Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

log hijackthis et antivir


mergez200

Messages recommandés

Boujour, sous les conseils de guronsan, je vous poste mes 2 rapports hijackthis et antivir:

 

ANTIVIR:

 


AntiVir PersonalEdition Classic
Report file date: mardi 24 octobre 2006  11:15

Scanning for 530860 virus strains and unwanted programs.

Licensed to:	  Avira AntiVir PersonalEdition Classic
Serial number:	0000149996-WURGE-0001
Platform:		 Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:		 nico
Computer name:	NICPORTAB

Version information:
AVSCAN.EXE   : 7.0.0.47	200744   21/08/2006 10:06:56
AVSCAN.DLL   : 7.0.0.45	41000	07/09/2006 10:56:33
LUKE.DLL	 : 7.0.0.47	118824   07/09/2006 10:32:33
LUKERES.DLL  : 7.0.0.47	9256	 07/09/2006 10:56:33
ANTIVIR0.VDF : 6.35.0.1	7371264  31/05/2006 10:35:27
ANTIVIR1.VDF : 6.36.0.89   1745920  02/10/2006 09:01:04
ANTIVIR2.VDF : 6.36.0.132  138752   17/10/2006 09:01:04
ANTIVIR3.VDF : 6.36.0.172  48640	24/10/2006 09:01:04
AVEWIN32.DLL : 7.2.0.32	1880576  24/10/2006 09:01:05
AVPREF.DLL   : 7.0.0.2	 23592	24/07/2006 12:36:04
AVREP.DLL	: 6.36.0.144  876584   24/10/2006 09:01:04
AVRPBASE.DLL : 7.0.0.0	 2162728  30/03/2006 08:43:31
AVPACK32.DLL : 7.2.0.0	 368680   21/07/2006 06:00:28
AVREG.DLL	: 6.31.0.90   27688	28/07/2005 10:06:36
NETNT.DLL	: 6.32.0.0	6696	 27/09/2005 07:56:49
NETNW.DLL	: 7.0.0.0	 9768	 24/07/2006 12:35:55
RCIMAGE.DLL  : 7.0.0.74	1642536  01/08/2006 11:22:57
RCTEXT.DLL   : 7.0.1.4	 77864	24/10/2006 09:01:02

Configuration settings for the scan:
Jobname.......................: Local Drives
Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Boot sectors..................: C,E,D
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 1
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Skipped archive types.........: 1000,1001,1002,1003,1004,1005,
Macro heuristic...............: 1
File heuristic................: 2
Primary action................: 1
Secondary action..............: 0

Start of the scan: mardi 24 octobre 2006  11:15


The scan of running processes will be started
4 Processes were scanned

Start scanning boot sectors:

Boot sector 'C:\'
  [NOTE]	  No virus was found!
Boot sector 'E:\'
  [NOTE]	  No virus was found!

Starting to scan the registry.
The registry was scanned ( 18 files ).


Starting the file scan:

C:\pagefile.sys
  [WARNING]   The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
  [WARNING]   The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
  [WARNING]   The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
  [WARNING]   The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
  [WARNING]   The file could not be opened!
C:\Documents and Settings\nico\NTUSER.DAT
  [WARNING]   The file could not be opened!
C:\Documents and Settings\nico\ntuser.dat.LOG
  [WARNING]   The file could not be opened!
C:\Documents and Settings\nico\Application Data\Thunderbird\Profiles\hnnpvxnc.default\mail\local folders\junk
 [0] Archive type: Netscape/Mozilla Mailbox
 --> Mailbox_[From: "FIFTH THIRD bank" <onlinesupport-id-05381383.c][Subject: Fifth Third Bank: Urgent Notification From Bill]496.mim
  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.O
  [1] Archive type: MIME
  --> file0.mim
	  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.O
	[2] Archive type: MIME
	--> file1.html
		[DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.G
 --> Mailbox_[From: "FIFTH THIRD bank" <[email protected]][Subject: Fifth Third Bank: urgent security notice for cl]562.mim
  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.N
  [1] Archive type: MIME
  --> file0.mim
	  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.N
 --> Mailbox_[From: "FIFTH THIRD bank, 2006" <customercare-68019778][Subject: Fifth Third Bank - Client's Data Verification]586.mim
  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.N
  [1] Archive type: MIME
  --> file0.mim
	  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.N
 --> Mailbox_[From: "Fifth Third Bank 2006" <customerssupport-32249][Subject: Update your account records [Thu, 25 May 2006 1]758.mim
  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.O
  [1] Archive type: MIME
  --> file0.mim
	  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.O
	[2] Archive type: MIME
	--> file1.html
		[DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.G
 --> Mailbox_[From: "FIFTH THIRD bank" <customersupport_056.cust@53][Subject: Fifth Third Bank - Please VaIidate Your Account]760.mim
  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.O
  [1] Archive type: MIME
  --> file0.mim
	  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.O
	[2] Archive type: MIME
	--> file1.html
		[DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.G
 --> Mailbox_[From: "Fifth Third Bank'06" <support-ref196395252.cus][Subject: Customer Notice: Instructions For Client [Wed, ]788.mim
  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/FifthThir.F.4
  [1] Archive type: MIME
  --> file0.mim
	  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/FifthThir.F.4
 --> Mailbox_[From: "Fifth Third Bank" <[email protected]][Subject: Fifth Third Bank: Confirm Your DetaiIs To Avoid]1152.mim
  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.2
  [1] Archive type: MIME
  --> file0.mim
	  [DETECTION] Contains signature of the Phish-Fiule/Email PHISH/53Bkfraud.2
  [WARNING]   The file was ignored!
C:\Documents and Settings\nico\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
  [WARNING]   The file could not be opened!
C:\Documents and Settings\nico\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
  [WARNING]   The file could not be opened!
C:\WINDOWS\system32\ActiveScan\pskavs.dll
  [DETECTION] Contains signature of the Windows virus W95/Blumblebee.1738
  [INFO]	  The file was moved to '45a8f186.qua'!
C:\WINDOWS\system32\config\DEFAULT
  [WARNING]   The file could not be opened!
C:\WINDOWS\system32\config\default.LOG
  [WARNING]   The file could not be opened!
C:\WINDOWS\system32\config\SAM
  [WARNING]   The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
  [WARNING]   The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
  [WARNING]   The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
  [WARNING]   The file could not be opened!
C:\WINDOWS\system32\config\SOFTWARE
  [WARNING]   The file could not be opened!
C:\WINDOWS\system32\config\software.LOG
  [WARNING]   The file could not be opened!
C:\WINDOWS\system32\config\SYSTEM
  [WARNING]   The file could not be opened!
C:\WINDOWS\system32\config\system.LOG
  [WARNING]   The file could not be opened!


End of the scan: mardi 24 octobre 2006  13:03
Used time:  1:48:15 min

The scan has been canceled!

  7672 Scanning directories
283360 Files were scanned
 18 viruses and/or unwanted programs were found
  0 files were deleted
  0 files were repaired
  1 files were moved to quarantine
  0 files were renamed
  9975 Archives were scanned
 20 Warnings
  2 Notes

 

Hijackthis:

 

Logfile of HijackThis v1.99.1
Scan saved at 13:40:16, on 24/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\nico\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://support.euro.dell.com/support/topics/global.aspx/support/my_systems_info/en/details?c=be&cs=bedhs1&l=fr&s=dhs&~tab=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - https://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service d'état ASP.NET (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQL Server Browser (SQLBrowser) - Unknown owner - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

 

Antivir a donc détecté 18 virus en mode sans échec et déplacé un en quarantaine, mais rien n'est nettoyé...

Merci pour vos conseils.

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...