Aller au contenu

mimivar

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    1

  • Inscription

  • Dernière visite

mimivar's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. mimivar
    Bonjour à tous, J'ai attrapé une cochobnnerie sur mon ordianteur. Il s'agit de xp guardian qui a la même icone que le Centre de sécurité. C'est un PC de bureau avec windows xp, je n'y connais pas grand chose... On m'a conseillé d'appliquer combofix, je l'ai exécuté et voici le fichier log fournit à la fin de l'analyse. Quelqun pourrait-il me dire ce que je dois faire maintenant pour terminer "l'éradication" de xp guardian? Merci beaucoup pour votre aide. ComboFix 10-02-12.01 - Michel 15/02/2010 19:04:35.1.2 - x86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2037.1542 [GMT 1:00] Lancé depuis: E:\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Michel\LOCALS~1\Temp\install_flash_player.exe c:\documents and settings\All Users\Bureau\PC-Optimizer.lnk c:\documents and settings\emeline\Local Settings\Application Data\av.exe c:\documents and settings\LocalService\Local Settings\Application Data\av.exe c:\documents and settings\Michel\Local Settings\Application Data\bvcwr.dat c:\documents and settings\Michel\Local Settings\Application Data\bvcwr_nav.dat c:\documents and settings\Michel\Local Settings\Application Data\bvcwr_navps.dat c:\documents and settings\Michel\Local Settings\Temporary Internet Files\6B460j.jpg c:\documents and settings\Michel\Local Settings\Temporary Internet Files\b6Bm1BpX7.jpg c:\documents and settings\Michel\Local Settings\Temporary Internet Files\jpM4l.jpg c:\documents and settings\Michel\Local Settings\Temporary Internet Files\p6Omk5Yn.jpg c:\program files\PCOptimizer c:\program files\PCOptimizer\Images\5.gif c:\program files\PCOptimizer\Images\about_close.bmp c:\program files\PCOptimizer\Images\about_close_rollover.bmp c:\program files\PCOptimizer\Images\aboutdlg_background.bmp c:\program files\PCOptimizer\Images\alert_background.bmp c:\program files\PCOptimizer\Images\analyze.bmp c:\program files\PCOptimizer\Images\analyze_rollover.bmp c:\program files\PCOptimizer\Images\Background.bmp c:\program files\PCOptimizer\Images\banner.bmp c:\program files\PCOptimizer\Images\banner_close.bmp c:\program files\PCOptimizer\Images\banner_close_rollover.bmp c:\program files\PCOptimizer\Images\banner_minimize.bmp c:\program files\PCOptimizer\Images\banner_minimize_rollover.bmp c:\program files\PCOptimizer\Images\banner_start.bmp c:\program files\PCOptimizer\Images\base_background.bmp c:\program files\PCOptimizer\Images\checkall.bmp c:\program files\PCOptimizer\Images\checkall_rollover.bmp c:\program files\PCOptimizer\Images\defragment.bmp c:\program files\PCOptimizer\Images\defragment_disabled.bmp c:\program files\PCOptimizer\Images\defragment_rollover.bmp c:\program files\PCOptimizer\Images\easy_defrag.bmp c:\program files\PCOptimizer\Images\easy_defrag_rollover.bmp c:\program files\PCOptimizer\Images\easy_detailed_report.bmp c:\program files\PCOptimizer\Images\easy_detailed_report_rollover.bmp c:\program files\PCOptimizer\Images\easy_optimize.bmp c:\program files\PCOptimizer\Images\easy_optimize_rollover.bmp c:\program files\PCOptimizer\Images\easy_report.bmp c:\program files\PCOptimizer\Images\easy_report_rollover.bmp c:\program files\PCOptimizer\Images\easydefrag_background.bmp c:\program files\PCOptimizer\Images\expert_defrag.bmp c:\program files\PCOptimizer\Images\expert_defrag_rollover.bmp c:\program files\PCOptimizer\Images\expert_detailed_report.bmp c:\program files\PCOptimizer\Images\expert_detailed_report_rollover.bmp c:\program files\PCOptimizer\Images\expert_optimize.bmp c:\program files\PCOptimizer\Images\expert_optimize_rollover.bmp c:\program files\PCOptimizer\Images\expert_report.bmp c:\program files\PCOptimizer\Images\expert_report_rollover.bmp c:\program files\PCOptimizer\Images\expertdefrag_background.bmp c:\program files\PCOptimizer\Images\home_background.bmp c:\program files\PCOptimizer\Images\later.bmp c:\program files\PCOptimizer\Images\later_rollover.bmp c:\program files\PCOptimizer\Images\menu_background.bmp c:\program files\PCOptimizer\Images\next.bmp c:\program files\PCOptimizer\Images\next_rollover.bmp c:\program files\PCOptimizer\Images\operational_background.bmp c:\program files\PCOptimizer\Images\optimize_otherDrives.bmp c:\program files\PCOptimizer\Images\optimize_otherDrives_rollover.bmp c:\program files\PCOptimizer\Images\pc_logo.bmp c:\program files\PCOptimizer\Images\pc_logo_rollover.bmp c:\program files\PCOptimizer\Images\previous.bmp c:\program files\PCOptimizer\Images\previous_rollover.bmp c:\program files\PCOptimizer\Images\report_close.bmp c:\program files\PCOptimizer\Images\report_close_rollover.bmp c:\program files\PCOptimizer\Images\schedule.bmp c:\program files\PCOptimizer\Images\schedule_background.bmp c:\program files\PCOptimizer\Images\schedule_rollover.bmp c:\program files\PCOptimizer\Images\scheduledlg_background.bmp c:\program files\PCOptimizer\Images\selection_background.bmp c:\program files\PCOptimizer\Images\shd_close.bmp c:\program files\PCOptimizer\Images\shd_close_rollover.bmp c:\program files\PCOptimizer\Images\shd_save.bmp c:\program files\PCOptimizer\Images\shd_save_rollover.bmp c:\program files\PCOptimizer\Images\sponsor_logo.png c:\program files\PCOptimizer\Images\States.bmp c:\program files\PCOptimizer\Images\stop.bmp c:\program files\PCOptimizer\Images\stop_rollover.bmp c:\program files\PCOptimizer\Images\Thumbs.db c:\program files\PCOptimizer\Images\uncheckall.bmp c:\program files\PCOptimizer\Images\uncheckall_rollover.bmp c:\program files\PCOptimizer\Images\warning.bmp c:\program files\PCOptimizer\JkDefragLib.dll c:\program files\PCOptimizer\Language.xml c:\program files\PCOptimizer\PCOptimizer.exe c:\program files\PCOptimizer\PCOptimizer.log c:\program files\PCOptimizer\PCoptimizerService.exe c:\program files\PCOptimizer\SchedulerService.log c:\program files\PCOptimizer\SchedulerServiceRun.log c:\program files\PCOptimizer\ServiceLanguage.xml . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PCO_scheduler_service -------\Service_PCO scheduler service ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-15 au 2010-02-15 )))))))))))))))))))))))))))))))))))) . 2010-02-15 14:35 . 2010-02-15 14:35 79488 ----a-w- c:\documents and settings\emeline\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-02-15 14:34 . 2010-02-15 14:34 -------- d-----w- c:\documents and settings\emeline\Local Settings\Application Data\Identities 2010-02-15 14:31 . 2010-02-15 14:31 -------- d-----w- c:\documents and settings\emeline\Local Settings\Application Data\Google 2010-02-15 14:31 . 2010-02-15 14:31 54376 ----a-w- c:\documents and settings\emeline\Local Settings\Application Data\GDIPFONTCACHEV1.DAT . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-15 18:09 . 2008-11-04 13:29 -------- d-----w- c:\documents and settings\Michel\Application Data\Skype 2010-02-15 18:03 . 2008-11-01 12:15 -------- d-----w- c:\program files\Wanadoo 2010-02-15 17:20 . 2009-11-04 19:00 79488 ----a-w- c:\documents and settings\Michel\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-02-15 17:10 . 2008-11-04 13:34 -------- d-----w- c:\documents and settings\Michel\Application Data\skypePM 2010-02-14 18:38 . 2008-11-03 13:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-02-12 16:38 . 2008-11-03 13:22 -------- d-----w- c:\documents and settings\Michel\Application Data\dvdcss 2010-02-10 18:42 . 2008-11-03 13:58 -------- d-----w- c:\program files\Google 2010-01-21 17:45 . 2004-08-05 10:00 85114 ----a-w- c:\windows\system32\perfc00C.dat 2010-01-21 17:45 . 2004-08-05 10:00 511074 ----a-w- c:\windows\system32\perfh00C.dat 2010-01-21 13:47 . 2008-10-31 14:46 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-05 09:56 . 2006-03-04 03:35 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 09:56 . 2004-08-05 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 09:56 . 2004-08-05 10:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-12-31 16:50 . 2004-08-05 10:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-17 07:41 . 2008-11-01 11:04 347648 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:09 . 2004-08-05 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll 2009-12-10 18:39 . 2009-06-26 10:54 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-09 10:08 . 2005-03-30 17:36 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-12-09 10:08 . 2005-03-30 17:36 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-12-04 18:22 . 2004-08-05 10:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-11-27 17:13 . 2004-08-05 10:00 1297920 ----a-w- c:\windows\system32\quartz.dll 2009-11-27 17:13 . 2004-08-04 00:54 17920 ----a-w- c:\windows\system32\msyuv.dll 2009-11-27 16:08 . 2004-08-05 10:00 85504 ----a-w- c:\windows\system32\avifil32.dll 2009-11-27 16:08 . 2004-08-05 10:00 28672 ----a-w- c:\windows\system32\msvidc32.dll 2009-11-27 16:08 . 2004-08-05 10:00 11264 ----a-w- c:\windows\system32\msrle32.dll 2009-11-27 16:08 . 2004-08-04 00:54 48128 ----a-w- c:\windows\system32\iyuv_32.dll 2009-11-27 16:08 . 2001-08-23 17:47 8704 ----a-w- c:\windows\system32\tsbyuv.dll 2009-11-21 15:58 . 2004-08-05 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-18 18:31 . 2008-11-01 11:14 54376 ----a-w- c:\documents and settings\Michel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-17 20:46 . 2009-11-17 20:45 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe 2008-12-25 11:19 . 2008-12-25 11:19 206 ----a-w- c:\program files\Raccourci (2) vers Lecteur CD.lnk 2008-12-25 11:19 . 2008-12-25 11:19 206 ----a-w- c:\program files\Raccourci vers Lecteur CD.lnk 2008-11-21 18:04 . 2008-11-21 18:04 171945 ----a-w- c:\program files\hpzipa13.cat 2008-11-21 18:04 . 2008-11-21 18:04 223429 ----a-w- c:\program files\hpcu083c.cat 2008-11-21 18:04 . 2008-11-21 18:04 172396 ----a-w- c:\program files\hpzius13.cat 2008-11-21 18:04 . 2008-11-21 18:04 170600 ----a-w- c:\program files\hpmldm01.cat 2008-11-21 18:04 . 2008-11-21 18:04 170592 ----a-w- c:\program files\hpmews01.cat 2008-11-21 18:04 . 2008-11-21 18:04 170141 ----a-w- c:\program files\hpzid4vp.cat 2008-11-21 18:04 . 2008-11-21 18:04 169692 ----a-w- c:\program files\hpzid413.cat 2008-11-21 18:04 . 2008-11-21 18:04 169692 ----a-w- c:\program files\hpzist13.cat 2008-11-21 18:04 . 2008-11-21 18:04 169692 ----a-w- c:\program files\hpzipr13.cat 2008-11-21 18:04 . 2008-11-21 18:04 169241 ----a-w- c:\program files\hppfaxnd.cat 2008-11-21 18:04 . 2008-11-21 18:04 169239 ----a-w- c:\program files\hppscnd.cat 2008-11-21 18:04 . 2008-11-21 18:04 169239 ----a-w- c:\program files\hppewnd.cat 2008-11-21 14:33 . 2008-11-21 14:33 255280 ----a-w- c:\program files\install.exe 2008-11-04 12:27 . 2008-11-04 12:27 6049 ----a-w- c:\program files\p6i2kkww.cab 2008-11-04 12:27 . 2008-11-04 12:27 4943 ----a-w- c:\program files\P6i2zhcn.cab . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-03 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-01-29 23975720] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GEST"="m’|\ü" [X] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-05 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-05 137752] "TomTomHOME.exe"="c:\program files\TomTom HOME\TomTomHOME.exe" [2007-05-15 3975848] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-09 196608] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168] "RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "WOOTASKBARICON"="c:\program files\Wanadoo\taskbaricon.exe" [2004-10-05 61440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-28 199184] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT] 2004-08-23 13:50 122880 ----a-w- c:\progra~1\Wanadoo\Shell.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] 2004-10-14 15:55 32768 ------w- c:\progra~1\Wanadoo\GestMAJ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] 2004-08-23 13:49 20480 ------w- c:\progra~1\Wanadoo\Watch.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Microsoft Office\\OFFICE11\\WINWORD.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/09/2009 19:10 108289] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06/11/2009 21:09 54752] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 16:05 92008] S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07/10/2009 20:26 133104] S3 fsssvc;Service Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . Contenu du dossier 'Tâches planifiées' 2010-02-15 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-03 05:26] 2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 19:26] 2010-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-07 19:26] 2010-02-14 c:\windows\Tasks\User_Feed_Synchronization-{C50DBCA4-5ECF-4247-B753-ABCB2E8F44FD}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 17:36] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.orange.fr/ IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: { - c:\program files\Messenger\msmsgs.exe . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-bvcwr - c:\documents and settings\michel\local settings\application data\bvcwr.exe AddRemove-bvcwr - c:\documents and settings\michel\local settings\application data\bvcwr.exe AddRemove-PC-Optimizer - c:\program files\PCOptimizer\uninst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-15 19:08 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(1084) c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\eappprxy.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\windows\System32\FTRTSVC.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\igfxsrvc.exe c:\windows\RTHDCPL.EXE c:\program files\Windows Live\Contacts\wlcomm.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Heure de fin: 2010-02-15 19:11:01 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-15 18:10 Avant-CF: 56 971 816 960 octets libres Après-CF: 59 365 875 712 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect - - End Of File - - 063C2560A33228646B5CE899E706D69C
×
×
  • Créer...