Aller au contenu

haley

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    9

  • Inscription

  • Dernière visite

haley's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. haley
    merci beaucoup , j'espere que je n'aurais plus de pb a l'avenir bonne soirée, merci encore
  2. haley
    bonsoir, j'ai effectué un scan sur malwarebytes antimalwares voici le rapport: Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2176 Windows 5.1.2600 Service Pack 2 25/05/2009 17:32:49 mbam-log-2009-05-25 (17-32-49).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 238941 Temps écoulé: 1 hour(s), 40 minute(s), 17 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 12 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\AVP09 (Rogue.Antivirus2009) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AV2009 (Rogue.Antivirus2009) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\Menu Démarrer\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\HP_Propriétaire.PHAN-DENIS\Bureau\Saved\media_player_update.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire.PHAN-DENIS\Bureau\Saved\Codec.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire.PHAN-DENIS\Bureau\Saved\backups\backup-20090430-134753-303.dll (Adware.CooperativeAdvertiser) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP15\A0004779.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP15\A0004887.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP15\A0004893.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP15\A0004895.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP8\A0004494.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\_OTM\MovedFiles\05252009_153904\windows\system32\SysShield.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\HP_Propriétaire.TWOBABIES\winlogon.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\Antivirus 2009\SysShield.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00CC88C.exe.vir (Trojan.Vundo.V) -> Quarantined and deleted successfully.
  3. haley
    re, voici le rapport: Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2176 Windows 5.1.2600 Service Pack 2 25/05/2009 17:32:49 mbam-log-2009-05-25 (17-32-49).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 238941 Temps écoulé: 1 hour(s), 40 minute(s), 17 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 12 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\SOFTWARE\AVP09 (Rogue.Antivirus2009) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\AV2009 (Rogue.Antivirus2009) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\Menu Démarrer\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\HP_Propriétaire.PHAN-DENIS\Bureau\Saved\media_player_update.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire.PHAN-DENIS\Bureau\Saved\Codec.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Propriétaire.PHAN-DENIS\Bureau\Saved\backups\backup-20090430-134753-303.dll (Adware.CooperativeAdvertiser) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP15\A0004779.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP15\A0004887.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP15\A0004893.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP15\A0004895.exe (Trojan.Vundo.V) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{86E11626-5203-4B6B-99A3-889F6E4C5699}\RP8\A0004494.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\_OTM\MovedFiles\05252009_153904\windows\system32\SysShield.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Documents and Settings\HP_Propriétaire.TWOBABIES\winlogon.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\Program Files\Antivirus 2009\SysShield.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\system32\__c00CC88C.exe.vir (Trojan.Vundo.V) -> Quarantined and deleted successfully.
  4. haley
    re, voila le rapport: ComboFix 09-05-24.07 - HP_Propriétaire 25/05/2009 14:56.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.511.180 [GMT 2:00] Lancé depuis: c:\documents and settings\HP_Propriétaire.TWOBABIES\Bureau\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\HP_Propriétaire.TWOBABIES\winlogon.exe c:\program files\Antivirus 2009 c:\program files\Antivirus 2009\AV2009.exe c:\program files\Antivirus 2009\AV2009_Update.exe c:\program files\Antivirus 2009\scanopt.sys c:\program files\Antivirus 2009\Support.url c:\program files\Antivirus 2009\svo.scf c:\program files\Antivirus 2009\sysdata.sys c:\program files\Antivirus 2009\SysShield.exe c:\program files\Antivirus 2009\systemIndex.sys c:\program files\Antivirus 2009\Uninstall.exe c:\windows\GnuHashes.ini c:\windows\KLUZKEDD.DLL c:\windows\system32\__c00C9AA2.dat c:\windows\system32\__c00CC88C.exe c:\windows\system32\drivers\kungsfrmuoyerp.sys c:\windows\system32\kungsfkeclqroh.dll c:\windows\system32\kungsfngxdhwau.dat D:\Autorun.inf D:\Desktop.ini . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kungsfxglmykji ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-25 au 2009-05-25 )))))))))))))))))))))))))))))))))))) . 2009-05-25 12:37 . 2009-05-25 12:37 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller 2009-05-25 11:30 . 2009-05-25 11:39 -------- d-----w c:\windows\BDOSCAN8 2009-05-25 11:15 . 2009-05-25 11:15 10520 ----a-w c:\windows\system32\avgrsstx.dll 2009-05-25 11:15 . 2009-05-25 11:15 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-05-25 11:15 . 2009-05-25 11:15 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-05-25 11:15 . 2009-05-25 11:15 27656 ----a-w c:\windows\system32\drivers\avgmfx86.sys 2009-05-25 11:15 . 2009-05-25 11:19 -------- d-----w c:\windows\system32\drivers\Avg 2009-05-25 10:34 . 2009-05-13 13:25 2007040 ----a-w c:\windows\system32\SysShield.exe 2009-05-25 10:04 . 2009-05-25 10:05 -------- d-----w c:\windows\system32\drivers\UMDF 2009-05-25 10:04 . 2009-05-25 10:04 -------- d-----w c:\windows\system32\LogFiles 2009-05-25 09:40 . 2009-05-25 09:38 410984 ----a-w c:\windows\system32\deploytk.dll 2009-05-25 01:02 . 2009-05-25 10:08 -------- dcsh--r c:\windows\system32\dllcache 2009-05-25 01:02 . 2009-05-25 01:10 -------- d-----r c:\windows\system32\config\systemprofile\Menu Démarrer 2009-05-24 22:28 . 2009-02-09 11:50 2017792 -c----w c:\windows\system32\dllcache\ntkrpamp.exe 2009-05-24 22:28 . 2009-02-09 11:50 2059776 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe 2009-05-24 22:28 . 2009-02-09 11:50 2182528 -c----w c:\windows\system32\dllcache\ntoskrnl.exe 2009-05-24 22:28 . 2009-02-09 11:50 2138112 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe 2009-05-24 22:16 . 2006-03-17 00:38 28672 ------w c:\windows\system32\verclsid.exe 2009-05-24 21:16 . 2008-06-14 17:59 272768 -c----w c:\windows\system32\dllcache\bthport.sys 2009-05-24 21:16 . 2008-06-14 17:59 272768 ------w c:\windows\system32\drivers\bthport.sys 2009-05-24 18:37 . 2009-05-13 15:13 607472 ----a-w c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 2009-05-24 18:06 . 2008-07-09 07:40 26488 ----a-w c:\windows\system32\spupdsvc.exe 2009-05-24 17:47 . 2004-08-05 10:00 221184 ----a-w c:\windows\system32\wmpns.dll 2009-05-24 17:46 . 2009-05-25 12:58 -------- d-----w c:\documents and settings\HP_Propriétaire.TWOBABIES 2009-05-24 17:44 . 2004-01-01 16:45 -------- d-----w c:\windows\system32\config\systemprofile\WINDOWS 2009-05-24 17:43 . 2003-09-10 21:36 21060 ------w c:\windows\system32\drivers\iviaspi.sys 2009-05-24 17:43 . 2003-09-18 23:47 10368 ------w c:\windows\system32\drivers\pfc.sys 2009-05-24 17:33 . 2001-08-23 15:04 12288 ----a-w c:\windows\system32\drivers\mouhid.sys 2009-05-24 17:33 . 2001-08-17 20:02 9600 ----a-w c:\windows\system32\drivers\hidusb.sys 2009-05-24 17:32 . 2006-06-14 08:47 6400 ----a-w c:\windows\system32\drivers\splitter.sys 2009-05-24 17:32 . 2006-06-14 09:00 82944 ----a-w c:\windows\system32\drivers\wdmaud.sys 2009-05-24 17:32 . 2004-08-03 21:07 52864 ----a-w c:\windows\system32\drivers\DMusic.sys 2009-05-24 17:32 . 2001-08-17 20:00 54272 ----a-w c:\windows\system32\drivers\swmidi.sys 2009-05-24 17:32 . 2006-02-15 00:22 142464 ----a-w c:\windows\system32\drivers\aec.sys 2009-05-24 17:32 . 2006-06-14 08:47 172416 ----a-w c:\windows\system32\drivers\kmixer.sys 2009-05-24 17:32 . 2004-08-03 21:07 2944 ----a-w c:\windows\system32\drivers\drmkaud.sys 2009-05-24 17:32 . 2004-08-03 21:15 60800 ----a-w c:\windows\system32\drivers\sysaudio.sys 2009-05-24 17:32 . 2004-08-03 20:58 7552 ----a-w c:\windows\system32\drivers\MSKSSRV.sys 2009-05-24 17:32 . 2004-08-03 20:58 4992 ----a-w c:\windows\system32\drivers\MSPQM.sys 2009-05-24 17:32 . 2004-08-03 20:58 5376 ----a-w c:\windows\system32\drivers\MSPCLOCK.sys 2009-05-24 17:31 . 2004-08-03 22:54 4096 ----a-w c:\windows\system32\ksuser.dll 2009-05-24 17:31 . 2004-08-03 21:08 60288 ----a-w c:\windows\system32\drivers\drmk.sys 2009-05-24 17:31 . 2004-08-03 21:10 61056 ----a-w c:\windows\system32\drivers\ohci1394.sys 2009-05-24 17:31 . 2004-08-03 21:10 53248 ----a-w c:\windows\system32\drivers\1394bus.sys 2009-05-24 17:31 . 2001-08-17 19:46 6400 ----a-w c:\windows\system32\drivers\enum1394.sys 2009-05-24 10:58 . 2009-05-24 10:58 -------- d-----w C:\finalburner 2009-05-24 10:57 . 2009-05-24 10:57 -------- d-----w c:\program files\FinalBurner 2009-05-23 12:35 . 2009-05-23 12:35 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-23 12:35 . 2009-05-23 12:35 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-20 21:11 . 2009-05-24 21:30 -------- d-----w c:\program files\SopCast 2009-05-20 19:59 . 2009-05-24 21:20 -------- d-----w c:\program files\SopCast4.4 2009-05-10 14:32 . 2009-05-10 14:32 -------- d-----w c:\documents and settings\All Users\Application Data\Adobe Systems 2009-05-10 14:21 . 2009-05-10 14:21 -------- d-----w c:\program files\Fichiers communs\Adobe Systems Shared 2009-05-10 13:01 . 2009-05-10 13:01 -------- d-----w c:\program files\AskSearch 2009-05-10 13:00 . 2009-05-10 15:17 -------- d-----w c:\program files\Foxit Software 2009-04-30 21:03 . 2009-05-09 09:02 -------- d-----w c:\program files\PokerStars.NET 2009-04-30 10:42 . 2009-04-30 11:44 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-27 11:11 . 2009-04-27 11:11 -------- d-----w c:\program files\AVG . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-25 12:30 . 2008-04-05 12:35 -------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-05-25 09:38 . 2004-01-01 14:07 -------- d-----w c:\program files\Java 2009-05-25 09:30 . 2008-08-26 14:20 -------- d-----w c:\program files\LimeWire 2009-05-25 08:36 . 2009-02-22 11:25 -------- d-----w c:\program files\bwin 2009-05-25 01:35 . 2004-01-01 20:53 64484 ----a-w c:\windows\system32\perfc00C.dat 2009-05-25 01:35 . 2004-01-01 20:53 446566 ----a-w c:\windows\system32\perfh00C.dat 2009-05-24 18:42 . 2008-04-07 10:02 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-05-24 18:37 . 2007-09-03 10:04 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2009-05-24 18:10 . 2004-01-01 16:35 -------- d--h--w c:\program files\InstallShield Installation Information 2009-05-24 18:08 . 2004-01-01 17:01 -------- d-----w c:\program files\Easy Internet signup 2009-05-24 17:47 . 2009-05-24 17:47 4172 --sha-r c:\windows\system32\drivers\HP_PP125AA-ABF t728.fr_YC_Pavi_QCZB440_E44FRheBLF2_4_IKelut_SASUSTek Computer INC._V2.02_B3.11_T040902_W2_L40C_M512_J160_7AMD_8Sempron 3000+_92_111063044_N11063065_P_Z11C1048C_K_A11063059_U11063038_G10025960.MRK 2009-05-24 10:15 . 2009-02-18 19:36 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-05-22 21:58 . 2007-11-12 17:27 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-05-20 20:38 . 2009-02-26 18:37 -------- d-----w c:\program files\Farm Frenzy 2009-05-20 20:37 . 2009-02-27 19:20 -------- d-----w c:\program files\Dreamsdwell Stories 2009-05-12 13:24 . 2008-12-29 14:16 -------- d-----w c:\program files\Microsoft Silverlight 2009-05-10 14:22 . 2007-09-05 05:56 -------- d-----w c:\program files\Fichiers communs\Adobe 2009-05-10 13:01 . 2008-12-24 09:44 -------- d-----w c:\program files\AskBarDis 2009-04-30 11:35 . 2008-12-01 23:06 -------- d-----w c:\program files\Webteh 2009-04-20 18:31 . 2008-09-05 21:44 -------- d-----w c:\program files\Vuze 2009-04-19 09:33 . 2009-04-14 11:18 -------- d-----w c:\program files\Can You See What I See Dream Machine 2009-04-17 14:55 . 2009-04-17 14:55 69712 ----a-w c:\windows\uninstall.dat 2009-04-17 14:55 . 2009-04-17 14:55 472576 ----a-w c:\windows\uninstall.exe 2009-04-07 12:04 . 2009-04-07 12:04 -------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games 2009-03-28 12:44 . 2007-10-22 17:46 -------- d-----w c:\program files\Google 2009-03-06 14:46 . 2004-01-01 20:53 286208 ----a-w c:\windows\system32\pdh.dll 2009-02-26 13:51 . 2009-02-23 17:11 38 ----a-w c:\windows\popcinfot.dat 2009-02-26 13:07 . 2009-02-23 16:17 48 ----a-w c:\windows\popcinfo.dat 2007-10-13 10:10 . 2007-10-13 10:10 10 -c--a-w c:\program files\.autoreg 2005-03-24 21:07 . 2007-09-01 05:54 0 -csha-w c:\windows\SMINST\HPCD.SYS . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152] "HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-20 249856] "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-27 1932568] "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-25 11:15 10520 ----a-w c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [25/05/2009 13:15 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [25/05/2009 13:15 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [27/04/2009 13:12 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [27/04/2009 13:12 298264] . Contenu du dossier 'Tâches planifiées' 2009-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2009-05-25 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-18 17:28] 2009-05-25 c:\windows\Tasks\Maintenance en 1 clic.job - c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:23] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-VTTimer - VTTimer.exe Notify-__c00C9AA2 - c:\windows\system32\__c00C9AA2.dat SafeBoot-procexp90.Sys . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.cooxer.com/ uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop mStart Page = hxxp://www.cooxer.com/ mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=pavilion&pf=desktop DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-25 15:01 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(684) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3604) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\AVG\AVG8\avgcsrvx.exe . ************************************************************************** . Heure de fin: 2009-05-25 15:04 - La machine a redémarré ComboFix-quarantined-files.txt 2009-05-25 13:04 Avant-CF: 51 018 125 312 octets libres Après-CF: 51 057 250 304 octets libres 217 --- E O F --- 2009-05-25 01:26
  5. haley
    j'ai telecharger combo fix, mais j'ai un pb avec mon antivrus avg free, c'est ecrit: les scanneurs en tps reel est toujours actif mais combofix va continuer a s'executer
  6. haley
    voila mon rapport: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:05:13, on 25/05/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\Ati2evxx.exe c:\Program Files\Norton AntiVirus\navapsvc.exe c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE c:\Program Files\Norton AntiVirus\SAVScan.exe c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\system32\hphmon06.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\system32\keyhook.exe C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\HP_Propriétaire.PHAN-DENIS\Bureau\Saved\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cooxer.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: (no name) - {F422BEC9-6747-400A-B609-C4401C83CBC3} - C:\WINDOWS\system32\ativcox.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\YTSingleInstance.dll O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn7\yt.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [sSC_UserPrompt] c:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Windows Logon Applicationedc] C:\Documents and Settings\HP_Propriétaire.TWOBABIES\winlogon.exe O4 - HKLM\..\Run: [Antivirus 2009] C:\Program Files\Antivirus 2009\AV2009.exe O4 - HKLM\..\Run: [Windows applications server] C:\WINDOWS\system32\SysShield.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache O4 - HKLM\..\RunOnce: [C:\DOCUME~1\HP_PRO~1.TWO\LOCALS~1\Temp\delInstav2009.bat] C:\DOCUME~1\HP_PRO~1.TWO\LOCALS~1\Temp\delInstav2009.bat O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [A00F1D17960.exe] C:\DOCUME~1\HP_PRO~1.TWO\LOCALS~1\Temp\_A00F1D17960.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: __c00C9AA2 - C:\WINDOWS\system32\__c00C9AA2.dat O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe -- End of file - 9701 bytes
  7. haley
    j'ai recu un message venant de mon pc ou il mentionne que j'ai des virus partout sur mon pc, mais mon antivirus n'a rien détecté, j'ai telechagé hijackthis et jai fait un scan
  8. haley
    bonjour, mon pc regorge de virus de tout genre, svp quelqu'un pourrait m'aider, je ne sais plus quoi faire, merci
  9. haley
    bonjour, est-ce que quelqu'un pourrait m'aider svp, mon pc heberge énormement de virus je ne sais plus quoi faire; a l'aide! merci
×
×
  • Créer...