Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Optimisation de la sécurité de mon PC

neuhronnes

Par neuhronnes
dans Analyses et éradication malwares

 Partager

Messages recommandés

neuhronnes Junior Member

neuhronnes

Posté(e)
Posté(e)

Salut!

 

Depuis quelque temps je ne pouvais pas mettre à jour AVG ceci pour une/des raison(s) inconnue(s) (Est-ce du par à un virus, un Trojan ou bien un simple BUG d'AVG?).

Après une reinstall complète d'AVG j'ai su regler le problème de la mise à jour. Ceci n'a pas enlevé mes doutes sur l'efficacité de ce soft car suite a plusieurs

scans (en mode safe et normal) AVG a trouvé a les choses suivantes:

 

- Des tracking cookies: Tradedoubler, 2o7, Atdmt, Adviva, Adbrite, Yieldmanager

- Un Adware: Zango

- Un virus: ProcHider.

 

Je souhaiterai faire donc une double vérification de mon ordi pour voir si j'ai pas plus de Mxxxx et pour virer ensuite tout ce beau monde.

 

Je ne sais pas par quoi commencer et quoi installer. Sauriez-vous me conseiller sur les démarches à faire?

 

Vos conseils sont les bienvenus!!! Thanks!

Neuhronnes

 

Info:

Antivirus: AVG 9.0.872

OS: Vista Business (32 bit) pack 2

neuhronnes Junior Member

neuhronnes

Posté(e)
  • Auteur
Posté(e) (modifié)

Me re-voila!!

 

Mon ordi rencontre des lenteurs au lancement d'applications et allant sur internet, j'utilise les navigateurs: IE 8, Firefox 3.

 

Après plusieurs vérifications avec AVG, Malewarebytes et Hijackthis j'ai découverts que j'avais plusieurs fichiers malveillants sur différentes mes partitions (NTFS) C:\ et D:\. Voir ce lien pour la config complete de mon ordi: http://forum.zebulon.fr/index.php?app=maconfig&module=maconfig&section=maconfigprint&idm=222592.

 

Je voudrais savoir si un fichier malveillant de ma partition D:\ pourraient influencer le comportement des applications (Windows et autre applications) se trouvant sur mon C:\ même si je n'ai pas éxécuté des fichier .exe. Avez-vous besoin d'autres informations pour pouvoir m'aider? Devrais-je installer Antivir ou bien Avast et faire un scan complet afin d'avoir l'avis d'un autre Antivirus?

 

 

Sinon dernièrement j'ai fait les démarches suivantes (les fichiers log se trouvent en fin de ce POST):

> Réinstallation complète d'AVG (car il ne voulait plus se mettre à jour) et scan (complet) mis sous quarantaine maintenant.

> Installation de Malwarebytes et scan (complet) mis sous quarantaine maintenant.

> Installation d'HijackThis et création de log.

 

 

> LOG AVG:

 

"Scan ""Scan whole computer"" completed."

"Infections";"8";"8";"0"

"Spyware";"1";"1";"0"

"Warnings";"3";"3";"0"

"Information";"4"

"Folders selected for scanning:";"Scan whole computer"

"Scan started:";"woensdag 24 november 2010, 3:35:48"

"Scan finished:";"woensdag 24 november 2010, 6:21:30 (2 hour(s) 45 minute(s) 41 second(s))"

"Total object scanned:";"1017135"

"User who launched the scan:";"admin"

 

"Infections"

"File";"Infection";"Result"

"D:\DATA\Lc\USB01\www\www\20100906-lc-website\lc.net\www_old\images\banners\.dat\psy.tar.gz:\psy.tar:\.psy\xh";"Virus identified Linux/ProcHider.C";"Moved to Virus

 

Vault"

"D:\DATA\Lc\USB01\www\www\20100906-lc-website\lc.net\www_old\images\banners\.dat\psy.tar.gz:\psy.tar:\.psy\proc";"Virus identified Linux/Small.L";"Moved to Virus

 

Vault"

"D:\DATA\Lc\USB01\www\www\20100906-lc-website\lc.net\www_old\images\banners\.dat\psy.tar.gz:\psy.tar";"Virus identified Linux/ProcHider.C";"Moved to Virus Vault"

"D:\DATA\Lc\USB01\www\www\20100906-lc-website\lc.net\www_old\images\banners\.dat\psy.tar.gz";"Virus identified Linux/ProcHider.C";"Moved to Virus Vault"

"D:\DATA\Lc\USB01\www\www\lc_website\images\banners\.dat\psy.tar.gz:\psy.tar:\.psy\xh";"Virus identified Linux/ProcHider.C";"Moved to Virus Vault"

"D:\DATA\Lc\USB01\www\www\lc_website\images\banners\.dat\psy.tar.gz:\psy.tar:\.psy\proc";"Virus identified Linux/Small.L";"Moved to Virus Vault"

"D:\DATA\Lc\USB01\www\www\lc_website\images\banners\.dat\psy.tar.gz:\psy.tar";"Virus identified Linux/ProcHider.C";"Moved to Virus Vault"

"D:\DATA\Lc\USB01\www\www\lc_website\images\banners\.dat\psy.tar.gz";"Virus identified Linux/ProcHider.C";"Moved to Virus Vault"

 

"Spyware"

"File";"Infection";"Result"

"C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000f07";"Adware Zango";"Moved to Virus Vault"

 

"Warnings"

"File";"Infection";"Result"

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\smz53rym.default\cookies.sqlite";"Found Tracking cookie.Atdmt";"Healed"

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\smz53rym.default\cookies.sqlite:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\smz53rym.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"

 

"Information"

"File";"Information";"Result"

"C:\Acer\Empowering Technology\eRecovery\Autorun\APP\CDMAKER\WMFDist.exe";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""

"D:\DATA\Projects\VZ\CD-Software\NEW\Clone DVD 2.8.5.1\clonedvdv2.8.5.1keygentsz.zip:\Keygen.exe";"Runtime packed fsg";""

"D:\DATA\Projects\VZ\CD-Software\NEW\Clone DVD 2.8.5.1\clonedvdv2.8.5.1keygentsz.zip";"Runtime packed fsg";""

"D:\DATA\Projects\VZ\CD-Software\NEW\Clone DVD 2.8.5.1\Keygen.exe";"Runtime packed fsg";""

 

 

> LOG MALWAREBYTES:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 5204

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

 

28-11-2010 18:09:45

mbam-log-2010-11-28 (18-09-45).txt

 

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 398949

Time elapsed: 3 hour(s), 55 minute(s), 1 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

D:\DATA\Downloads\Rochelle\watch online\Setup.exe (Adware.Seekmo) -> No action taken.

D:\DATA\Projects\VZ-Openstudio\CD-Software\NEW\Clone DVD 2.8.5.1\Keygen.exe (Trojan.Agent) -> No action taken.

 

 

> LOG HIJACKTHIS:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:33:07, on 29-11-2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18975)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\AMT\atchk.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Unlocker\UNLOCKERASSISTANT.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Infineon\Security Platform Software\SpTna.exe

C:\Users\admin\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\AVG\AVG9\avgui.exe

C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IELowutil.exe

C:\Users\admin\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK & Ireland

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK & Ireland

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK & Ireland

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - 08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"

O4 - HKLM\..\Run: [iFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [uNLOCKERASSISTANT] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - Microsoft Automated Troubleshooting Services

O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) -

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\WinNotify.dll

O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Users\admin\xampp\xampp\apache\bin\httpd.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: FileZilla Server - FileZilla Project - C:\Users\admin\xampp\xampp\FileZillaFTP\FileZilla server.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MySQL - MySQL AB - C:\Users\admin\xampp\xampp\mysql\bin\mysqld.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 11346 bytes

Modifié par neuhronnes
  • 2 semaines après...
neuhronnes Junior Member

neuhronnes

Posté(e)
  • Auteur
Posté(e)

Me re-voila!!

 

Mon ordi rencontre des lenteurs au lancement d'applications et allant sur internet, j'utilise les navigateurs: IE 8, Firefox 3.

 

Après plusieurs vérifications avec AVG, Malewarebytes et Hijackthis j'ai découverts que j'avais plusieurs fichiers malveillants sur différentes mes partitions (NTFS) C:\ et D:\. Voir ce lien pour la config complete de mon ordi: http://forum.zebulon...int&idm=222592.

 

Je voudrais savoir si un fichier malveillant de ma partition D:\ pourraient influencer le comportement des applications (Windows et autre applications) se trouvant sur mon C:\ même si je n'ai pas éxécuté des fichier .exe. Avez-vous besoin d'autres informations pour pouvoir m'aider? Devrais-je installer Antivir ou bien Avast et faire un scan complet afin d'avoir l'avis d'un autre Antivirus?

 

 

Sinon dernièrement j'ai fait les démarches suivantes (les fichiers log se trouvent en fin de ce POST):

> Réinstallation complète d'AVG (car il ne voulait plus se mettre à jour) et scan (complet) mis sous quarantaine maintenant.

> Installation de Malwarebytes et scan (complet) mis sous quarantaine maintenant.

> Installation d'HijackThis et création de log.

 

 

> LOG AVG:

 

"Scan ""Scan whole computer"" completed."

"Infections";"8";"8";"0"

"Spyware";"1";"1";"0"

"Warnings";"3";"3";"0"

"Information";"4"

"Folders selected for scanning:";"Scan whole computer"

"Scan started:";"woensdag 24 november 2010, 3:35:48"

"Scan finished:";"woensdag 24 november 2010, 6:21:30 (2 hour(s) 45 minute(s) 41 second(s))"

"Total object scanned:";"1017135"

"User who launched the scan:";"admin"

 

"Infections"

"File";"Infection";"Result"

"D:\DATA\Lc\USB01\www\www\20100906-lc-website\lc.net\www_old\images\banners\.dat\psy.tar.gz:\psy.tar:\.psy\xh";"Virus identified Linux/ProcHider.C";"Moved to Virus

 

Vault"

"D:\DATA\Lc\USB01\www\www\20100906-lc-website\lc.net\www_old\images\banners\.dat\psy.tar.gz:\psy.tar:\.psy\proc";"Virus identified Linux/Small.L";"Moved to Virus

 

Vault"

"D:\DATA\Lc\USB01\www\www\20100906-lc-website\lc.net\www_old\images\banners\.dat\psy.tar.gz:\psy.tar";"Virus identified Linux/ProcHider.C";"Moved to Virus Vault"

"D:\DATA\Lc\USB01\www\www\20100906-lc-website\lc.net\www_old\images\banners\.dat\psy.tar.gz";"Virus identified Linux/ProcHider.C";"Moved to Virus Vault"

"D:\DATA\Lc\USB01\www\www\lc_website\images\banners\.dat\psy.tar.gz:\psy.tar:\.psy\xh";"Virus identified Linux/ProcHider.C";"Moved to Virus Vault"

"D:\DATA\Lc\USB01\www\www\lc_website\images\banners\.dat\psy.tar.gz:\psy.tar:\.psy\proc";"Virus identified Linux/Small.L";"Moved to Virus Vault"

"D:\DATA\Lc\USB01\www\www\lc_website\images\banners\.dat\psy.tar.gz:\psy.tar";"Virus identified Linux/ProcHider.C";"Moved to Virus Vault"

"D:\DATA\Lc\USB01\www\www\lc_website\images\banners\.dat\psy.tar.gz";"Virus identified Linux/ProcHider.C";"Moved to Virus Vault"

 

"Spyware"

"File";"Infection";"Result"

"C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000f07";"Adware Zango";"Moved to Virus Vault"

 

"Warnings"

"File";"Infection";"Result"

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\smz53rym.default\cookies.sqlite";"Found Tracking cookie.Atdmt";"Healed"

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\smz53rym.default\cookies.sqlite:\atdmt.com.7247c262";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"

"C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\smz53rym.default\cookies.sqlite:\atdmt.com.b3e33b5f";"Found Tracking cookie.Atdmt";"Moved to Virus Vault"

 

"Information"

"File";"Information";"Result"

"C:\Acer\Empowering Technology\eRecovery\Autorun\APP\CDMAKER\WMFDist.exe";"The file is signed with a broken digital signature, issued by: Microsoft Corporation.";""

"D:\DATA\Projects\VZ\CD-Software\NEW\Clone DVD 2.8.5.1\clonedvdv2.8.5.1keygentsz.zip:\Keygen.exe";"Runtime packed fsg";""

"D:\DATA\Projects\VZ\CD-Software\NEW\Clone DVD 2.8.5.1\clonedvdv2.8.5.1keygentsz.zip";"Runtime packed fsg";""

"D:\DATA\Projects\VZ\CD-Software\NEW\Clone DVD 2.8.5.1\Keygen.exe";"Runtime packed fsg";""

 

 

> LOG MALWAREBYTES:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 5204

 

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18975

 

28-11-2010 18:09:45

mbam-log-2010-11-28 (18-09-45).txt

 

Scan type: Full scan (C:\|D:\|E:\|)

Objects scanned: 398949

Time elapsed: 3 hour(s), 55 minute(s), 1 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

D:\DATA\Downloads\Rochelle\watch online\Setup.exe (Adware.Seekmo) -> No action taken.

D:\DATA\Projects\VZ-Openstudio\CD-Software\NEW\Clone DVD 2.8.5.1\Keygen.exe (Trojan.Agent) -> No action taken.

 

 

> LOG HIJACKTHIS:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:33:07, on 29-11-2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18975)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\AMT\atchk.exe

C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\Unlocker\UNLOCKERASSISTANT.EXE

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Infineon\Security Platform Software\SpTna.exe

C:\Users\admin\AppData\Local\Temp\RtkBtMnt.exe

C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\AVG\AVG9\avgui.exe

C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IELowutil.exe

C:\Users\admin\Desktop\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! UK & Ireland

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! UK & Ireland

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! UK & Ireland

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! UK & Ireland

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - 08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)

R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll

O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"

O4 - HKLM\..\Run: [iFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon

O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe

O4 - HKLM\..\Run: [setPanel] C:\Acer\APanel\APanel.cmd

O4 - HKLM\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [uNLOCKERASSISTANT] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx...owserPlugin.cab

O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - Microsoft Automated Troubleshooting Services

O16 - DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} (CycloScopeLite Control) -

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio-Protection fingerprint solution\WinNotify.dll

O20 - Winlogon Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Users\admin\xampp\xampp\apache\bin\httpd.exe

O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Intel® Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe

O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe

O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe

O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: eDataSecurity Service - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe

O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

O23 - Service: FileZilla Server - FileZilla Project - C:\Users\admin\xampp\xampp\FileZillaFTP\FileZilla server.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe

O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Intel® Active Management Technology Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\AMT\LMS.exe

O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MySQL - MySQL AB - C:\Users\admin\xampp\xampp\mysql\bin\mysqld.exe

O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe

O23 - Service: Intel® Active Management Technology User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\AMT\UNS.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 11346 bytes

 

 

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

POST FERME. La suite et suivi de ce POST est repris ailleurs, voir à >>>> Acer Vista (32bits) business lent

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Invité
Ce sujet ne peut plus recevoir de nouvelles réponses.
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...