|
|
Auteur
|
Message
|
1
|
|
|
|
Bonjour a tous,
J'ai choper ceci : TR/Crypt.XPACK.Gen
Depuis c'est un peu le bordel avec mon anti-virus (hier il ma saturé ma ram avec que des apparition de fenêtre de ce virus).
Donc j'ai comme anti-virus Antivir, j'ai fait des recherches sur différents forum pour en arriver a la conclusion qu'il vous faudrait un rapport de scan pour que vous puissiez m'aider.
Le voici :
Spoiler :
Avira AntiVir Personal
Report file date: vendredi 30 mai 2008 07:20
Scanning for 1301396 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-JÉROME
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 19:59:29
ANTIVIR3.VDF : 7.0.4.113 361984 Bytes 29/05/2008 19:59:40
Engineversion : 8.1.0.49
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.36 270714 Bytes 29/05/2008 20:00:23
AESCN.DLL : 8.1.0.20 119157 Bytes 29/05/2008 20:00:21
AERDL.DLL : 8.1.0.20 418165 Bytes 29/05/2008 20:00:19
AEPACK.DLL : 8.1.1.5 364918 Bytes 29/05/2008 20:00:13
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 29/05/2008 20:00:08
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 29/05/2008 20:00:05
AEHELP.DLL : 8.1.0.15 115063 Bytes 29/05/2008 19:59:52
AEGEN.DLL : 8.1.0.23 307573 Bytes 29/05/2008 19:59:51
AEEMU.DLL : 8.1.0.6 430451 Bytes 29/05/2008 19:59:47
AECORE.DLL : 8.1.0.30 168311 Bytes 29/05/2008 19:59:43
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:program filesaviraantivir personaledition classicsysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 30 mai 2008 07:20
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'ALU.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StkCSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'AlertModule.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'SMLaunch.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SystrayApp.exe' - '1' Module(s) have been scanned
Scan process 'oopmagentts.exe' - '1' Module(s) have been scanned
Scan process 'PowerForPhone.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'DMedia.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'ACEngSvr.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'BatteryLife.exe' - '1' Module(s) have been scanned
Scan process 'ACMON.exe' - '1' Module(s) have been scanned
Scan process 'wcourier.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD2.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'ASLDRSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
73 processes with 73 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:'
[INFO] No virus was found!
Boot sector 'D:'
[INFO] No virus was found!
Starting to scan the registry.
C:WindowsSystem32efcCrPjI.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
The registry was scanned ( '22' files ).
Starting the file scan:
Begin scan in 'C:' <VistaOS>
C:hiberfil.sys
[WARNING] The file could not be opened!
C:pagefile.sys
[WARNING] The file could not be opened!
C:UsersJérômeAppDataLocalTemptmp0000bbee
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48af91f6.qua'!
C:WindowsSystem32efcCrPjI.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] A backup was created as '48a29391.qua' ( QUARANTINE )
[WARNING] The file could not be deleted!
C:WindowsSystem32driverssptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:' <DATA>
End of the scan: vendredi 30 mai 2008 07:47
Used time: 26:54 min
The scan has been done completely.
12551 Scanning directories
204180 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
204177 Files not concerned
1828 Archives were scanned
5 Warnings
2 Notes
Merci de vos réponses et de l'intérêt que vous portez a mon problème.
-->Message édité par zilly01 le 01/06/2008 16:47:45<--
|
|
|
|
|
Salut,
~ Télécharge Hijackthis sur ton Bureau. Editeur : Trend Micro ~
~ Double cliques sur le fichier d'installation ( HJTInstall.exe ) présent sur le Bureau. ~
~ Cliques ensuite sur : "Install" pour installer Hijackthis. ~
~ Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. ~
~ Une fois Hijackthis lancé, Accepte le licence et chosis l'option : "Do a system scan and save a logfile". ~
~ Lorsque le scan sera terminé, un Bloc-Notes s'ouvrira. ~
~ Poste dans ta prochaine réponse, le contenu de ce Bloc-Notes. ~
N.B : Le rapport se trouve aussi dans le dossier d'installation d'Hijackthis. ( Hijackthis.log )
En cas de problèmes, consulte l'aide Hijackthis qui te résume tout depuis le début.
|
|
|
|
|
Merci de ta reponse rapide ^^
Voila le scan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:08, on 31/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\System32\oopmagentts.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Super macro\SMLaunch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Users\Jérôme\Downloads\texmod\Texmod.exe
C:\Program Files\GUILD WARS\Gw.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Windows\System32\calc.exe
C:\Windows\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {567020CE-1E8F-4C7B-A943-ECC5BB0CBF6E} - C:\Windows\system32\efccbCtS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {87862E26-BDA0-4A78-B94C-86BCB9428A6F} - C:\Windows\system32\efcCrPjI.dll (file missing)
O2 - BHO: {67c8bc3a-41c3-d67b-6e94-7d9ebefa96fc} - {cf69afeb-e9d7-49e6-b76d-3c14a3cb8c76} - C:\Windows\system32\uwibccrd.dll
O2 - BHO: (no name) - {ECD5E369-41AA-4BE4-B7DE-4E12B714F691} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ooquickpdfv7] "C:\Windows\system32\oopmagentts.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SMLaunch] C:\Program Files\Super macro\SMLaunch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\efcCrPjI.dll,#1
O4 - HKLM\..\Run: [3223d839] rundll32.exe "C:\Windows\system32\bggicted.dll",b
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BM3110eba5] Rundll32.exe "C:\Windows\system32\rgmfncok.dll",s
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Y'z Shadow.lnk = C:\Windows\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\Windows\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O13 - Gopher Prefix:
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.ca(...)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
--
End of file - 8361 bytes
-->Message édité par zilly01 le 31/05/2008 14:54:08<--
|
|
|
|
|
Salut,
~ Télécharge ComboFix sur ton Bureau. Editeur : sUBs ~
~ Désactive tes protection résidentes ( Antivirus, Spybot TeaTimer ... ) ~
Lis ce Tutorial, qui peut t'aider à désactiver les protections résidentes, de tes Antivirus et assimilés.
~ Double clique sur "ComboFix.exe" présent sur ton Bureau afin de le lancer ~
~ Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport ("C:\combofix.txt") dans ta prochaine réponse. ~
Si tu rencontres des problèmes sur l'utilisation de ComboFix, consulte le guide d'utilisation de ComboFix.
|
|
|
|
|
Voila
ComboFix 08-05-29.1 - Jérôme 2008-05-31 15:22:51.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1554 [GMT 2:00]
Endroit: C:\Users\Jérôme\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\uninstall.exe
C:\Windows\system32\bggicted.dll
C:\Windows\System32\cMTDMUvw.ini
C:\Windows\System32\cMTDMUvw.ini2
C:\Windows\system32\detciggb.ini
C:\Windows\system32\dhutactb.exe
C:\Windows\System32\fhijRXyb.ini
C:\Windows\System32\fhijRXyb.ini2
C:\Windows\system32\fulpgndj.ini
C:\Windows\System32\gfPonnmp.ini
C:\Windows\System32\gfPonnmp.ini2
C:\Windows\system32\gofdeuko.dll
C:\Windows\System32\hcxiyvqd.ini
C:\Windows\System32\ipgccrio.ini
C:\Windows\system32\itvngraq.ini
C:\Windows\System32\livcxtna.ini
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\pinhvepp.ini
C:\Windows\system32\qtmkhsmj.dll
C:\Windows\system32\rgmfncok.dll
C:\Windows\System32\rnbeqhco.ini
C:\Windows\system32\rruwafep.exe
C:\Windows\System32\StCbccfe.ini
C:\Windows\System32\StCbccfe.ini2
C:\Windows\system32\uwibccrd.dll
C:\Windows\system32\voiavjif.dll
C:\Windows\system32\WinNB55.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 12:46 --------- d-----w C:\Program Files\Trend Micro
2008-05-31 10:40 --------- d-----w C:\ProgramData\Avira
2008-05-31 08:29 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-30 05:32 --------- d-----w C:\Program Files\Google
2008-05-29 19:51 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-05-29 19:14 --------- d-----w C:\ProgramData\Avg7
2008-05-27 18:58 --------- d-----w C:\Program Files\Workspace Macro Pro 6.5
2008-05-27 18:58 --------- d-----w C:\Program Files\Macro Runner
2008-05-26 05:18 --------- d-----w C:\Program Files\Super macro
2008-05-24 20:15 --------- d-----w C:\Program Files\GUILD WARS
2008-05-24 20:03 --------- d-----w C:\Program Files\ASUS
2008-05-24 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 19:48 --------- d-----w C:\Program Files\THQ
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-11 18:47 --------- d-----w C:\Program Files\SurfingEnhancer
2008-05-11 14:43 --------- d-----w C:\Program Files\FBrowsingAdvisor
2008-05-11 14:43 --------- d-----w C:\Program Files\FBrowserAdvisor
2008-05-07 19:07 --------- d-----w C:\Program Files\iTunes
2008-05-07 19:00 --------- d-----w C:\ProgramData\Apple Computer
2008-05-07 19:00 --------- d-----w C:\Program Files\iPod
2008-05-07 18:59 --------- d-----w C:\Program Files\QuickTime
2008-05-07 18:57 --------- d-----w C:\Program Files\Apple Software Update
2008-05-07 18:56 --------- d-----w C:\ProgramData\Apple
2008-05-07 18:56 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-07 17:48 --------- d-----w C:\Program Files\SAGEM
2008-05-07 17:47 --------- d-----w C:\Program Files\Securitoo
2008-05-07 16:53 --------- d-----w C:\Program Files\Microsoft Games
2008-05-03 09:43 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-03 09:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 09:08 --------- d-----w C:\Program Files\CapCom
2008-05-01 17:04 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-02 14:35 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-28 18:14 --------- d-----w C:\ProgramData\Ubisoft
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{567020CE-1E8F-4C7B-A943-ECC5BB0CBF6E}]
2008-05-29 21:52 278528 --a------ C:\Windows\system32\efccbCtS.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87862E26-BDA0-4A78-B94C-86BCB9428A6F}]
C:\Windows\system32\efcCrPjI.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 13:43 729088]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-10 08:46 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-10 08:46 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-10 08:46 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 07:36 4186112 C:\Windows\RtHDVCpl.exe]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 18:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 07:27 815104]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-11 03:36 778240]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"ooquickpdfv7"="C:\Windows\system32\oopmagentts.exe" [2007-07-05 21:41 69632]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 19:16 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"SMLaunch"="C:\Program Files\Super macro\SMLaunch.exe" [2006-10-18 16:58 444928]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"MSServer"="C:\Windows\system32\efcCrPjI.dll" [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{87862E26-BDA0-4A78-B94C-86BCB9428A6F}"= C:\Windows\system32\efcCrPjI.dll [ ]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2378666241-3016407558-2988176326-1000]
"EnableNotificationsRef"=dword:00000003
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6132485F-11BE-410B-A3EF-E5A61857A9A6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A719EC97-FA04-4D9E-8BAB-F4C80B6045E6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{82CD8A35-5EE0-4438-83E2-8B884EF564BB}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{28FC1C4B-9762-4BD7-B824-A6428FAC4CDA}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{3FA4D475-7451-4209-A112-329D923EC495}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{61E01CC8-5CA8-4CFF-ACD7-E67E849EE2B6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{52394576-C728-4425-8494-28BA7E35F9D0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{87DE65A6-657F-488B-93DD-A6CD10823430}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0C0338BF-AFE9-460E-BF97-80A02C952DAD}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-10 18:31]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2006-12-21 20:36]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
S3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 01:37]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Launch.exe /run
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54cb6990-a978-11db-8e07-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6edfc3e2-9a7c-11dc-b4db-001a923e29d8}]
\shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\shell\dinstall\command - F:\Directx\dxsetup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-30 15:16:55 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-31 08:22:17 C:\Windows\Tasks\User_Feed_Synchronization-{F9C8BD05-8EAC-481B-B4B0-EC832FB56568}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 15:28:52
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-31 15:31:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-31 13:31:46
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
210
|
|
|
|
|
Re,
~ Télécharge Malware Byte's Anti-Malware. Editeur : Malware Byte's ~
~ Double cliques sur le fichier d'installation ( Download_mbam-setup.exe ) présent sur le Bureau. ~
~ Une fois l'installation terminée et les mises à jour éffectuées, redémarre ton ordinateur en mode sans échec. ~
Si tu ne sais pas comment faire, consulte : Comment démarrer en mode sans échec ?
~ Une fois en mode sans échec, éxécute MalwareByte's Anti-Malware, puis lance un Examen complet, à l'aide du bouton Rechercher. ~
~ Lorsque l'examen sera terminé, une fenêtre s'ouvrira : Clique sur OK. ~
~ Dès lors, deux choix se présente à toi : ~
Si l'Anti-Malware n'a rien détecté, appuie sur OK. Un rapport apparait ensuite, ferme-le.
Si l'Anti-Malware à détecté des infections, appuie sur Afficher les résultats, puis Supprimer la sélection. Enregistre alors le rapport sur ton Bureau, afin de le poster dans ta prochaine réponse.
N.B : Un redémarrage de l'ordinateur peut être demandé pour supprimer les infections.
Si tu rencontre des problèmes sur l'utilisation de Malware Byte's Anti-Malware, consulte : Le Tutorial en images de Malware Byte's Anti-Malware.
|
|
|
|
|
Merci de m'aider
Alors voila le rapport, il y a pas mal de chose (41 objets infectés), et certain n'ont pas pu être supprimé ( a moins que cela ne se fasse au redemarage)
Malwarebytes' Anti-Malware 1.14
Version de la base de données: 807
17:39:36 31/05/2008
mbam-log-5-31-2008 (17-39-36).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 118400
Temps écoulé: 17 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 16
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Windows\System32\efccbCtS.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{87862e26-bda0-4a78-b94c-86bcb9428a6f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87862e26-bda0-4a78-b94c-86bcb9428a6f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mirar (AdWare.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{429d9ef3-b774-4080-b662-87853a15ee6c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{429d9ef3-b774-4080-b662-87853a15ee6c} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{87862e26-bda0-4a78-b94c-86bcb9428a6f} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3223d839 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BM3110eba5 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efccbcts -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Users\Jérôme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\dhutactb.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Windows\System32\rruwafep.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Users\Jérôme\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B0BIP0CT\kb713501[1] (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Users\Jérôme\AppData\Local\Temp\kjrmcqwh.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.lnk (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
C:\Windows\System32\grjhefmh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\jlooexwi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\efccbCtS.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\hgGaYpqn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
-->Message édité par zilly01 le 31/05/2008 17:46:47<--
|
|
|
|
|
Pas mal pas mal ...
Télécharge Ccleaner. En cliquant sur "Download the lastest version".
/ ! \ Avant de télécharger vérifie que tu ne l'as pas déjà su ton PC, c'est un logiciel très répandu, si tu l'as sur ton PC, ne le réinstalle pas et continue le reste des manipulations / ! \
Installe-le.
Décoche "Ajouter la barre d'outil Yahoo", lors de l'installation du programme.
Télécharge AVG Anti-Spyware.
Enregistre le sur le bureau.
Installe-le.
A la fin de l'installation, fais une mise à jour. Ne fais pas d'analyse pour le moment.
Lis bien le reste de la procedure tu n'auras pas internet pendant le mode sans échec
Lance CCleaner.
Clique sur "Analyse", puis "Lancer le nettoyage", puis sur "Ok" dans la fenêtre qui s'affiche.
Vas dans l'onglet "Registre", puis "Chercher les erreurs", puis sur "Réparrer les erreurs", enregistre les changements du registre. Fais ensuite "Corriger toutes les erreurs sélectionnées".
Quitte CCleaner.
Lance AVG Anti-Spyware.
Vas dans l'onglet "Analyse", puis "Parametres", applique l'option "Qarantaine", pour "Comment réagir".
Fais une "Analyse complète du systeme".
A la fin, fais "Appliquer toutes les actions"
Quitte AVG Anti-Spyware.
Redemarre ton ordinateur normalement.
Poste le rapport dans ta prochaine réponse.
|
|
|
|
|
Voici le rapport d'AVG anti-spyware
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 19:24:01 31/05/2008
+ Résultat de l'analyse:
C:\Users\Jérôme\Documents\LimeWire\Saved\haggard e la morte.mp3 -> Downloader.Wimad.n : Aucune action entreprise.
C:\Users\Jérôme\Documents\LimeWire\Saved\dawn of war soulstorm.zip/Setup.exe -> Not-A-Virus.Adware.Agent : Aucune action entreprise.
C:\QooBox\Quarantine\C\Windows\System32\WinNB55.dll.vir -> Not-A-Virus.Adware.Mirar : Aucune action entreprise.
Fin du rapport
PS : j'ai fait le rapport avant de faire "appliquer toutes les actions", tout c'est bien deroulé ...
-->Message édité par zilly01 le 31/05/2008 19:32:11<--
|
|
|
|
|
D'accord,
C:\Users\Jérôme\Documents\LimeWire\Saved\haggard e la morte.mp3 -> Downloader.Wimad.n : Aucune action entreprise.
Fais attention lorsque tu pratiques le P2P, tu risques encore l'infection.
Reposte un rapport ComboFix.
|
|
|
|
|
Voila, pour ce qui es de limewire, lorsque j'ai vu que je n'es pas réussi a avoir cette music, je l'ai désinstallée.
Voila pour combofix :
ComboFix 08-05-29.1 - Jérôme 2008-05-31 20:20:30.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1808 [GMT 2:00]
Endroit: C:\Users\Jérôme\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\hmfehjrg.ini
C:\Windows\System32\StCbccfe.ini
C:\Windows\System32\StCbccfe.ini2
C:\Windows\system32\uhebguyr.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-31 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 16:54 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-31 16:46 --------- d-----w C:\ProgramData\Grisoft
2008-05-31 16:38 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-05-31 16:37 --------- d-----w C:\Program Files\Yahoo!
2008-05-31 16:37 --------- d-----w C:\Program Files\CCleaner
2008-05-31 15:10 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-31 15:10 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 12:46 --------- d-----w C:\Program Files\Trend Micro
2008-05-31 10:40 --------- d-----w C:\ProgramData\Avira
2008-05-31 08:29 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-30 05:32 --------- d-----w C:\Program Files\Google
2008-05-29 23:06 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-05-29 23:06 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-29 19:51 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-05-29 19:14 --------- d-----w C:\ProgramData\Avg7
2008-05-27 18:58 --------- d-----w C:\Program Files\Workspace Macro Pro 6.5
2008-05-27 18:58 --------- d-----w C:\Program Files\Macro Runner
2008-05-26 05:18 --------- d-----w C:\Program Files\Super macro
2008-05-24 20:15 --------- d-----w C:\Program Files\GUILD WARS
2008-05-24 20:03 --------- d-----w C:\Program Files\ASUS
2008-05-24 19:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-24 19:48 --------- d-----w C:\Program Files\THQ
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-11 18:47 --------- d-----w C:\Program Files\SurfingEnhancer
2008-05-07 19:07 --------- d-----w C:\Program Files\iTunes
2008-05-07 19:00 --------- d-----w C:\ProgramData\Apple Computer
2008-05-07 19:00 --------- d-----w C:\Program Files\iPod
2008-05-07 18:59 --------- d-----w C:\Program Files\QuickTime
2008-05-07 18:57 --------- d-----w C:\Program Files\Apple Software Update
2008-05-07 18:56 --------- d-----w C:\ProgramData\Apple
2008-05-07 18:56 --------- d-----w C:\Program Files\Common Files\Apple
2008-05-07 17:48 --------- d-----w C:\Program Files\SAGEM
2008-05-07 17:47 --------- d-----w C:\Program Files\Securitoo
2008-05-07 16:53 --------- d-----w C:\Program Files\Microsoft Games
2008-05-03 09:43 --------- d-----w C:\Program Files\AGEIA Technologies
2008-05-03 09:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-03 09:08 --------- d-----w C:\Program Files\CapCom
2008-05-01 17:04 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-02 14:35 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-03-28 18:14 --------- d-----w C:\ProgramData\Ubisoft
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-05-31_15.31.14.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-31 13:28:10 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-31 18:25:28 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-31 18:25:30 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-31 13:28:42 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-31 18:26:48 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-31 13:28:42 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-31 18:26:48 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-31 13:28:45 45,056 ----a-w C:\Windows\System32\acovcnt.exe
+ 2008-05-31 18:26:53 45,056 ----a-w C:\Windows\System32\acovcnt.exe
- 2008-05-31 13:29:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-31 18:25:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-31 13:29:17 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-31 18:25:37 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-31 13:29:17 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-31 18:25:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-05-30 12:10:42 10,872 ----a-w C:\Windows\System32\drivers\AvgAsCln.sys
- 2008-05-31 10:49:59 104,598 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-31 17:33:12 104,598 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-31 10:49:59 118,288 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-05-31 17:33:12 118,288 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-05-31 10:49:59 610,816 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-31 17:33:12 610,816 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-31 10:49:59 692,508 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-05-31 17:33:12 692,508 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-05-31 09:06:43 9,222 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2378666241-3016407558-2988176326-1000_UserData.bin
+ 2008-05-31 17:28:31 9,748 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2378666241-3016407558-2988176326-1000_UserData.bin
- 2008-05-31 09:06:43 73,282 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-31 17:28:31 74,452 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-31 13:27:05 5,264 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
+ 2008-05-31 15:15:56 5,264 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat
- 2008-05-31 11:00:08 45,672 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-31 17:28:26 46,252 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{145E16A9-B9C3-410A-8B36-04A0E1064BDB}]
2008-05-29 21:52 278528 --------- C:\Windows\system32\efccbCtS.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 13:43 729088]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2006-12-10 08:46 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2006-12-10 08:46 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2006-12-10 08:46 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 07:36 4186112 C:\Windows\RtHDVCpl.exe]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 18:27 61440]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 07:27 815104]
"PowerForPhone"="C:\Program Files\PowerForPhone\PowerForPhone.exe" [2007-01-11 03:36 778240]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"ooquickpdfv7"="C:\Windows\system32\oopmagentts.exe" [2007-07-05 21:41 69632]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [2006-12-12 19:16 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"SMLaunch"="C:\Program Files\Super macro\SMLaunch.exe" [2006-10-18 16:58 444928]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2378666241-3016407558-2988176326-1000]
"EnableNotificationsRef"=dword:00000003
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6132485F-11BE-410B-A3EF-E5A61857A9A6}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A719EC97-FA04-4D9E-8BAB-F4C80B6045E6}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{82CD8A35-5EE0-4438-83E2-8B884EF564BB}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{28FC1C4B-9762-4BD7-B824-A6428FAC4CDA}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{3FA4D475-7451-4209-A112-329D923EC495}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{61E01CC8-5CA8-4CFF-ACD7-E67E849EE2B6}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{52394576-C728-4425-8494-28BA7E35F9D0}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{87DE65A6-657F-488B-93DD-A6CD10823430}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{0C0338BF-AFE9-460E-BF97-80A02C952DAD}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2006-12-10 18:31]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2006-12-21 20:36]
R3 WCPU;WCPU;C:\Program Files\P4G\WCPU.sys [2007-01-03 01:37]
S3 MBAMCatchMe;MBAMCatchMe;C:\Windows\system32\drivers\mbamcatchme.sys [2008-05-30 01:06]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\Launch.exe /run
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54cb6990-a978-11db-8e07-806e6f6e6963}]
\shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6edfc3e2-9a7c-11dc-b4db-001a923e29d8}]
\shell\AutoRun\command - F:\setup\rsrc\Autorun.exe
\shell\dinstall\command - F:\Directx\dxsetup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-30 15:16:55 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-05-31 08:22:17 C:\Windows\Tasks\User_Feed_Synchronization-{F9C8BD05-8EAC-481B-B4B0-EC832FB56568}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 20:27:01
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ATK Hotkey\HControl.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-31 20:30:39 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-31 18:30:31
ComboFix2.txt 2008-05-31 13:31:54
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associ‚ au num‚ro 0x2379 est introuvable dans le fichier de messages pour Application.
229
|
|
|
|
|
Salut,
Reposte un nouveau rapport HijackThis.
|
|
|
|
|
Le voici :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53:07, on 31/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\oopmagentts.exe
C:\Program Files\OrangeHSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Super macro\SMLaunch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ooquickpdfv7] "C:\Windows\system32\oopmagentts.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SMLaunch] C:\Program Files\Super macro\SMLaunch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Y'z Shadow.lnk = C:\Windows\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe
O4 - Startup: Y'z Toolbar.lnk = C:\Windows\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.ca(...)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe
--
End of file - 7430 bytes
-->Message édité par zilly01 le 31/05/2008 23:54:38<--
|
|
|
|
|
Salut,
Copie le texte se situant dans le cadre ci-dessous:
File::
C:\Windows\system32\oopmagentts.exe
C:\Windows\system32\efccbCtS.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{145E16A9-B9C3-410A-8B36-04A0E1064BDB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ooquickpdfv7"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
-------------------
Tu avais installé Antivir, au début, pourquoi l'avoir désinstaller au profit d'Avast! ?
Désinstalle correctement Avast!.
Avast! est, deloin ce que l'on fait de mieu en matière d'antivirus gratuit, Lis ce topic pour plus dinformations.
D'ou le fait que je te recommande vivement d'installer AntiVir.
Vérifie qu’il soit bien à jour ! Ouvre Antivir; va dans l'onglet Scanner, active la recherche de rootkits via le + de rootkit search, puis double clique sur Complete Syteme Scan, ce qui lancera le scan. Poste moi le rapport généré (qui se trouve dans l'onglet reports).
AIDE: Tutorial d'utilisation d'Antivir by Malekal
-->Message édité par BlackTig3r le 01/06/2008 08:47:10<--
|
|
|
|
|
Voici les rapports :
Combofix :
ComboFix 08-05-29.1 - Jérôme 2008-06-01 10:25:58.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1720 [GMT 2:00]
Endroit: C:\Users\Jérôme\Desktop\ComboFix.exe
Command switches used :: C:\Users\Jérôme\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\Windows\system32\efccbCtS.dll
C:\Windows\system32\oopmagentts.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\efccbCtS.dll
C:\Windows\system32\fhfxhxrr.dll
C:\Windows\system32\oopmagentts.exe
C:\Windows\System32\rrxhxfhf.ini
C:\Windows\System32\StCbccfe.ini
C:\Windows\System32\StCbccfe.ini2
C:\Windows\system32\ygjatebb.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 22:07 --------- d-----w C:\Program Files\Yahoo!
2008-05-31 22:05 --------- d-----w C:\ProgramData\Avira
2008-05-31 22:05 --------- d-----w C:\Program Files\Avira
2008-05-31 16:54 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-05-31 16:46 --------- d-----w C:\ProgramData\Grisoft
2008-05-31 16:37 --------- d-----w C:\Program Files\CCleaner
2008-05-31 15:10 --------- d-----w C:\ProgramData\Malwarebytes
2008-05-31 15:10 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 12:46 --------- d-----w C:\Program Files\Trend Micro
2008-05-31 08:29 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-05-30 05:32 --------- d-----w C:\Program Files\Google
2008-05- | | |
