patcar06
-
Compteur de contenus
29 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par patcar06
-
Virus dllcache impossible à supprimer
patcar06 a répondu à un(e) sujet de patcar06 dans Analyses et éradication malwares
Le voici : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:23:55, on 17/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\AVPersonal\AVWUPSRV.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [netmon] C:\WINDOWS\system\dllcache.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-796845957-117609710-1801674531-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Patrice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-796845957-117609710-1801674531-1003 Startup: palmOne Registration.lnk = C:\RECYCLER\S-1-5-21-796845957-117609710-1801674531-1004\Dc1\register.exe (User 'Patrice') O4 - S-1-5-21-796845957-117609710-1801674531-1003 User Startup: palmOne Registration.lnk = C:\RECYCLER\S-1-5-21-796845957-117609710-1801674531-1004\Dc1\register.exe (User 'Patrice') O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{511CCF1A-5470-4302-AB7F-63158B11BAD9}: NameServer = 62.231.32.10,62.231.32.11 O20 - AppInit_DLLs: O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe -- End of file - 7437 bytes -
Virus dllcache impossible à supprimer
patcar06 a répondu à un(e) sujet de patcar06 dans Analyses et éradication malwares
Ok c'est fait. Tout c'est bien passé. Apparemment le dllcache.exe n'apparait plus dans le dossier system et comodo ne le détecte plus. Y a t'il un anti-virus à faire tourner ou un check-up à faire ? -
Virus dllcache impossible à supprimer
patcar06 a répondu à un(e) sujet de patcar06 dans Analyses et éradication malwares
OK merci beaucoup pour cette réponse rapide. Voici le résultat de VirusTotal : Fichier dllcache.exe reçu le 2009.05.16 20:28:51 (CET) Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.05.16 Trojan.Vundo!IK AhnLab-V3 5.0.0.2 2009.05.16 Win32/IRCBot.worm.77312.G AntiVir 7.9.0.168 2009.05.15 - Antiy-AVL 2.0.3.1 2009.05.15 - Authentium 5.1.2.4 2009.05.16 - Avast 4.8.1335.0 2009.05.15 - AVG 8.5.0.336 2009.05.15 SHeur2.AFKZ BitDefender 7.2 2009.05.16 - CAT-QuickHeal 10.00 2009.05.15 (Suspicious) - DNAScan ClamAV 0.94.1 2009.05.16 - Comodo 1157 2009.05.08 - DrWeb 5.0.0.12182 2009.05.16 - eSafe 7.0.17.0 2009.05.14 Win32.VirToolDelfInj eTrust-Vet 31.6.6508 2009.05.16 Win32/IRCBot.MN F-Prot 4.4.4.56 2009.05.16 - F-Secure 8.0.14470.0 2009.05.16 Worm.Win32.AutoRun.fvv Fortinet 3.117.0.0 2009.05.16 PossibleThreat GData 19 2009.05.16 - Ikarus T3.1.1.49.0 2009.05.16 Trojan.Vundo K7AntiVirus 7.10.737 2009.05.16 - Kaspersky 7.0.0.125 2009.05.16 Worm.Win32.AutoRun.fvv McAfee 5616 2009.05.15 - McAfee+Artemis 5616 2009.05.15 Artemis!894EAB29F1CD McAfee-GW-Edition 6.7.6 2009.05.15 - Microsoft 1.4602 2009.05.16 VirTool:Win32/DelfInject.gen!J NOD32 4080 2009.05.15 Win32/AutoRun.Agent.NR Norman 6.01.05 2009.05.16 - nProtect 2009.1.8.0 2009.05.16 - Panda 10.0.0.14 2009.05.16 Suspicious file PCTools 4.4.2.0 2009.05.16 - Prevx 3.0 2009.05.16 High Risk Cloaked Malware Rising 21.29.52.00 2009.05.16 Trojan.DL.Win32.Undef.ekx Sophos 4.41.0 2009.05.16 Mal/Generic-A Sunbelt 3.2.1858.2 2009.05.16 VirTool-Win32/DelfInject.gen!J Symantec 1.4.4.12 2009.05.16 Trojan.Dropper TheHacker 6.3.4.1.326 2009.05.15 - TrendMicro 8.950.0.1092 2009.05.15 TROJ_SAFBOOT.MCL VBA32 3.12.10.5 2009.05.16 - ViRobot 2009.5.15.1737 2009.05.15 Worm.Win32.Autorun.77312.G VirusBuster 4.6.5.0 2009.05.16 Trojan.Inject.Gen.5 Information additionnelle File size: 77312 bytes MD5...: 894eab29f1cde00769033d8a4981b12b SHA1..: 4245e4b08b6fb02985f4bdefb63d21a0aaa469f0 SHA256: 345ebaf429da8f7173999c05ab5b3b773de6168d508f63267975ec424a977f1f SHA512: 7d382ab6ec0dfb02f8effc09279d0b972c4130fe1d625f0631ffd711c9dd5f88<br>4352d70f8335a63279c14a7ab3033c86f8b33d682d81c1a6aec4e3fccdc29e6e ssdeep: 1536:Ws7omb6pMet/U/5ZspNPJyhiMVXro2H3w2Tf23:WqrXet/25Zg8UMxEY3Pj<br>2<br> PEiD..: Armadillo v1.71 TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x3346<br>timedatestamp.....: 0x4a089802 (Mon May 11 21:26:26 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x6394 0x6400 6.53 ddced52e571c43824ac60dd437ff019a<br>.rdata 0x8000 0x93c 0xa00 5.15 d113629e51ae0a4fcc755612289ff002<br>.data 0x9000 0x41c0 0x2c00 1.18 8664e2ffc90e84847d3cbd2ce35f7b92<br>.tls 0xe000 0x0 0x9000 7.99 5a08cd081e26187fd0218d5d24379dc4<br><br>( 2 imports ) <br>> KERNEL32.dll: OpenProcess, GetModuleHandleA, CopyFileA, HeapAlloc, HeapFree, RtlUnwind, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, GetModuleFileNameA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, WriteFile, GetLastError, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, GetProcAddress, LoadLibraryA, SetStdHandle, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, FlushFileBuffers, CloseHandle<br>> ADVAPI32.dll: RegOpenKeyA, RegQueryValueExA, RegCloseKey<br><br>( 0 exports ) <br> PDFiD.: - RDS...: NSRL Reference Data Set<br>- <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=C325796D0065EC9F2E0A019BC857ED0098154C4B''>http://info.prevx.com/aboutprogramtext.asp?PX5=C325796D0065EC9F2E0A019BC857ED0098154C4B' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=C325796D0065EC9F2E0A019BC857ED0098154C4B</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=C325796D0065EC9F2E0A019BC857ED0098154C4B</a> Antivirus Version Dernière mise à jour Résultat a-squared 4.0.0.101 2009.05.16 Trojan.Vundo!IK AhnLab-V3 5.0.0.2 2009.05.16 Win32/IRCBot.worm.77312.G AntiVir 7.9.0.168 2009.05.15 - Antiy-AVL 2.0.3.1 2009.05.15 - Authentium 5.1.2.4 2009.05.16 - Avast 4.8.1335.0 2009.05.15 - AVG 8.5.0.336 2009.05.15 SHeur2.AFKZ BitDefender 7.2 2009.05.16 - CAT-QuickHeal 10.00 2009.05.15 (Suspicious) - DNAScan ClamAV 0.94.1 2009.05.16 - Comodo 1157 2009.05.08 - DrWeb 5.0.0.12182 2009.05.16 - eSafe 7.0.17.0 2009.05.14 Win32.VirToolDelfInj eTrust-Vet 31.6.6508 2009.05.16 Win32/IRCBot.MN F-Prot 4.4.4.56 2009.05.16 - F-Secure 8.0.14470.0 2009.05.16 Worm.Win32.AutoRun.fvv Fortinet 3.117.0.0 2009.05.16 PossibleThreat GData 19 2009.05.16 - Ikarus T3.1.1.49.0 2009.05.16 Trojan.Vundo K7AntiVirus 7.10.737 2009.05.16 - Kaspersky 7.0.0.125 2009.05.16 Worm.Win32.AutoRun.fvv McAfee 5616 2009.05.15 - McAfee+Artemis 5616 2009.05.15 Artemis!894EAB29F1CD McAfee-GW-Edition 6.7.6 2009.05.15 - Microsoft 1.4602 2009.05.16 VirTool:Win32/DelfInject.gen!J NOD32 4080 2009.05.15 Win32/AutoRun.Agent.NR Norman 6.01.05 2009.05.16 - nProtect 2009.1.8.0 2009.05.16 - Panda 10.0.0.14 2009.05.16 Suspicious file PCTools 4.4.2.0 2009.05.16 - Prevx 3.0 2009.05.16 High Risk Cloaked Malware Rising 21.29.52.00 2009.05.16 Trojan.DL.Win32.Undef.ekx Sophos 4.41.0 2009.05.16 Mal/Generic-A Sunbelt 3.2.1858.2 2009.05.16 VirTool-Win32/DelfInject.gen!J Symantec 1.4.4.12 2009.05.16 Trojan.Dropper TheHacker 6.3.4.1.326 2009.05.15 - TrendMicro 8.950.0.1092 2009.05.15 TROJ_SAFBOOT.MCL VBA32 3.12.10.5 2009.05.16 - ViRobot 2009.5.15.1737 2009.05.15 Worm.Win32.Autorun.77312.G VirusBuster 4.6.5.0 2009.05.16 Trojan.Inject.Gen.5 Information additionnelle File size: 77312 bytes MD5...: 894eab29f1cde00769033d8a4981b12b SHA1..: 4245e4b08b6fb02985f4bdefb63d21a0aaa469f0 SHA256: 345ebaf429da8f7173999c05ab5b3b773de6168d508f63267975ec424a977f1f SHA512: 7d382ab6ec0dfb02f8effc09279d0b972c4130fe1d625f0631ffd711c9dd5f88<br>4352d70f8335a63279c14a7ab3033c86f8b33d682d81c1a6aec4e3fccdc29e6e ssdeep: 1536:Ws7omb6pMet/U/5ZspNPJyhiMVXro2H3w2Tf23:WqrXet/25Zg8UMxEY3Pj<br>2<br> PEiD..: Armadillo v1.71 TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x3346<br>timedatestamp.....: 0x4a089802 (Mon May 11 21:26:26 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x6394 0x6400 6.53 ddced52e571c43824ac60dd437ff019a<br>.rdata 0x8000 0x93c 0xa00 5.15 d113629e51ae0a4fcc755612289ff002<br>.data 0x9000 0x41c0 0x2c00 1.18 8664e2ffc90e84847d3cbd2ce35f7b92<br>.tls 0xe000 0x0 0x9000 7.99 5a08cd081e26187fd0218d5d24379dc4<br><br>( 2 imports ) <br>> KERNEL32.dll: OpenProcess, GetModuleHandleA, CopyFileA, HeapAlloc, HeapFree, RtlUnwind, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, GetModuleFileNameA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, HeapReAlloc, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, WriteFile, GetLastError, SetFilePointer, GetCPInfo, GetACP, GetOEMCP, GetProcAddress, LoadLibraryA, SetStdHandle, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, FlushFileBuffers, CloseHandle<br>> ADVAPI32.dll: RegOpenKeyA, RegQueryValueExA, RegCloseKey<br><br>( 0 exports ) <br> PDFiD.: - RDS...: NSRL Reference Data Set<br>- <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=C325796D0065EC9F2E0A019BC857ED0098154C4B' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=C325796D0065EC9F2E0A019BC857ED0098154C4B</a> -
Virus dllcache impossible à supprimer
patcar06 a posté un sujet dans Analyses et éradication malwares
Bonjour à tous Depuis 2 jours est apparu un fichier dllcache.exe qui cherche à modifier mon registre. Je l'ai bloqué dans spybot (Modif de registres bloqués) ainsi que dans mon firewall Comodo. Je ne peux pas supprimer ce fichier pour la bonne raison qu'il n'apparait pas dans mes dossiers ! J'ai suivi la procédure d'analyse avant envoi d'un rapport, mais Avira ne le détecte pas. Par contre Hijackthis le détecte et d'après l'analyse de leur site ce fichier est "nasty". Pour tout vous dire je suis fautif car j'ai désactivé Comodo pour installer un logiciel et j'ai oublié de le réactiver. Je suis donc resté 2 ou 3 jours sans firewall. J'ai commencé à entendre des bips de mon antivirus (Avira) sans comprendre pourquoi soudainement j'étais autant attaqué ! Il faut dire qu'il n'y a pas de signe (croix rouge) sur l'icône pour signaler que Comodo est désactivé. Les effets de ce virus : Difficile voire impossible d'envoyer des mails. Affichage bizzare (sans les images) des sites internet. Fort ralentissement de la navigation internet (Comodo le bloque toutes les 2 secondes) Redémarrage du PC beaucoup plus lent Voici mon rapport Hijackthis en espérant que vous pourrez m'aider à nettoyer mon PC. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:51:27, on 16/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [netmon] C:\WINDOWS\system\dllcache.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-796845957-117609710-1801674531-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Patrice') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-21-796845957-117609710-1801674531-1003 Startup: palmOne Registration.lnk = C:\RECYCLER\S-1-5-21-796845957-117609710-1801674531-1004\Dc1\register.exe (User 'Patrice') O4 - S-1-5-21-796845957-117609710-1801674531-1003 User Startup: palmOne Registration.lnk = C:\RECYCLER\S-1-5-21-796845957-117609710-1801674531-1004\Dc1\register.exe (User 'Patrice') O4 - Startup: MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: ColorVisionStartup.lnk = C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{511CCF1A-5470-4302-AB7F-63158B11BAD9}: NameServer = 62.231.32.10,62.231.32.11 O20 - AppInit_DLLs: O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe -- End of file - 6873 bytes