2008-09-01 16:30 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\gtk-2.0 2008-08-31 23:43 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\FileZilla 2008-08-28 18:13 --------- d-----w C:\Program Files\Java 2008-08-26 20:12 --------- d-----w C:\Program Files\Soulseek 2008-08-26 19:38 --------- d-----w C:\Program Files\VstPlugins 2008-08-26 19:38 --------- d-----w C:\Program Files\Image-Line 2008-08-25 11:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Book Slow Axis Web 2008-08-25 10:38 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Plan play 2008-08-22 15:15 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-08-06 16:38 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-07-26 00:18 --------- d-----w C:\Program Files\FileZilla FTP Client 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-13 18:56 --------- d-----w C:\Program Files\MP3 Player Product Tool 5.11 2008-07-10 14:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AdobeUM 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:37 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2007-03-24 19:01 42,777 ----a-w C:\Program Files\ngavse10.zip 2007-03-15 06:28 5,819,120 ----a-w C:\Program Files\Firefox Setup 2.0.0.2.exe 2007-01-30 17:16 104,527,384 ----a-w C:\Program Files\Macromedia.Dreamweaver.MX.2004.v7.01+patch FR+serial.rar 2005-12-21 21:20 4,042,280 ----a-w C:\Documents and Settings\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\LimeWireWin.exe 2005-03-10 09:30 15,814,200 ----a-w C:\Documents and Settings\Limewire Lime Wire Pro v.4.10.0.1 Cracked with Java Runtime Environment\Java Runtime Environment.exe 2004-09-17 16:07 92,407,612 ----a-w C:\Program Files\CHESS MASTER 8000 FR (jeu d'echec).exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec1.dll" [2008-04-15 1470488] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] 2008-04-15 09:35 1470488 --a------ C:\Program Files\Secured_eMule\tbSec1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}"= "C:\Program Files\Secured_eMule\tbSec1.dll" [2008-04-15 1470488] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1D1B60FD-B21F-4B9A-8A5F-64E8544828D7}"= "C:\Program Files\Secured_eMule\tbSec1.dll" [2008-04-15 1470488] [HKEY_CLASSES_ROOT\clsid\{1d1b60fd-b21f-4b9a-8a5f-64e8544828d7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-10-31 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-04-21 171448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2000-10-16 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 7700480] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-11-17 86016] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 282624] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-05-16 185784] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "avast!"="C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008] "SoundMan"="SOUNDMAN.EXE" [2006-06-20 C:\WINDOWS\soundman.exe] "nwiz"="nwiz.exe" [2006-11-17 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-10-31 15360] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-15 113664] Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193] D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248] HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Soulseek\\slsk.exe"= "C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"= "C:\\programmes\\Civilization4.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "18591:TCP"= 18591:TCP:NortonAV "13884:TCP"= 13884:TCP:NortonAV "16397:TCP"= 16397:TCP:NortonAV "12864:TCP"= 12864:TCP:NortonAV "14979:TCP"= 14979:TCP:NortonAV "18639:TCP"= 18639:TCP:NortonAV "18071:TCP"= 18071:TCP:NortonAV "15985:TCP"= 15985:TCP:NortonAV "16704:TCP"= 16704:TCP:NortonAV "14971:TCP"= 14971:TCP:NortonAV "16422:TCP"= 16422:TCP:NortonAV "17904:TCP"= 17904:TCP:NortonAV "17247:TCP"= 17247:TCP:NortonAV "18883:TCP"= 18883:TCP:NortonAV "17899:TCP"= 17899:TCP:NortonAV "17179:TCP"= 17179:TCP:NortonAV "15050:TCP"= 15050:TCP:NortonAV "12712:TCP"= 12712:TCP:NortonAV "15205:TCP"= 15205:TCP:NortonAV "12757:TCP"= 12757:TCP:NortonAV "16198:TCP"= 16198:TCP:NortonAV "14904:TCP"= 14904:TCP:NortonAV "17743:TCP"= 17743:TCP:NortonAV "12666:TCP"= 12666:TCP:NortonAV "15333:TCP"= 15333:TCP:NortonAV "16642:TCP"= 16642:TCP:NortonAV "17112:TCP"= 17112:TCP:NortonAV "15986:TCP"= 15986:TCP:NortonAV "14901:TCP"= 14901:TCP:NortonAV "13739:TCP"= 13739:TCP:NortonAV "14748:TCP"= 14748:TCP:NortonAV "17064:TCP"= 17064:TCP:NortonAV "18835:TCP"= 18835:TCP:NortonAV "18054:TCP"= 18054:TCP:NortonAV "16320:TCP"= 16320:TCP:NortonAV "12944:TCP"= 12944:TCP:NortonAV "13028:TCP"= 13028:TCP:NortonAV "18598:TCP"= 18598:TCP:NortonAV "14188:TCP"= 14188:TCP:NortonAV "18742:TCP"= 18742:TCP:NortonAV "17349:TCP"= 17349:TCP:NortonAV "18762:TCP"= 18762:TCP:NortonAV "17731:TCP"= 17731:TCP:NortonAV "12070:TCP"= 12070:TCP:NortonAV "12619:TCP"= 12619:TCP:NortonAV "15278:TCP"= 15278:TCP:NortonAV "17770:TCP"= 17770:TCP:NortonAV "15903:TCP"= 15903:TCP:NortonAV "12222:TCP"= 12222:TCP:NortonAV "14299:TCP"= 14299:TCP:NortonAV "16782:TCP"= 16782:TCP:NortonAV "13155:TCP"= 13155:TCP:NortonAV "16611:TCP"= 16611:TCP:NortonAV "16407:TCP"= 16407:TCP:NortonAV "13034:TCP"= 13034:TCP:NortonAV "14198:TCP"= 14198:TCP:NortonAV "15376:TCP"= 15376:TCP:NortonAV "17804:TCP"= 17804:TCP:NortonAV "12295:TCP"= 12295:TCP:NortonAV "15478:TCP"= 15478:TCP:NortonAV "13067:TCP"= 13067:TCP:NortonAV R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-07-26 162432] R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-07-26 12032] R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-04-03 2368] R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);C:\WINDOWS\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880] S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512] S3 jatmlano;jatmlano;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jatmlano.sys [ ] S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-09-02 38528] S3 tarp1394;tarp1394;C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tarp1394.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5414271e-67b2-11dc-9e98-0017315df950}] \Shell\AutoRun\command - 8ot8y86.exe \Shell\explore\Command - 8ot8y86.exe \Shell\open\Command - 8ot8y86.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96ec52a2-427d-11dc-9e33-0017315df950}] \Shell\AutoRun\command - E:\LaunchU3.exe *Newly Created Service* - MBR *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - HKCU-Run-Simp - C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe HKCU-Run-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe HKLM-Run-WinampAgent - C:\Program Files\Winamp\winampa.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\d558g1o3.default\ FF -: plugin - C:\Documents and Settings\Administrateur\Application Data\VideoEgg\Loader\4665\npvideoegg-loader.dll FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\browser\nppdf32.dll FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-08 18:38:46 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-09-08 18:40:02 ComboFix-quarantined-files.txt 2008-09-08 16:39:51 Pre-Run: 6,099,496,960 octets libres Post-Run: 6,187,851,776 octets libres 288 --- E O F --- 2008-08-14 01:01:00 -
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK -
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
Voici le rapport SDfix: Voila ça à l'air d'aller mieux.. merci pour ton aide SDFix: Version 1.222 Run by Administrateur on 08/09/2008 at 17:56 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Rootkit: C:\WINDOWS\system32\drivers\tdssserv.sys - Rootkit.Win32.Agent.cku Name : tdssserv {DEF85C80-216A-43ab-AF70-1665EDBE2780} Path : \systemroot\system32\drivers\TDSSserv.sys \??\C:\WINDOWS\TEMP\37F.tmp tdssserv - Deleted {DEF85C80-216A-43ab-AF70-1665EDBE2780} - Deleted Restoring Default Security Values Restoring Default Hosts File Restoring Default Desktop Wallpaper Restoring Default ScreenSaver value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\lphcc6sj0e94g.exe - Deleted C:\WINDOWS\system32\pphcc6sj0e94g.exe - Deleted C:\Program Files\rhc96sj0e94g\database.dat - Deleted C:\Program Files\rhc96sj0e94g\license.txt - Deleted C:\Program Files\rhc96sj0e94g\MFC71.dll - Deleted C:\Program Files\rhc96sj0e94g\MFC71ENU.DLL - Deleted C:\Program Files\rhc96sj0e94g\msvcp71.dll - Deleted C:\Program Files\rhc96sj0e94g\msvcr71.dll - Deleted C:\Program Files\rhc96sj0e94g\rhc96sj0e94g.exe - Deleted C:\Program Files\rhc96sj0e94g\rhc96sj0e94g.exe.local - Deleted C:\Program Files\rhc96sj0e94g\Uninstall.exe - Deleted C:\WINDOWS\system32\phcc6sj0e94g.bmp - Deleted C:\WINDOWS\system32\blphcc6sj0e94g.scr - Deleted C:\WINDOWS\SYSTEM32\WINDOW~1.EXE - Deleted C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt177.tmp.exe - Deleted C:\Documents and Settings\Administrateur\Mes documents\My Documents.url - Deleted C:\Documents and Settings\Administrateur\Mes documents\Ma musique\My Music.url - Deleted C:\Documents and Settings\Administrateur\Mes documents\Mes images\My Pictures.url - Deleted C:\Documents and Settings\Administrateur\Mes documents\Mes vid‚os\My Video.url - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt16E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt32.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt34.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt67.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6C.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt71.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt76.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt177.tmp.exe - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE.tmp.vbs - Deleted C:\WINDOWS\system32\a.exe - Deleted C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk - Deleted C:\smp.bat - Deleted C:\WINDOWS\system32\windows_update.exe - Deleted C:\WINDOWS\system32\winsrc.dll.tmp - Deleted C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted C:\WINDOWS\Temp\ed47fa.$ - Deleted C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted C:\WINDOWS\system32\tdssinit.dll - Deleted C:\WINDOWS\system32\tdssl.dll - Deleted C:\WINDOWS\system32\tdsslog.dll - Deleted C:\WINDOWS\system32\tdssmain.dll - Deleted C:\WINDOWS\system32\tdssserf.dll - Deleted C:\WINDOWS\system32\tdssservers.dat - Deleted Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer Folder C:\Program Files\rhc96sj0e94g - Removed Folder C:\Documents and Settings\Administrateur\Application Data\rhc96sj0e94g - Removed Folder C:\Documents and Settings\Administrateur\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-08 18:03:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000091 "TracesSuccessful"=dword:00000009 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Mule\\eMule\\emule.exe"="C:\\Mule\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Secway\\SimpLite-MSN 2.1\\SimpLite-MSN.exe"="C:\\Program Files\\Secway\\SimpLite-MSN 2.1\\SimpLite-MSN.exe:*:Enabled:SimpLite-MSN" "C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Torrent P2P application" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application" "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek" "C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"="C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe:*:Enabled:Homeworld2" "C:\\programmes\\Civilization4.exe"="C:\\programmes\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "C:\\jeux\\HL2\\hl2.exe"="C:\\jeux\\HL2\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Enabled:Wish Application" "C:\\WINDOWS\\system32\\a.exe"="C:\\WINDOWS\\system32\\a.exe:*:Disabled:a" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sun 31 Oct 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" Sun 31 Oct 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Wed 28 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 20 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 1 Nov 2007 15,872 A.SH. --- "C:\Program Files\4Musics WAV to MP3 Converter\wdmdrvmgr\amd64\wdmdrvmgr.exe" Thu 1 Nov 2007 9,216 A.SH. --- "C:\Program Files\4Musics WAV to MP3 Converter\wdmdrvmgr\i386\wdmdrvmgr.exe" Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Fichiers communs\Motorola Shared\MotPCSDrivers\difxapi.dll" Finished! ...et voici le rapport par le nouveau Hijackthis.... ok.... -
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
ça a l'air d'aller vraiment mieux.. Merci pour ton aide.. voici le rapport c'est grave docteur? SDFix: Version 1.222 Run by Administrateur on 08/09/2008 at 17:56 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Rootkit: C:\WINDOWS\system32\drivers\tdssserv.sys - Rootkit.Win32.Agent.cku Name : tdssserv {DEF85C80-216A-43ab-AF70-1665EDBE2780} Path : \systemroot\system32\drivers\TDSSserv.sys \??\C:\WINDOWS\TEMP\37F.tmp tdssserv - Deleted {DEF85C80-216A-43ab-AF70-1665EDBE2780} - Deleted Restoring Default Security Values Restoring Default Hosts File Restoring Default Desktop Wallpaper Restoring Default ScreenSaver value Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\lphcc6sj0e94g.exe - Deleted C:\WINDOWS\system32\pphcc6sj0e94g.exe - Deleted C:\Program Files\rhc96sj0e94g\database.dat - Deleted C:\Program Files\rhc96sj0e94g\license.txt - Deleted C:\Program Files\rhc96sj0e94g\MFC71.dll - Deleted C:\Program Files\rhc96sj0e94g\MFC71ENU.DLL - Deleted C:\Program Files\rhc96sj0e94g\msvcp71.dll - Deleted C:\Program Files\rhc96sj0e94g\msvcr71.dll - Deleted C:\Program Files\rhc96sj0e94g\rhc96sj0e94g.exe - Deleted C:\Program Files\rhc96sj0e94g\rhc96sj0e94g.exe.local - Deleted C:\Program Files\rhc96sj0e94g\Uninstall.exe - Deleted C:\WINDOWS\system32\phcc6sj0e94g.bmp - Deleted C:\WINDOWS\system32\blphcc6sj0e94g.scr - Deleted C:\WINDOWS\SYSTEM32\WINDOW~1.EXE - Deleted C:\Documents and Settings\Administrateur\Local Settings\Temp\.tt177.tmp.exe - Deleted C:\Documents and Settings\Administrateur\Mes documents\My Documents.url - Deleted C:\Documents and Settings\Administrateur\Mes documents\Ma musique\My Music.url - Deleted C:\Documents and Settings\Administrateur\Mes documents\Mes images\My Pictures.url - Deleted C:\Documents and Settings\Administrateur\Mes documents\Mes vid‚os\My Video.url - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt1.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt16E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt2F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt32.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt34.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3D.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt3F.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt58.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5A.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt67.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6C.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt71.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt76.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7E.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttB.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttD.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE.tmp - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt177.tmp.exe - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt4.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt5.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt6.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt7.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt8.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.tt9.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttA.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttC.tmp.vbs - Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\.ttE.tmp.vbs - Deleted C:\WINDOWS\system32\a.exe - Deleted C:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk - Deleted C:\smp.bat - Deleted C:\WINDOWS\system32\windows_update.exe - Deleted C:\WINDOWS\system32\winsrc.dll.tmp - Deleted C:\WINDOWS\Temp\bca4e2da.$$$ - Deleted C:\WINDOWS\Temp\ed47fa.$ - Deleted C:\WINDOWS\Temp\fa56d7ec.$$$ - Deleted C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted C:\WINDOWS\system32\tdssinit.dll - Deleted C:\WINDOWS\system32\tdssl.dll - Deleted C:\WINDOWS\system32\tdsslog.dll - Deleted C:\WINDOWS\system32\tdssmain.dll - Deleted C:\WINDOWS\system32\tdssserf.dll - Deleted C:\WINDOWS\system32\tdssservers.dat - Deleted Note - Files associated with the MBR Rootkit have been found on this system, to check the PC use the MBR Rootkit Detector by Gmer Folder C:\Program Files\rhc96sj0e94g - Removed Folder C:\Documents and Settings\Administrateur\Application Data\rhc96sj0e94g - Removed Folder C:\Documents and Settings\Administrateur\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#w*w.redtube.com - Removed Removing Temp Files ADS Check : Final Check : catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-08 18:03:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000091 "TracesSuccessful"=dword:00000009 scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Mule\\eMule\\emule.exe"="C:\\Mule\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Secway\\SimpLite-MSN 2.1\\SimpLite-MSN.exe"="C:\\Program Files\\Secway\\SimpLite-MSN 2.1\\SimpLite-MSN.exe:*:Enabled:SimpLite-MSN" "C:\\Program Files\\BitDownload\\BitDownload.exe"="C:\\Program Files\\BitDownload\\BitDownload.exe:*:Enabled:Torrent P2P application" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application" "C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek" "C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe"="C:\\Program Files\\Sierra\\Homeworld2\\Bin\\Release\\Homeworld2.exe:*:Enabled:Homeworld2" "C:\\programmes\\Civilization4.exe"="C:\\programmes\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4" "C:\\jeux\\HL2\\hl2.exe"="C:\\jeux\\HL2\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\aMSN\\bin\\wish.exe"="C:\\Program Files\\aMSN\\bin\\wish.exe:*:Enabled:Wish Application" "C:\\WINDOWS\\system32\\a.exe"="C:\\WINDOWS\\system32\\a.exe:*:Disabled:a" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Sun 31 Oct 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" Sun 31 Oct 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe" Wed 28 Mar 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 20 Jun 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Thu 1 Nov 2007 15,872 A.SH. --- "C:\Program Files\4Musics WAV to MP3 Converter\wdmdrvmgr\amd64\wdmdrvmgr.exe" Thu 1 Nov 2007 9,216 A.SH. --- "C:\Program Files\4Musics WAV to MP3 Converter\wdmdrvmgr\i386\wdmdrvmgr.exe" Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Fichiers communs\Motorola Shared\MotPCSDrivers\difxapi.dll" Finished! -
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
ouais t'as raison.. merci -
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
Heu merde jcrois pas .. en faite il ne me le propose pas le mode sans echec -
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
J'ai l'impression qu'il ne sepasse rien lorsque j'appuie sur Y dans le dossier run this bat... -
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
j'ai deja relancé, àça fait pareil, impossible de fermer le programme.. -
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
comment je fais pour savoir si il travaille? le programme en question lui ne repond pas.. -
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
Resalut malwarebytes s'arrête d'analyser au bout de 3 minutes et n'a pas l'air de vouloir aller plus loint.. le petit sablier s'affiche.. c'est normal? j'attends encore? en tout cas j'apprécie ton aide -
probleme avec antivirus XP 08
gguilhem a répondu à un(e) sujet de gguilhem dans Analyses et éradication malwares
OK desolé donc voici: Logfile of HijackThis v1.99.1 Scan saved at 18:25:18, on 07/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rmctrl.exe C:\WINDOWS\system32\taskswitch.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\lphcc6sj0e94g.exe C:\Program Files\rhc96sj0e94g\rhc96sj0e94g.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\pphcc6sj0e94g.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\Iexplore.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.265\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by Godzilla R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Secured_eMule Toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSec1.dll O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~2\VMNTOO~1\VMNTOO~1.DLL O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [lphcc6sj0e94g] C:\WINDOWS\system32\lphcc6sj0e94g.exe O4 - HKLM\..\Run: [sMrhc96sj0e94g] C:\Program Files\rhc96sj0e94g\rhc96sj0e94g.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [simp] C:\Program Files\Secway\SimpLite-MSN 2.1\SimpLite-MSN.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [33325599141153940319370145727861] C:\Program Files\AV9\av2009.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{E1AC557C-5348-41E5-8393-05AB0FB0829F}: NameServer = 192.168.1.1 O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe