Bibou Le Forum
Portail sur la sécurité
 
PortailAccueilRechercherS'enregistrerMembresGroupesConnexion

Partagez | 
 

 est ce que j'ai des virus

Voir le sujet précédent Voir le sujet suivant Aller en bas 
AuteurMessage
miss anime
bibounet
bibounet


Masculin
Nombre de messages : 4
Age : 33
Localisation : 191283
Date d'inscription : 10/11/2008

MessageSujet: est ce que j'ai des virus   Lun 10 Nov 2008 - 14:40

bonjour
voile les rapport de mon ordi
HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:28:12, on 10/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\crystal\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC410779-2383-43F0-9557-42D4F0C862FC}: NameServer = 212.217.0.1 212.217.0.12
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Uninterruptible Power Supply (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 2860 bytes
..........................
Revenir en haut Aller en bas
miss anime
bibounet
bibounet


Masculin
Nombre de messages : 4
Age : 33
Localisation : 191283
Date d'inscription : 10/11/2008

MessageSujet: Re: est ce que j'ai des virus   Lun 10 Nov 2008 - 14:47

ComboFix

ComboFix 08-11-09.03 - crystal 2008-11-10 11:52:28.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1256.1.1033.18.963 [GMT 0:00]
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 25600 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\1doc2pdf.dll
c:\documents and settings\crystal\err.log
c:\documents and settings\crystal\ResErrors.log
c:\program files\Internet Explorer\setupapi.dll
c:\program files\Microsoft Common
c:\program files\Microsoft Common\wuauclt.exe
c:\program files\Mozilla Firefox\setupapi.dll
c:\windows\BM2fe95b04.txt
c:\windows\BM2fe95b04.xml
c:\windows\IE4 Error Log.txt
c:\windows\mrofinu1535.exe
c:\windows\sysin.scr
c:\windows\system32\47246.exe
c:\windows\system32\9.tmp
c:\windows\system32\abrebyng.ini
c:\windows\system32\adult.txt
c:\windows\system32\amxqhjta.ini
c:\windows\system32\anvrurug.ini
c:\windows\system32\apmeecrp.ini
c:\windows\system32\asrydqab.ini
c:\windows\system32\avprccaw.ini
c:\windows\system32\avvnaote.ini
c:\windows\system32\bdcaenhf.ini
c:\windows\system32\betcdgpo.ini
c:\windows\system32\bgmpevan.ini
c:\windows\system32\biieiuks.ini
c:\windows\system32\binpbxrc.ini
c:\windows\system32\biqqtyhb.ini
c:\windows\system32\bjbrjcal.ini
c:\windows\system32\blphcc4lj0eldn.scr
c:\windows\system32\bmsstfyd.ini
c:\windows\system32\bmxqflcu.ini
c:\windows\system32\bscgrrck.ini
c:\windows\system32\bvpiukdi.ini
c:\windows\system32\CbEvtSvc.exe
c:\windows\system32\cejaunuh.ini
c:\windows\system32\cenvasst.ini
c:\windows\system32\cgencrap.ini
c:\windows\system32\cgnhdgup.ini
c:\windows\system32\cisyxakd.ini
c:\windows\system32\cpitulcg.ini
c:\windows\system32\cvugsvov.ini
c:\windows\system32\cyrasbmb.ini
c:\windows\system32\dcdmtvji.ini
c:\windows\system32\djeryavx.ini
c:\windows\system32\drivers\ati7pkxx.sys
c:\windows\system32\dtpvbgcf.ini
c:\windows\system32\eddcnejq.ini
c:\windows\system32\eocolpng.ini
c:\windows\system32\exsidyev.ini
c:\windows\system32\eyunlqec.ini
c:\windows\system32\ffxukduc.ini
c:\windows\system32\fhqnynhr.ini
c:\windows\system32\fiflnrtj.ini
c:\windows\system32\finance.txt
c:\windows\system32\fjthlymv.ini
c:\windows\system32\fwhfteda.ini
c:\windows\system32\gacvguuu.ini
c:\windows\system32\gauhkgpy.ini
c:\windows\system32\ghtdmuxg.ini
c:\windows\system32\gjknglsd.ini
c:\windows\system32\gpskjnvr.ini
c:\windows\system32\gpsqogom.ini
c:\windows\system32\gyqvcyel.ini
c:\windows\system32\hakdeggy.ini
c:\windows\system32\hibwljgs.ini
c:\windows\system32\hopicmgp.ini
c:\windows\system32\huejxjdn.ini
c:\windows\system32\huemupkj.ini
c:\windows\system32\huyguhfw.ini
c:\windows\system32\hviekcil.ini
c:\windows\system32\iayrfmnu.ini
c:\windows\system32\ibqihyjl.ini
c:\windows\system32\icyucawl.ini
c:\windows\system32\idddjrsk.ini
c:\windows\system32\ihuefxdi.ini
c:\windows\system32\iianxypo.ini
c:\windows\system32\iijxoidy.ini
c:\windows\system32\ijllm.bak1
c:\windows\system32\ijllm.ini
c:\windows\system32\ijllm.ini2
c:\windows\system32\ijllm.tmp
c:\windows\system32\inqpepjg.ini
c:\windows\system32\ipajyfvs.ini
c:\windows\system32\iruefvbt.ini
c:\windows\system32\itopkkvr.ini
c:\windows\system32\iymmqhyt.ini
c:\windows\system32\iymnqqyd.ini
c:\windows\system32\jqkrimak.ini
c:\windows\system32\jxucslyl.ini
c:\windows\system32\kdaumheg.ini
c:\windows\system32\kdtfjhbh.ini
c:\windows\system32\khwdtlvp.ini
c:\windows\system32\kikkcqnh.ini
c:\windows\system32\kirrkwnr.ini
c:\windows\system32\kkfjwdah.ini
c:\windows\system32\klkxugss.ini
c:\windows\system32\kofhfjas.ini
c:\windows\system32\kuoxmnxk.ini
c:\windows\system32\kvkqfmlg.ini
c:\windows\system32\kwghbxtl.ini
c:\windows\system32\lgrwhpme.ini
c:\windows\system32\ljevfpkm.ini
c:\windows\system32\lkhnsgnt.ini
c:\windows\system32\lknkycso.ini
c:\windows\system32\lnftocby.ini
c:\windows\system32\lphcc4lj0eldn.exe
c:\windows\system32\lt.res
c:\windows\system32\lycwhnbb.ini
c:\windows\system32\lyxkghfj.ini
c:\windows\system32\mehrqjht.ini
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\mkuqyhvt.ini
c:\windows\system32\motdbtbl.ini
c:\windows\system32\mpfnkjad.ini
c:\windows\system32\mtvhrues.ini
c:\windows\system32\ncljynpc.ini
c:\windows\system32\nddkkurc.ini
c:\windows\system32\nledxveq.ini
c:\windows\system32\nvooinph.ini
c:\windows\system32\nvooinph.ini2
c:\windows\system32\omlhjkqd.ini
c:\windows\system32\optaowbr.ini
c:\windows\system32\orhxvyeu.ini
c:\windows\system32\other.txt
c:\windows\system32\oyahgcmb.ini
c:\windows\system32\pharma.txt
c:\windows\system32\phcc4lj0eldn.bmp
c:\windows\system32\piagjfnl.ini
c:\windows\system32\pjvuwybg.ini
c:\windows\system32\pkivtcop.ini
c:\windows\system32\pnraskdd.ini
c:\windows\system32\pofyfobu.ini
c:\windows\system32\pqhpvngn.ini
c:\windows\system32\psyche.exe
c:\windows\system32\PsycheEnqueue.exe
c:\windows\system32\puwrwdsh.ini
c:\windows\system32\pygosxsp.ini
c:\windows\system32\qbagmcvh.ini
c:\windows\system32\qbbvsiyd.ini
c:\windows\system32\qgtrplbo.ini
c:\windows\system32\qmrjiptu.ini
c:\windows\system32\qnudkfeq.ini
c:\windows\system32\qoegmvxj.ini
c:\windows\system32\qryyuovn.ini
c:\windows\system32\qsrxcmdo.ini
c:\windows\system32\qvuovgbm.ini
c:\windows\system32\qyvmoncf.ini
c:\windows\system32\ragnmxfh.ini
c:\windows\system32\rdejkmwd.ini
c:\windows\system32\repgqyua.ini
c:\windows\system32\rixixutm.ini
c:\windows\system32\rlertggl.ini
c:\windows\system32\rofdaxbx.ini
c:\windows\system32\rojthbfg.ini
c:\windows\system32\rtcbbvxj.ini
c:\windows\system32\rwqlhepp.ini
c:\windows\system32\sehmntqh.ini
c:\windows\system32\sfhpvcxl.ini
c:\windows\system32\sft.res
c:\windows\system32\sifmhvyj.ini
c:\windows\system32\slitfrxc.ini
c:\windows\system32\sn.txt
c:\windows\system32\sncgvpat.ini
c:\windows\system32\ssohjiqn.ini
c:\windows\system32\ssorabdj.ini
c:\windows\system32\steqnrnw.ini
c:\windows\system32\sxmg4.dll
c:\windows\system32\tciyvwxq.ini
c:\windows\system32\tcvvywgi.ini
c:\windows\system32\teegpiot.ini
c:\windows\system32\tmjtgxcs.ini
c:\windows\system32\tmkogmqy.ini
c:\windows\system32\tmmmmcpe.ini
c:\windows\system32\todoxyvw.ini
c:\windows\system32\totpudau.ini
c:\windows\system32\tqfnwxwp.dll
c:\windows\system32\tqfnwxwp32.dll
c:\windows\system32\txavfmxs.ini
c:\windows\system32\ugiomfhg.ini
c:\windows\system32\uhdhdjfk.ini
c:\windows\system32\uickqnli.ini
c:\windows\system32\uihipkbs.ini
c:\windows\system32\umfcjxvc.ini
c:\windows\system32\uwimiwib.ini
c:\windows\system32\uyikksjh.ini
c:\windows\system32\vhtravcf.ini
c:\windows\system32\vinhfmfq.ini
c:\windows\system32\vmuejpaj.ini
c:\windows\system32\vommytid.ini
c:\windows\system32\vqakkkdp.ini
c:\windows\system32\wbfvrgiv.ini
c:\windows\system32\wdytkgao.ini
c:\windows\system32\wevmujbv.ini
c:\windows\system32\wfgxwpor.ini
c:\windows\system32\whomitwg.ini
c:\windows\system32\wjcqlhds.ini
c:\windows\system32\wlxaxpgs.ini
c:\windows\system32\wneehmdx.ini
c:\windows\system32\woliaxru.ini
c:\windows\system32\wopkjyla.ini
c:\windows\system32\wsflrnis.ini
c:\windows\system32\wyclklyc.ini
c:\windows\system32\xcpcnxqy.ini
c:\windows\system32\xhtmsayy.ini
c:\windows\system32\xrakpgom.ini
c:\windows\system32\xseefwli.ini
c:\windows\system32\xwxpalcv.ini
c:\windows\system32\ynwjamri.ini
c:\windows\system32\yobydxmh.ini
c:\windows\system32\yqppelrw.ini
c:\windows\system32\yssfclls.ini
c:\windows\system32\yxofoohc.ini
....
Revenir en haut Aller en bas
miss anime
bibounet
bibounet


Masculin
Nombre de messages : 4
Age : 33
Localisation : 191283
Date d'inscription : 10/11/2008

MessageSujet: Re: est ce que j'ai des virus   Lun 10 Nov 2008 - 14:47

la suite de rapport combofix....

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_Psyche
-------\Legacy_PsycheEnqueue
-------\Legacy_ATI7PKXX
-------\Legacy_CBEVTSVC
-------\Legacy_FCI
-------\Legacy_ICF
-------\Legacy_R_SERVER
-------\Legacy_SERV-U
-------\Legacy_TCPSR
-------\Service_ati7pkxx
-------\Service_FCI
-------\Service_ICF
-------\Service_r_server
-------\Service_Serv-U


((((((((((((((((((((((((( Files Created from 2008-10-10 to 2008-11-10 )))))))))))))))))))))))))))))))
.

2008-11-10 00:54 . 2008-11-10 11:08 16,451 --a--c--- c:\windows\gmail.com-error.html
2008-11-10 00:54 . 2008-11-10 11:08 6,182 --a--c--- c:\windows\live.com-error.html
2008-11-10 00:54 . 2008-11-10 11:08 5,596 --a--c--- c:\windows\aol.com-error.html
2008-11-10 00:54 . 2008-11-10 11:08 3,696 --a--c--- c:\windows\google.com-error.html
2008-11-10 00:54 . 2008-11-10 11:08 1,997 --a--c--- c:\windows\search.yahoo.com-error.html
2008-11-01 14:12 . 2008-11-01 14:16 556 --a--c--- c:\windows\eReg.dat
2008-11-01 00:58 . 2008-11-01 00:58 d----c--- c:\program files\EA GAMES
2008-10-25 13:50 . 2008-10-25 13:50 54,156 --ah-c--- c:\windows\QTFont.qfn
2008-10-25 13:50 . 2008-10-25 13:50 1,409 --a--c--- c:\windows\QTFont.for
2008-10-24 12:21 . 2008-10-24 12:21 2,275,840 --a--c--- c:\windows\system32\TUKernel.exe
2008-10-22 21:44 . 2008-10-22 21:44 189,796 --ah-c--- c:\windows\system32\mlfcache.dat
2008-10-22 21:39 . 2008-10-22 21:39 d----c--- c:\program files\Common Files\Adobe AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-10 03:08 --------- dc----w c:\program files\XoftSpySE
2008-11-10 00:56 --------- dc----w c:\program files\Opera
2008-11-09 14:21 --------- dc----w c:\program files\Internet Download Manager
2008-10-25 18:23 90,112 ----a-w c:\windows\DUMPed7c.tmp
2008-10-24 12:00 --------- dc----w c:\program files\nLite
2008-10-24 01:25 90,112 ----a-w c:\windows\DUMPe493.tmp
2008-10-22 00:13 90,112 ----a-w c:\windows\DUMP9124.tmp
2008-10-20 23:32 90,112 ----a-w c:\windows\DUMPa095.tmp
2008-10-17 22:38 --------- dc----w c:\program files\PDF Editeur 2
2008-10-12 22:47 90,112 ----a-w c:\windows\DUMP9de5.tmp
2008-10-09 21:12 --------- dc----w c:\program files\Labtec
2008-10-09 21:12 --------- dc----w c:\program files\Common Files\LogiShrd
2008-10-09 21:12 --------- dc----w c:\program files\Common Files\Labtec
2008-10-09 00:00 --------- dc----w c:\program files\NATATA eBook Compiler Gold
2008-10-08 23:43 --------- dc----w c:\program files\eBook Workshop
2008-10-07 14:59 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-09-23 20:34 32,768 -c-h--w c:\windows\system32\config\systemprofile\uvqoc.exe
2008-09-18 13:54 --------- dc----w c:\program files\SAMSUNG Corporation
2008-08-17 02:22 90,112 ----a-w c:\windows\DUMPe4b2.tmp
2008-08-11 01:03 90,112 ----a-w c:\windows\DUMP11be.tmp
2004-10-01 12:00 40,960 -c--a-w c:\program files\Uninstall_CDS.exe
2008-02-24 20:01 8,096 -csha-w c:\windows\system32\SiLeNtt\klog.dat
.

------- Sigcheck -------

2006-12-07 02:11 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\system32\spoolsv.exe

2006-12-07 02:12 295424 c29a5286e64d97385178452d5f307b98 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCloseDragDropBands"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)
"NoLogOff"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoFavoritesMenu"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Pinnacle PCTV Scheduler.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Pinnacle PCTV Scheduler.lnk
backup=c:\windows\pss\Pinnacle PCTV Scheduler.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
backup=c:\windows\pss\SnagIt 8.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^crystal^Start Menu^Programs^Startup^Registration-PCTV Sat.lnk]
path=c:\documents and settings\crystal\Start Menu\Programs\Startup\Registration-PCTV Sat.lnk
backup=c:\windows\pss\Registration-PCTV Sat.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 08:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a--c--- 2004-03-10 13:26 406016 c:\windows\system32\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-02-16 07:54 282624 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
-----c--- 2004-11-02 17:24 32768 c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-24 23:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\adiras]
--a--c--- 2005-05-03 12:57 143360 c:\windows\adiras.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\autoclk]
--a--c--- 2005-07-21 10:34 143360 c:\windows\autoclk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\config\\systemprofile\\uvqoc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:@xpsp2res.dll,-22004

R2 UxTuneUp;TuneUp Design Expansion;c:\windows\System32\svchost.exe [2008-11-10 14336]
R3 pctvvbi;PCTVVBI;c:\windows\system32\DRIVERS\pctvvbi.sys [2002-11-11 6400]
R3 qcusbser;Mobile Connector USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\cmusbser.sys [2007-10-16 97408]
S2 DIG_TS;Pinnacle PCTV Sat TS;c:\windows\system32\DRIVERS\dig_ts.sys [2003-02-04 17664]
S2 DIG_V;Pinnacle PCTV Sat Analog;c:\windows\system32\drivers\dig_v.sys [2003-05-13 125568]
S3 ALI5261;ALi Based Ethernet NT Driver;c:\windows\system32\DRIVERS\ALI5261.SYS [2001-08-17 27678]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - f:\.\ShowModem.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d10d2b8d-385d-11dc-8d88-4d6564696130}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

*Newly Created Service* - HELPSVC

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A744F16C-B2D5-4138-81A2-085CDFCDE83A}]
rundll32 sxmg4.dll,InitModule
.
Contents of the 'Scheduled Tasks' folder

2008-11-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2006-10-05 13:09]

2008-11-10 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-11-10 03:08]

2007-05-16 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2008-11-10 03:08]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-2cda6898 - c:\windows\system32\moefltss.dll
MSConfigStartUp-ASUS Probe - c:\program files\ASUS\Probe\AsusProb.exe
MSConfigStartUp-AVP - c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
MSConfigStartUp-BM2fe95b04 - c:\windows\system32\pdqbjrcq.dll
MSConfigStartUp-CursorXP - c:\program files\CursorXP\CursorXP.exe
MSConfigStartUp-GPLv3 - c:\windows\system32\ueyvxhro.dll
MSConfigStartUp-LBTWiz - c:\windows\LBTWiz.exe
MSConfigStartUp-Salestart - c:\program files\Common Files\DriveCleaner Free\dcsm.exe
MSConfigStartUp-SystemOptimizer - c:\windows\system32\wfhugyuh.dll
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\crystal\Application Data\Mozilla\Firefox\Profiles\wnv7ts8e.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.co.ma/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-10 11:59:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-11-10 12:09:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-10 12:08:52

Pre-Run: 422,121,472 bytes free
Post-Run: 229,806,080 bytes free

448
.....................
Revenir en haut Aller en bas
miss anime
bibounet
bibounet


Masculin
Nombre de messages : 4
Age : 33
Localisation : 191283
Date d'inscription : 10/11/2008

MessageSujet: Re: est ce que j'ai des virus   Lun 10 Nov 2008 - 14:48

SmitFraudFix

SmitFraudFix v2.373

Scan done at 12:16:08,34, 10/11/2008
Run from C:\Documents and Settings\crystal\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HSDPA USB MODEM\USB Modem.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\crystal\Desktop\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\crystal


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\crystal\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\crystal\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\crystal\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

De--xx--ion: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.217.0.1
DNS Server Search Order: 212.217.0.12

HKLM\SYSTEM\CCS\Services\Tcpip\..\{FC410779-2383-43F0-9557-42D4F0C862FC}: NameServer=212.217.0.1 212.217.0.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{FC410779-2383-43F0-9557-42D4F0C862FC}: NameServer=212.217.0.1 212.217.0.12


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

..................
Revenir en haut Aller en bas
arctarus
Bibou de bronze
Bibou de bronze


Masculin
Nombre de messages : 2788
Age : 39
Localisation : vogue et vous surveille !
Humeur : content
Date d'inscription : 14/05/2008

MessageSujet: Re: est ce que j'ai des virus   Mar 11 Nov 2008 - 7:14

salut tu utilise des log que tu connais pas!

un scan en ligne aurait suffit!
Revenir en haut Aller en bas
Contenu sponsorisé




MessageSujet: Re: est ce que j'ai des virus   

Revenir en haut Aller en bas
 
est ce que j'ai des virus
Voir le sujet précédent Voir le sujet suivant Revenir en haut 
Page 1 sur 1
 Sujets similaires
-
» [résolu]Antivir me signale sans arrêt que j'ai un virus quand j'utilise firefox
» [Résolu] Virus : Win32 - Jeefo
» virus msn facebook
» Nouveau virus : Win32.Induc.A. Surveillez vos logiciels !
» [Fermé] Virus

Permission de ce forum:Vous ne pouvez pas répondre aux sujets dans ce forum
Bibou le forum :: 
La sécurité
 :: Aide à la désinfection :: Sujets résolus ou anciens
-
Sauter vers: