Aller au contenu

migou14

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    10

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par migou14

  1. migou14
    Merci pour tout Je marque le sujet comme résolu @++
  2. migou14
    OK, je garde Antivir à jour et je passe un scan Kapersky en ligne en cas de doute !!! Voici le rapport Kapersky : il ne me trouve que VNC => je peux le garder ? -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0 REPORT Tuesday, May 26, 2009 Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Program database last update: Tuesday, May 26, 2009 07:31:39 Records in database: 2248341 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ G:\ H:\ I:\ J:\ Scan statistics: Files scanned: 146176 Threat name: 1 Infected objects: 1 Suspicious objects: 0 Duration of the scan: 02:35:43 File name / Threat name / Threats count C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 The selected area was scanned. Encore merci pour ton aide, ta disponibilité et surtout ta compétence.
  3. migou14
    Hello, De bonne heure et de bonne humeur (le PC démarre plus rapidement sans messages Antivir et sans pages IE intempestives ) je lance le scan Kapersky : je te fourni le rapport dès que possible. Question : Kapersky en ligne est plus fiable que Antivir en local ? @+
  4. migou14
    Bonne idée le "fais ça demain" !!! A demain, bonne nuit (à moins d'être insomniaque ?) et encore un GRAND MERCI !!!!
  5. migou14
    Re, le log du scan complet de Malwarebyte : Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2178 Windows 5.1.2600 Service Pack 3 26/05/2009 01:17:58 mbam-log-2009-05-26 (01-17-58).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 210189 Temps écoulé: 40 minute(s), 0 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) ça paraît presque clean ?!? Autre chose à faire ?
  6. migou14
    C'est vrai que l'avertissement sur ComboFix fout les chocottes !!! Mais je sent que je suis en de bonnes mains (le pseudo de Dieu ne doit pas être usurpé ) Donc après reboot du PC par ComboFix (et là faut être patient parce plus de 6 mn à voir la fenêtre bleu avec juste le curseur qui clignote c'est long !!!) voici le log : ComboFix 09-05-25.03 - nicolas 25/05/2009 23:48.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1023.537 [GMT 2:00] Lancé depuis: d:\documents and settings\nicolas\Bureau\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\hxisn.exe c:\recycler\S-1-5-21-7229643622-8087220774-412769183-8029\nissan.exe c:\windows\system32\kungsffltpgkqu.dat c:\windows\system32\mdm.exe d:\documents and settings\nicolas\Application Data\inst.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BOONTY_GAMES -------\Legacy_ICF -------\Legacy_MYS_MUTEX_ALGORITHM_SERVICE -------\Legacy_SYSDRV32 -------\Service_Boonty Games -------\Service_kungsfrfhgmqfu ((((((((((((((((((((((((((((( Fichiers créés du 2009-04-25 au 2009-05-25 )))))))))))))))))))))))))))))))))))) . 2009-05-25 20:19 . 2009-05-25 20:19 -------- d-----w d:\documents and settings\nicolas\Application Data\Malwarebytes 2009-05-25 20:19 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-05-25 20:19 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-05-25 20:19 . 2009-05-25 20:19 -------- d-----w d:\documents and settings\All Users\Application Data\Malwarebytes 2009-05-25 20:19 . 2009-05-25 20:36 -------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-05-25 19:14 . 2009-05-25 20:55 -------- d-----w c:\program files\HiJack 2009-05-25 06:26 . 2009-03-30 08:32 96104 ----a-w c:\windows\system32\drivers\avipbb.sys 2009-05-25 06:26 . 2009-03-24 14:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys 2009-05-25 06:26 . 2009-02-13 10:28 22360 ----a-w c:\windows\system32\drivers\avgntmgr.sys 2009-05-25 06:26 . 2009-02-13 10:17 45416 ----a-w c:\windows\system32\drivers\avgntdd.sys 2009-05-25 06:26 . 2009-05-25 06:26 -------- d-----w d:\documents and settings\All Users\Application Data\Avira 2009-05-25 06:26 . 2009-05-25 06:26 -------- d-----w c:\program files\Avira 2009-05-24 17:27 . 2009-05-25 20:18 -------- d-----w C:\vir 2009-05-24 07:38 . 2009-05-24 11:44 -------- d-----w c:\windows\BDOSCAN8 2009-05-23 16:06 . 2009-05-23 16:06 -------- d-----w d:\documents and settings\NetworkService\Bureau 2009-05-22 21:29 . 2009-05-22 21:29 -------- d-----w d:\documents and settings\LocalService\Bureau 2009-05-22 21:05 . 2009-05-22 21:05 -------- dc-h--w d:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2009-05-22 21:05 . 2009-03-12 08:17 2902048 -c--a-w d:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe 2009-05-22 21:04 . 2009-05-22 21:05 -------- d-----w d:\documents and settings\All Users\Application Data\Lavasoft 2009-05-21 14:22 . 2009-05-21 14:23 31868 ----a-w C:\shin.exe 2009-05-08 17:14 . 2009-05-08 17:14 -------- d-----w c:\program files\Free DVD MP3 Ripper 2009-05-08 17:14 . 2009-05-08 17:14 1024592 ----a-w c:\temp\free-dvd-mp3-ripper.exe 2009-05-05 06:09 . 2009-05-05 06:09 152576 ----a-w d:\documents and settings\nicolas\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-03 11:40 . 2009-05-03 11:40 -------- d-----w c:\program files\MediaInfo 2009-05-03 11:39 . 2009-05-03 11:39 1791515 ----a-w c:\temp\MediaInfo_GUI_0.7.15_Windows_i386.exe 2009-05-01 08:55 . 2009-05-01 08:55 -------- d-----w d:\documents and settings\nicolas\Local Settings\Application Data\WBFSManager 2009-05-01 08:50 . 2009-05-01 08:50 -------- d-----w c:\program files\WBFS 2009-05-01 08:49 . 2006-06-29 11:07 14048 ------w c:\windows\system32\spmsg2.dll 2009-05-01 08:44 . 2009-05-04 06:12 215144 ----a-w d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-05-01 08:41 . 2009-05-01 08:49 -------- d-----w c:\windows\system32\XPSViewer 2009-05-01 08:41 . 2009-05-01 08:41 -------- d-----w c:\program files\MSBuild 2009-05-01 08:41 . 2009-05-01 08:41 -------- d-----w c:\program files\Reference Assemblies 2009-05-01 08:35 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-05-01 08:35 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll 2009-05-01 08:35 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll 2009-05-01 08:35 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll 2009-05-01 08:35 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-05-01 08:35 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll 2009-05-01 08:35 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-05-25 19:23 . 2004-08-16 15:41 14336 ----a-w c:\windows\system32\svchost.exe 2009-05-25 19:06 . 2006-11-30 20:18 -------- d-----w c:\program files\FpTest 2009-05-25 19:05 . 2008-07-29 16:23 -------- d-----w c:\program files\Zylom Games 2009-05-25 19:05 . 2007-08-02 20:20 -------- d-----w c:\program files\Fritivi 2009-05-22 21:04 . 2006-09-03 12:46 -------- d-----w c:\program files\Lavasoft 2009-05-08 16:52 . 2006-08-09 10:46 120952 ----a-w d:\documents and settings\nicolas\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-05-05 06:10 . 2006-06-01 14:28 -------- d-----w c:\program files\Java 2009-05-01 08:45 . 2004-08-16 15:41 84766 ----a-w c:\windows\system32\perfc00C.dat 2009-05-01 08:45 . 2004-08-16 15:41 510742 ----a-w c:\windows\system32\perfh00C.dat 2009-03-09 03:19 . 2009-02-26 07:14 410984 ----a-w c:\windows\system32\deploytk.dll 2009-03-07 21:27 . 2009-03-07 21:27 47360 ----a-w d:\documents and settings\nicolas\Application Data\pcouffin.sys 2009-03-07 21:27 . 2009-03-07 21:27 47360 ----a-w d:\documents and settings\nicolas\Application Data\pcouffin.sys 2009-03-07 21:27 . 2009-03-07 21:27 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-03-06 14:20 . 2004-08-16 15:40 286720 ----a-w c:\windows\system32\pdh.dll 2009-03-03 00:13 . 2004-08-16 15:41 826368 ----a-w c:\windows\system32\wininet.dll 2009-02-26 07:13 . 2009-02-26 07:13 152576 ----a-w d:\documents and settings\nicolas\Application Data\Sun\Java\jre1.6.0_11\lzma.dll 1999-04-06 12:27 . 1999-04-06 12:27 99840 ----a-w c:\program files\Fichiers communs\IRAABOUT.DLL 1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w c:\program files\Fichiers communs\IRAMDMTR.DLL 1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w c:\program files\Fichiers communs\IRALPTTR.DLL 1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w c:\program files\Fichiers communs\IRAWEBTR.DLL 1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w c:\program files\Fichiers communs\IRAREG.DLL 1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w c:\program files\Fichiers communs\IRASRIAL.DLL 2007-06-17 10:14 . 2007-08-02 19:46 2735104 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432] "PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320] "Network Associates Error Reporting Service"="c:\program files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514] "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-06-01 180269] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-12-16 188416] "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CAMTRAY.EXE" [2002-11-05 184320] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] "LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] "LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-22 516440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-10-24 90112] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"="c:\recycler\S-1-5-21-7229643622-8087220774-412769183-8029\nissan.exe" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\APPS\\Inventime\\my.exe"= "c:\\Program Files\\Google\\Google Earth\\googleearth.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\uTorrent\\utorrent.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Lecteur CANALPLAY\\CanalPlayer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\xampp\\apache\\bin\\apache.exe"= "d:\\jeux\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\HomePlayer\\HomePlayer.exe"= "c:\\Program Files\\HomePlayer\\VLC\\vlc.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Weezo\\Apache\\bin\\weezoHttpd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [22/05/2009 23:05 64160] R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [01/01/1980 97920] R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [14/08/2006 19:05 58464] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [01/06/2006 16:26 799744] S3 V0010bVd;Creative WebCam Vista #2;c:\windows\system32\drivers\V0010bVd.sys [14/10/2006 11:48 186551] --- Autres Services/Pilotes en mémoire --- *Deregistered* - AntiVirSchedulerService *Deregistered* - AntiVirService *Deregistered* - AudioSrv *Deregistered* - BITS *Deregistered* - Browser *Deregistered* - CLCapSvc *Deregistered* - CLSched *Deregistered* - CryptSvc *Deregistered* - CyberLink Media Library Service *Deregistered* - DcomLaunch *Deregistered* - Dhcp *Deregistered* - Dnscache *Deregistered* - ERSvc *Deregistered* - EventSystem *Deregistered* - FastUserSwitchingCompatibility *Deregistered* - helpsvc *Deregistered* - HidServ *Deregistered* - ImapiService *Deregistered* - JavaQuickStarterService *Deregistered* - lanmanserver *Deregistered* - lanmanworkstation *Deregistered* - Lavasoft Ad-Aware Service *Deregistered* - LmHosts *Deregistered* - LVSrvLauncher *Deregistered* - McAfeeFramework *Deregistered* - McShield *Deregistered* - McTaskManager *Deregistered* - Netman *Deregistered* - Nla *Deregistered* - NVSvc *Deregistered* - PolicyAgent *Deregistered* - ProtectedStorage *Deregistered* - RasMan *Deregistered* - RpcSs *Deregistered* - SamSs *Deregistered* - Schedule *Deregistered* - seclogon *Deregistered* - SENS *Deregistered* - SharedAccess *Deregistered* - ShellHWDetection *Deregistered* - Spooler *Deregistered* - srservice *Deregistered* - SSDPSRV *Deregistered* - stisvc *Deregistered* - TapiSrv *Deregistered* - TermService *Deregistered* - Themes *Deregistered* - TrkWks *Deregistered* - UleadBurningHelper *Deregistered* - W32Time *Deregistered* - WebClient *Deregistered* - winmgmt *Deregistered* - WmiApSrv *Deregistered* - wscsvc *Deregistered* - wuauserv *Deregistered* - WZCSVC . Contenu du dossier 'Tâches planifiées' 2009-05-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 21:24] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-utcmfqep - c:\windows\system32\shodna.exe HKLM-Run-CanalPlayerHelper - c:\program files\Lecteur CANALPLAY\CanalPlayerHelper.exe SafeBoot-procexp90.Sys . ------- Examen supplémentaire ------- . uStart Page = about:blank Trusted Zone: canalplay.com Trusted Zone: canalplusactive.com Trusted Zone: canalplay.com Trusted Zone: canalplusactive.com TCP: {F1D62F5C-42ED-4E5A-A442-3B6AE94DDF30} = 192.168.1.1 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} - hxxp://www.canalplay.com/cabs/msway44.cab FF - ProfilePath - d:\documents and settings\nicolas\Application Data\Mozilla\Firefox\Profiles\3shfz1sh.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/ig?hl=fr FF - plugin: c:\program files\Fichiers communs\fluxDVD\APIX\NPAPIX.dll FF - plugin: c:\program files\Fichiers communs\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll FF - plugin: c:\program files\Fichiers communs\mpDRM\NPMPDRM.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-05-25 23:56 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime] "ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-3064179684-3212433602-4099166630-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8B0B99F2-7FF9-9179-8B30-A6BF4947ACFD}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iaafomlnjbilpjojld"=hex:6b,61,6f,64,69,66,65,6d,70,68,6a,63,65,6a,65,6f,65,61, 64,6d,68,70,00,00 "hakemogikedljjbe"=hex:6b,61,6f,64,69,66,65,6d,70,68,6a,63,65,6a,65,6f,65,61, 64,6d,68,70,00,7c . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(3356) c:\windows\system32\nview.dll c:\windows\system32\NVWRSFR.DLL c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\nvwddi.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Lavasoft\Ad-Aware\AAWService.exe c:\program files\Avira\AntiVir Desktop\sched.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Network Associates\Common Framework\FrameworkService.exe c:\program files\Network Associates\VirusScan\VsTskMgr.exe c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe c:\windows\system32\nvsvc32.exe c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\apps\Powercinema\Kernel\TV\CLSched.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\rundll32.exe c:\windows\system32\rundll32.exe c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe c:\program files\Microsoft Office\Office\1036\OLFSNT40.EXE c:\program files\Logitech\Video\FxSvr2.exe c:\program files\Network Associates\VirusScan\Mcshield.exe . ************************************************************************** . Heure de fin: 2009-05-25 0:06 - La machine a redémarré ComboFix-quarantined-files.txt 2009-05-25 22:06 Avant-CF: 8 391 872 512 octets libres Après-CF: 8 260 919 296 octets libres 308 --- E O F --- 2009-05-17 11:58 Pour info pas de nouvelle alerte lors de ce reboot (peut être lié à la gestion du reboot par Combo Fix ?) D'autres actions en perspective ou le malade est considéré comme guéri ?
  7. migou14
    Le log OtMoveIt3 : ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== File/Folder c:\windows\system32\isass.exe not found. ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Local Security Authority Service deleted successfully. ========== COMMANDS ========== File delete failed. D:\DOCUME~1\nicolas\LOCALS~1\Temp\etilqs_L8AfnDfu9abEi6tVyIZv scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. D:\Documents and Settings\nicolas\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. Network Service Temp folder emptied. Network Service Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_84.dat scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be deleted on reboot. Windows Temp folder emptied. Java cache emptied. File delete failed. D:\Documents and Settings\nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\3shfz1sh.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\3shfz1sh.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\3shfz1sh.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\3shfz1sh.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\3shfz1sh.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. D:\Documents and Settings\nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\3shfz1sh.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05252009_231114 Files moved on Reboot... File D:\DOCUME~1\nicolas\LOCALS~1\Temp\etilqs_L8AfnDfu9abEi6tVyIZv not found! File C:\WINDOWS\temp\Perflib_Perfdata_84.dat not found! File move failed. C:\WINDOWS\temp\WFV1.tmp scheduled to be moved on reboot. D:\Documents and Settings\nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\3shfz1sh.default\Cache\_CACHE_001_ moved successfully. D:\Documents and Settings\nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\3shfz1sh.default\Cache\_CACHE_002_ moved successfully. D:\Documents and Settings\nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\3shfz1sh.default\Cache\_CACHE_003_ moved successfully. D:\Documents and Settings\nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\3shfz1sh.default\Cache\_CACHE_MAP_ moved successfully. D:\Documents and Settings\nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\3shfz1sh.default\urlclassifier3.sqlite moved successfully. D:\Documents and Settings\nicolas\Local Settings\Application Data\Mozilla\Firefox\Profiles\3shfz1sh.default\XUL.mfl moved successfully. Toujours Antivir qui bip au démarrage sur la détection de saletés comme "Tiny.705" ou "CryptZPACK.gen" sur des fichiers htm ou exe !!! @+
  8. migou14
    Je regarde ton mien de suite !! ci dessous le log HiJack après reboot : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:54:57, on 25/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Apps\Powercinema\PCMService.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HiJack\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\Isass.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [utcmfqep] C:\WINDOWS\system32\shodna.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Fritivi Recorder.lnk = C:\Program Files\Fritivi\fritivi_recorder.exe O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: *.canalplay.com O15 - Trusted Zone: *.canalplusactive.com O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D62F5C-42ED-4E5A-A442-3B6AE94DDF30}: NameServer = 192.168.1.1 O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10562 bytes
  9. migou14
    Merci pour la réponse rapide. Je cherche encore la solution pour empêcher une fille de 12 ans de cliquer sur les messages MSN en provenance de ses copines Ci dessous le log MalWare Malwarebytes' Anti-Malware 1.36 Version de la base de données: 2178 Windows 5.1.2600 Service Pack 3 25/05/2009 22:39:47 mbam-log-2009-05-25 (22-39-47).txt Type de recherche: Examen rapide Eléments examinés: 90753 Temps écoulé: 14 minute(s), 10 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 2 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysdrv32 (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MYS Mutex Algorithm Service (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ICF (Rootkit.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MYS Mutex Algorithm Service (Backdoor.IRCBot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MYS Mutex Algorithm Service (Backdoor.IRCBot) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\msnmsgrss.VIR (Backdoor.Bot) -> Delete on reboot. C:\WINDOWS\System\mysmas.exe.VIR (Backdoor.SdBot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rn.tmp (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\Drivers\sysdrv32.sys (Backdoor.Bot) -> Quarantined and deleted successfully. D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JKL456P\xx[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully. D:\Documents and Settings\nicolas\Local Settings\Temporary Internet Files\Content.IE5\C45NYTTA\nkklpcghhv[1].txt (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\kungsfladqedxu.dll (Trojan.Agent) -> Quarantined and deleted successfully. Il a demandé un reboot que je viens de faire : faut-il relancer un scan HiJack ? NB : encore une fenêtre IE au démarrage et de nombreux messages de détection Antivir !!! Encore merci pour cette assistance.
  10. migou14
    Bonjour à tous, Depuis que ma fille a cliqué sur un lien d'un message MSN, j'ai des pages WEB qui s'ouvrent toutes seules et un PC relativement lent. Ci dessous le log HiJack après antivir en mode sans échec : merci d'avance pour vos retours : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:15:39, on 25/05/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16827) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system\mysmas.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\msnmsgrss.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\explorer.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HiJack\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redi...&key=SEARCH R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Windows UDP Control Center] msnmsgrss.exe O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINDOWS\system32\Isass.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [utcmfqep] C:\WINDOWS\system32\shodna.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Fritivi Recorder.lnk = C:\Program Files\Fritivi\fritivi_recorder.exe O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1036\OLFSNT40.EXE O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O15 - Trusted Zone: *.canalplay.com O15 - Trusted Zone: *.canalplusactive.com O15 - Trusted Zone: *.canalplay.com (HKLM) O15 - Trusted Zone: *.canalplusactive.com (HKLM) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {E1AF091A-9F23-4059-89D7-C05EE073285D} (Canal+ Active MSWAY) - http://www.canalplay.com/cabs/msway44.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F1D62F5C-42ED-4E5A-A442-3B6AE94DDF30}: NameServer = 192.168.1.1 O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: MYS Mutex Algorithm Service - Unknown owner - C:\WINDOWS\system\mysmas.exe O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 10709 bytes
×
×
  • Créer...