Titans34
-
Compteur de contenus
5 -
Inscription
-
Dernière visite
Titans34's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Application win32 non valide, navigateurs bloqués
Titans34 a répondu à un(e) sujet de Titans34 dans Analyses et éradication malwares
merci pour ces conseils. Par contre pourquoi est il mieux de mettre en quarantaine un fichier infecté que de le supprimer? Pour avast, je l'ai supprimé hier donc normalement, il ne devrait apparaitre nul part dès que MBAM est fini j'installe antivir et Kerio -
Application win32 non valide, navigateurs bloqués
Titans34 a répondu à un(e) sujet de Titans34 dans Analyses et éradication malwares
oui je suis en train de faire le scan. Mais j'avoue que je ne comprends pas ce qui a rétabli internet car je ne peux toujours pas ouvrir avast et zone alarm. d'ailleurs pour zone alarm il faudrais que je le réinstalle pour le désinstaller à nouveau parce que je m'y suis un peu pris comme un goret. Sinon selon toi, tout est réparé??? Malgré que pendant pas mal de temps on me conseillait d'utiliser Avast, j'ai vu que sur les forums la tendance a changée vers Antivir. Par contre que me conseilles tu comme Firewall? est ce que je garde zone alarm? -
Application win32 non valide, navigateurs bloqués
Titans34 a répondu à un(e) sujet de Titans34 dans Analyses et éradication malwares
étonnamment, je comprends pas pourquoi ma connexion est revenu au bout de 3 jours comme ça. voici le Log Hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:11:45, on 18/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\WINDOWS\System32\TUProgSt.exe C:\WINDOWS\system32\00THotkey.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\TouchED\TouchED.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Nicolas\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8118;socks=127.0.0.1:9050 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.exe O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O15 - Trusted Zone: http://www.secuser.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/sit...b?1210521806718 O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichier...ion_3_0_3_1.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 8036 bytes -
Application win32 non valide, navigateurs bloqués
Titans34 a répondu à un(e) sujet de Titans34 dans Analyses et éradication malwares
ComboFix 09-01-18.01 - Nicolas 2009-01-18 22:48:46.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.2047.1543 [GMT 1:00] Lancé depuis: c:\documents and settings\Nicolas\Bureau\Titans34.exe AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) FW: ZoneAlarm Security Suite Firewall *enabled* * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\InfoSat.txt . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-18 au 2009-01-18 )))))))))))))))))))))))))))))))))))) . 2009-01-16 23:33 . 2009-01-16 23:33 664 --a------ c:\windows\system32\d3d9caps.dat 2009-01-16 17:40 . 2009-01-16 17:40 <REP> d-------- c:\program files\Avira 2009-01-16 07:19 . 2009-01-16 07:19 <REP> d-------- c:\documents and settings\Nicolas\Application Data\Malwarebytes 2009-01-16 07:19 . 2009-01-16 07:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-15 23:02 . 2009-01-15 23:02 <REP> d-------- C:\fsaua.data 2009-01-14 07:15 . 2009-01-14 07:15 <REP> d-------- c:\documents and settings\Nicolas\Application Data\AVS4YOU 2009-01-14 07:15 . 2009-01-14 07:15 <REP> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU 2009-01-14 07:13 . 2009-01-15 20:44 <REP> d-------- c:\program files\Fichiers communs\AVSMedia 2009-01-14 07:13 . 2007-03-01 11:08 974,848 --a------ c:\windows\system32\mfc70.dll 2009-01-14 07:13 . 2007-03-01 11:08 487,424 --a------ c:\windows\system32\msvcp70.dll 2009-01-11 22:35 . 2009-01-12 23:54 <REP> d-------- c:\documents and settings\Nicolas\dwhelper 2009-01-10 01:29 . 2009-01-10 01:29 <REP> d-------- c:\program files\Bonjour 2008-12-31 20:13 . 2008-12-31 20:13 360,192 --a------ c:\windows\system32\TuneUpDefragService.exe 2008-12-31 17:56 . 2008-12-31 17:57 <REP> d-------- c:\program files\TuneUp Utilities 2009 2008-12-31 17:56 . 2008-12-31 17:56 603,904 --a------ c:\windows\system32\TUProgSt.exe 2008-12-31 17:55 . 2008-12-31 17:55 <REP> d--hs---- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-12-24 16:14 . 2008-12-24 16:15 <REP> d-------- c:\program files\BurnInTest . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-18 12:47 --------- d-----w c:\documents and settings\Nicolas\Application Data\uTorrent 2009-01-16 21:21 --------- d-----w c:\documents and settings\Nicolas\Application Data\Ahead 2009-01-16 16:54 --------- d-----w c:\program files\Microsoft ActiveSync 2009-01-15 22:13 288,620 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-01-15 22:13 20,846,368 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-01-15 21:11 --------- d-----w c:\documents and settings\Nicolas\Application Data\TitansScreenServer 2009-01-15 19:12 --------- d-----w c:\program files\emule0.48a-Xtreme6.1 2009-01-14 22:58 3,000,832 ----a-w c:\windows\Internet Logs\xDB1C.tmp 2009-01-14 22:58 2,719,744 ----a-w c:\windows\Internet Logs\xDB1D.tmp 2009-01-12 23:21 3,126,784 ----a-w c:\windows\Internet Logs\xDB1A.tmp 2009-01-12 23:20 2,701,312 ----a-w c:\windows\Internet Logs\xDB1B.tmp 2009-01-09 18:05 --------- d-----w c:\documents and settings\Nicolas\Application Data\Canon 2009-01-09 06:20 2,838,528 ----a-w c:\windows\Internet Logs\xDB18.tmp 2009-01-09 06:20 2,695,168 ----a-w c:\windows\Internet Logs\xDB19.tmp 2009-01-08 06:20 79,360 ----a-w c:\windows\Internet Logs\xDB16.tmp 2009-01-08 06:20 2,693,632 ----a-w c:\windows\Internet Logs\xDB17.tmp 2009-01-07 22:51 76,800 ----a-w c:\windows\Internet Logs\xDB14.tmp 2009-01-07 22:51 2,693,632 ----a-w c:\windows\Internet Logs\xDB15.tmp 2009-01-07 22:41 2,772,992 ----a-w c:\windows\Internet Logs\xDBC1.tmp 2009-01-07 06:20 2,790,912 ----a-w c:\windows\Internet Logs\xDB12.tmp 2009-01-07 06:20 2,692,608 ----a-w c:\windows\Internet Logs\xDB13.tmp 2009-01-06 06:17 205,824 ----a-w c:\windows\Internet Logs\xDB11.tmp 2009-01-04 23:24 2,909,696 ----a-w c:\windows\Internet Logs\xDBF.tmp 2009-01-04 23:24 2,685,952 ----a-w c:\windows\Internet Logs\xDB10.tmp 2009-01-04 00:22 3,522,560 ----a-w c:\windows\Internet Logs\xDBD.tmp 2009-01-04 00:22 2,681,344 ----a-w c:\windows\Internet Logs\xDBE.tmp 2009-01-01 00:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2008-12-30 15:08 2,868,736 ----a-w c:\windows\Internet Logs\xDBC.tmp 2008-12-12 12:59 3,801,600 ----a-w c:\windows\Internet Logs\xDBA.tmp 2008-12-12 12:59 2,617,856 ----a-w c:\windows\Internet Logs\xDBB.tmp 2008-12-12 10:18 87,336 ----a-w c:\windows\system32\dns-sd.exe 2008-12-12 10:11 61,440 ----a-w c:\windows\system32\dnssd.dll 2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys 2008-12-07 17:40 --------- d-----w c:\documents and settings\Nicolas\Application Data\Bioshock 2008-11-30 07:40 3,849,728 ----a-w c:\windows\Internet Logs\xDB1E.tmp 2008-11-30 07:40 2,596,864 ----a-w c:\windows\Internet Logs\xDB1F.tmp 2008-11-28 17:21 2,593,792 ----a-w c:\windows\Internet Logs\xDB9.tmp 2008-11-24 05:06 2,571,264 ----a-w c:\windows\Internet Logs\xDB8.tmp 2008-11-23 17:54 --------- d-----w c:\program files\ma-config.com 2008-11-23 17:54 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com 2008-11-23 17:20 6,898,688 ----a-w c:\windows\Internet Logs\xDB6.tmp 2008-11-23 17:20 2,550,272 ----a-w c:\windows\Internet Logs\xDB7.tmp 2008-11-21 23:50 --------- d-----w c:\program files\iTunes 2008-11-21 23:50 --------- d-----w c:\program files\iPod 2008-11-21 23:50 --------- d-----w c:\program files\Fichiers communs\Apple 2008-11-21 23:50 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-21 23:48 --------- d-----w c:\program files\QuickTime 2008-11-21 17:05 --------- d-----w c:\documents and settings\Nicolas\Application Data\MailFrontier 2008-11-21 17:05 --------- d-----w c:\documents and settings\All Users\Application Data\MailFrontier 2008-11-19 23:05 --------- d-----w c:\program files\Fichiers communs\Adobe 2008-10-31 22:41 3,227,136 ----a-w c:\windows\Internet Logs\xDBCB.tmp 2008-10-31 22:41 2,475,520 ----a-w c:\windows\Internet Logs\xDBCC.tmp 2008-10-23 13:00 283,648 ----a-w c:\windows\system32\gdi32.dll 2008-05-10 20:35 56 --sh--r c:\windows\system32\9568553A1A.sys 2008-05-10 20:35 2,098 --sha-w c:\windows\system32\KGyGaAvL.sys . ------- Sigcheck ------- 2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys 2004-08-03 22:14 359040 9f4b36614a0fc234525ba224957de55c c:\windows\$NtUninstallKB941644$\tcpip.sys 2008-04-13 20:20 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\tcpip.sys 2008-09-26 17:07 360064 482ab7f9cd41702e8f856c11cfefb02d c:\windows\system32\dllcache\TCPIP.SYS 2008-09-26 17:07 360064 482ab7f9cd41702e8f856c11cfefb02d c:\windows\system32\drivers\TCPIP.SYS . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "00THotkey"="c:\windows\system32\00THotkey.exe" [2006-08-11 07:52 253952] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 178712] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-16 761947] "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-08-31 102400] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-13 8466432] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "000StTHK"="000StTHK.exe" [2001-06-23 04:28 24576 c:\windows\system32\000StTHK.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.I420"= i420vfw.dll "VIDC.HFYU"= huffyuv.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-11-04 10:30 413696 c:\program files\QuickTime\QTTask.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "AppleSyncNotifier"=c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" "nwiz"=nwiz.exe /install "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit "NeroFilterCheck"=c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"= "c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"= "c:\\Program Files\\Sega\\Universe At War Earth Assault\\UAWEA.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\emule0.48a-Xtreme6.1\\emule.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\HomePlayer\\HomePlayer.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25830:TCP"= 25830:TCP:BitComet 25830 TCP "25830:UDP"= 25830:UDP:BitComet 25830 UDP "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R3 ttv500x;TOSHIBA PCI TV Tuner(x86);c:\windows\system32\drivers\ttv500x.sys [2008-05-12 306432] R4 TOS_SPS;TOSHIBA SPS Driver;c:\program files\Fichiers communs\TOSHIBA Shared\tos_sps.sys [2006-07-28 189184] R4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-31 603904] S1 aswSP;avast! Self Protection; [x] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-11-17 195752] S4 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?] --- Autres Services/Pilotes en mémoire --- *Deregistered* - avgio *Deregistered* - avipbb *Deregistered* - ssmdrv . Contenu du dossier 'Tâches planifiées' 2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-01-18 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 15:04] 2008-05-11 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 11:01] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-ZoneAlarm Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=127.0.0.1:8118;socks=127.0.0.1:9050 uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 Trusted Zone: www.secuser.com c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe c:\windows\Downloaded Program Files\live.ini c:\windows\Downloaded Program Files\scanoptions.tsi c:\windows\Downloaded Program Files\lang.ini c:\windows\Downloaded Program Files\ipsupd.dll c:\windows\Downloaded Program Files\bdupd.dll c:\windows\Downloaded Program Files\libfn.dll c:\windows\Downloaded Program Files\bdcore.dll c:\windows\Downloaded Program Files\oscan8.ocx O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab c:\windows\Downloaded Program Files\oscan8.inf O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_0_3_1.cab c:\windows\Downloaded Program Files\hardwaredetection.inf FF - ProfilePath - c:\documents and settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\idd6vnf1.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.orange.fr/ FF - plugin: c:\documents and settings\Nicolas\Application Data\Mozilla\Firefox\Profiles\idd6vnf1.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll ---- PARAMETRES FIREFOX ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 22:49:48 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-329068152-1965331169-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:78,92,9c,f4,a8,e8,cb,8c,c7,e0,9e,11,5a,dd,ed,d9,f5,39,90,b0,59,a0,7d, 28,e7,1f,0b,95,61,c0,96,9c,04,29,89,c7,51,59,5c,71,69,98,2d,18,e6,84,da,f4,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . Heure de fin: 2009-01-18 22:51:00 ComboFix-quarantined-files.txt 2009-01-18 21:50:58 ComboFix2.txt 2009-01-18 12:52:15 Avant-CF: 63 304 994 816 octets libres Après-CF: 63,296,753,664 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer 245 --- E O F --- 2009-01-13 22:54:55 -
Application win32 non valide, navigateurs bloqués
Titans34 a posté un sujet dans Analyses et éradication malwares
Bonjour, je suis tout nouveau ici et mon premier message commence mal voilà j'avoue que j'ai fait une bétise en essayant de télécharger un crack pour un logiciel dont je n'avais même pas l'utilité en fait et j'ai attrapé le virus Bagle. Malgrès que je suis passé sur beaucoup de forums, j'ai essayé d'appliquer les mêmes solutions : antivir, combo fix, malwarebytes' anti malware, eliblaga.... mais rien n'a fonctionné surement parce que je n'ai pas du faire les choses dans l'ordre. Je remerci par avance la personne qui m'aidera.