Se connecter / S'enregistrer
Votre question

cherche averti pour aide rapport Hijack.

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
2 Octobre 2007 09:08:00

Bonjour,

Je précise qu'avant ce rapport Hijack, j'ai au préalable scanné et nettoyé avec a square et spybot S & D. Mes connexions dans les deux navigateurs que sont IE et FF échouent souvent, j'avoue ne pas comprendre d'où cela provient. J'ai souvent un message du type (INVALID VERB) ou bien encore la page affiche simplement le fav icon. Bref, ça chie. :whistle: 
Si une âme charitable voulait bien m'offrir son aide...
Merci d'avance, et longue vie à infos du net !

Logfile of HijackThis v1.99.1
Scan saved at 08:46:33, on 02/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...

Autres pages sur : cherche averti aide rapport hijack

3 Octobre 2007 12:03:58

voila, merci.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:03:26, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\BPFTP Server\G6FTPSrv.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\HTTP DL\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BF200BE-AB3D-4985-9CBC-82FBCC870554}: NameServer = 194.117.200.10,194.117.200.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BF200BE-AB3D-4985-9CBC-82FBCC870554}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 7132 bytes
Contenus similaires
3 Octobre 2007 16:47:52

Re

Poste aussi le résultat du scan d'Antivir.
3 Octobre 2007 18:58:56



AntiVir PersonalEdition Classic
Report file date: mercredi 3 octobre 2007 03:28

Scanning for 863147 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: TIM-REBOOT3

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55
ANTIVIR2.VDF : 7.0.0.32 315904 Bytes 28/09/2007 01:24:01
ANTIVIR3.VDF : 7.0.0.45 74240 Bytes 02/10/2007 01:24:01
AVEWIN32.DLL : 7.6.0.18 2810368 Bytes 03/10/2007 01:24:01
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: M:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 3 octobre 2007 03:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'ATKKBService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'VM305_STI.EXE' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
29 processes with 29 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'M:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '24' files ).


Starting the file scan:

Begin scan in 'C:\' <SYSTEME>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{C4EB0089-9399-4033-A159-E5D00B31B754}\RP225\A0033119.rbf
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4732f3f2.qua'!
C:\System Volume Information\_restore{C4EB0089-9399-4033-A159-E5D00B31B754}\RP225\A0033120.rbf
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4732f3f9.qua'!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <DATA>
D:\System Volume Information\_restore{517AA0B6-DF2D-4A00-A8AF-FCC04ADABFEE}\RP301\A0047493.exe
[DETECTION] Is the Trojan horse TR/Dldr.NewD.A.11.A
[INFO] The file was moved to '4732f831.qua'!
Begin scan in 'E:\' <PROG - DATA II>
E:\EMULE TEMP\065.part
[0] Archive type: ZIP
--> Setup.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Kapucen.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{C4EB0089-9399-4033-A159-E5D00B31B754}\RP223\A0033045.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '4732fdb3.qua'!
E:\System Volume Information\_restore{C4EB0089-9399-4033-A159-E5D00B31B754}\RP250\A0038408.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Kapucen.Gen
[INFO] The file was deleted!
Begin scan in 'M:\' <My Book>
M:\System Volume Information\_restore{C4EB0089-9399-4033-A159-E5D00B31B754}\RP215\A0030813.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4732fde3.qua'!
M:\System Volume Information\_restore{C4EB0089-9399-4033-A159-E5D00B31B754}\RP223\A0033044.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was deleted!
M:\System Volume Information\_restore{C4EB0089-9399-4033-A159-E5D00B31B754}\RP225\A0033287.exe
[DETECTION] Is the Trojan horse TR/Pakes.EDG
[INFO] The file was deleted!
M:\ALL IRC FILES\jeu mirc\WQuizz16.zip
[0] Archive type: ZIP
--> WQuizz.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Mirc.AB.1 Backdoor server programs
[WARNING] The file was ignored!
M:\ALL IRC FILES\jeu mirc\WQuizz16\WQuizz.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Mirc.AB.1 Backdoor server programs
[WARNING] The file was ignored!
M:\ALL IRC FILES\bot irc\PHeNo-SpeeD.rar
[0] Archive type: RAR
--> PHeNo-SpeeD\PHeNo-SpeeD.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Mirc.AB Backdoor server programs
[INFO] The file was deleted!
M:\ALL IRC FILES\bot irc\WQuizz16.zip
[0] Archive type: ZIP
--> WQuizz.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Mirc.AB.1 Backdoor server programs
[WARNING] The file was ignored!
M:\ALL IRC FILES\bot irc\PHeNo-SpeeD\PHeNo-SpeeD\PHeNo-SpeeD.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Mirc.AB Backdoor server programs
[INFO] The file was deleted!


End of the scan: mercredi 3 octobre 2007 05:54
Used time: 2:26:09 min

The scan has been done completely.
3 Octobre 2007 19:22:40

Re

Antivir a fait du ménage, mais pas de grosse infection.

Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse
4 Octobre 2007 18:33:20

RE, et merci pour ce coup de main :) 

ComboFix 07-10-04.6 - Samuel 2007-10-04 18:24:24.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1544 [GMT 2:00]
Running from: E:\HTTP DL\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

M:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\nm


((((((((((((((((((((((((((((( Fichiers créés 2007-09-04 to 2007-10-04 ))))))))))))))))))))))))))))))))))))
.

2007-10-04 18:23 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 12:26 <REP> d-------- C:\Program Files\Hijack This
2007-10-03 03:21 <REP> d-------- C:\Program Files\Avira
2007-10-03 03:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-02 05:48 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2007-10-02 04:37 <REP> d-------- C:\WINDOWS\system32\URTTemp
2007-10-01 12:25 <REP> d-------- C:\Documents and Settings\Samuel\Application Data\Help
2007-09-30 15:21 <REP> d-------- C:\Program Files\Fichiers communs\NSV
2007-09-30 04:09 <REP> d-------- C:\Program Files\BPFTP Server
2007-09-30 04:04 <REP> d-------- C:\Documents and Settings\Samuel\Application Data\BPFTP
2007-09-30 04:02 <REP> d-------- C:\Program Files\BPFTP
2007-09-25 01:10 <REP> d-------- C:\Games
2007-09-22 22:41 134,064 --a------ C:\WINDOWS\ColorPic Uninstaller.exe
2007-09-22 22:41 <REP> d-------- C:\Program Files\ColorPic 4
2007-09-22 19:13 <REP> d-------- C:\Documents and Settings\Samuel\Application Data\Ahead
2007-09-13 12:42 <REP> d-------- C:\Program Files\AndreaMosaic
2007-09-12 13:36 <REP> d-------- C:\Python25
2007-09-12 13:34 <REP> d-------- C:\Perl
2007-09-12 01:43 <REP> d-------- C:\Documents and Settings\Samuel\Application Data\dvdcss
2007-09-12 01:14 <REP> d--h----- C:\Documents and Settings\Samuel\InstallAnywhere
2007-09-10 13:35 <REP> d-------- C:\Program Files\X-Fonter
2007-09-10 02:37 <REP> d-------- C:\Documents and Settings\Samuel\Application Data\Cycling '74
2007-09-09 18:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Resolume 2.4
2007-09-09 17:58 <REP> d-------- C:\Documents and Settings\Samuel\G-Force
2007-09-09 17:58 <REP> d-------- C:\Documents and Settings\Samuel\Application Data\G-Force
2007-09-09 17:57 <REP> d-------- C:\Program Files\SoundSpectrum
2007-09-08 03:50 279 --a------ C:\WINDOWS\PowerReg.dat
2007-09-08 03:50 <REP> d-------- C:\WINDOWS\Corel
2007-09-07 20:24 <REP> d-------- C:\Program Files\Skype
2007-09-07 20:24 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-09-07 20:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2007-09-06 00:53 299,008 --a------ C:\WINDOWS\uninst.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 18:48 --------- d-------- C:\Program Files\mIRC
2007-10-03 14:23 --------- d-------- C:\Program Files\eMule
2007-10-02 19:06 --------- d-------- C:\Program Files\Soulseek
2007-10-02 10:27 --------- d-------- C:\Program Files\FlashFXP
2007-10-02 09:40 --------- d-------- C:\Documents and Settings\Samuel\Application Data\XnView
2007-10-02 08:08 --------- d-------- C:\Program Files\SpywareBlaster
2007-10-02 07:24 --------- d-------- C:\Program Files\a-squared Free
2007-10-02 06:38 --------- d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-27 00:09 --------- d-------- C:\Documents and Settings\Samuel\Application Data\OpenOffice.org2
2007-09-26 18:14 --------- d-------- C:\Documents and Settings\Samuel\Application Data\X-Chat 2
2007-09-22 02:15 4067 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-09-19 22:59 --------- d-------- C:\Documents and Settings\Samuel\Application Data\uTorrent
2007-09-18 00:24 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-12 17:12 --------- d-------- C:\Program Files\Winamp
2007-09-10 00:34 24632 --a------ C:\Program Files\Fichiers communs\security
2007-09-09 23:23 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-09-08 13:54 --------- d-------- C:\Documents and Settings\Samuel\Application Data\Skype
2007-09-06 23:11 12464 --a------ C:\WINDOWS\system32\drivers\secdrv.sys
2007-09-03 09:26 --------- d-------- C:\Program Files\OpenOffice.org 2.2
2007-09-03 00:14 --------- d-------- C:\Program Files\mIRCstats 1.19-IA
2007-09-03 00:11 --------- d-------- C:\Program Files\KDXClient1600-Win
2007-09-02 12:06 --------- d-------- C:\Program Files\SftpDrive
2007-09-02 04:53 1585664 --a------ C:\Program Files\siw.exe
2007-09-02 00:42 --------- d-------- C:\Program Files\xchat
2007-08-31 19:36 --------- d-------- C:\Program Files\Lavasoft
2007-08-31 19:00 --------- d-------- C:\Program Files\CCleaner
2007-08-30 01:29 --------- d-------- C:\Documents and Settings\Samuel\Application Data\Talkback
2007-08-30 01:26 --------- d-------- C:\Documents and Settings\Samuel\Application Data\Google
2007-08-29 22:24 --------- d-------- C:\Documents and Settings\Samuel\Application Data\Sonic Foundry
2007-08-29 18:54 --------- d-------- C:\Program Files\Mozilla Thunderbird
2007-08-29 18:54 --------- d-------- C:\Documents and Settings\Samuel\Application Data\Thunderbird
2007-08-29 18:53 --------- d-------- C:\Program Files\XnView
2007-08-29 00:15 --------- d-------- C:\Program Files\uTorrent
2007-08-28 04:01 --------- d-------- C:\Documents and Settings\Samuel\Application Data\gtopala
2007-08-28 02:33 --------- d-------- C:\Documents and Settings\Samuel\Application Data\U3
2007-08-26 18:30 --------- d-------- C:\Program Files\Western Digital Technologies
2007-08-09 19:15 --------- d-------- C:\Program Files\AGEIA Technologies
2007-08-07 13:58 --------- d-------- C:\Program Files\Fichiers communs\iZotope
2007-08-07 13:49 --------- d-------- C:\Program Files\Spectrasonics
2007-08-07 13:45 --------- d-------- C:\Program Files\Propellerhead
2007-08-07 13:16 --------- d-------- C:\Program Files\Common Files
2007-08-07 06:01 0 --a------ C:\DMguard.dll
2007-08-06 22:27 --------- d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-08-06 22:09 --------- d-------- C:\Program Files\Bonjour
2007-08-06 22:06 --------- d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2007-08-06 21:52 --------- d-------- C:\Program Files\MSN Messenger
2007-07-31 15:45 13824 --a------ C:\WINDOWS\system32\SftpDriveNP.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-27 23:18 82944 --a------ C:\WINDOWS\system32\usbmn1x1.dll
2007-07-21 00:19 454656 --a------ C:\Program Files\putty.exe
2007-07-11 01:32 606848 --a------ C:\WINDOWS\flashax.exe
2007-07-11 01:32 194560 --a------ C:\WINDOWS\ASUS_Ai_Proactive_Screensaver (E).scr
2007-07-11 01:32 12288 --a------ C:\WINDOWS\impborl.dll
--------- C:\Program Files\Hijackthis Version Française
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-12-09 21:06]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-12-09 21:06]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"BigDog305"="C:\WINDOWS\VM305_STI.exe" [2005-08-05 17:15]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys
R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys
R1 SftpDrive;SftpDrive;C:\WINDOWS\system32\DRIVERS\SftpDrive.sys
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys
R3 USBMN1X1;USB Midi 1x1;C:\WINDOWS\system32\drivers\usbmn1x1.sys
R3 ZSMC0305;VIMICRO USB PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys
S3 USB11LDR;USB Midi 1x1 Loader;C:\WINDOWS\system32\drivers\usb11ldr.sys
S3 USBMM1X1;Midiman USB MidiSport 1x1 Midi Driver;C:\WINDOWS\system32\drivers\usbmm1x1.sys

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-10-01 11:24:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-04 18:29:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-04 18:30:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-04 18:30
.
--- E O F ---

Il n'y a posteriori pas de rootkit, ça déjà, ça me soulage... mais j'ai toujours le même problème au niveau de la navigation.
Soit cela provient de mon provider
Soit des blocages ou conflits provoqué par spyware blaster/ spybot S & D
Soit une merde avec sp2, car je n'avais pas ce problème avec sp1

Je pense sérieusement a reinstaller windows, mais je devrais avant elucider le mystère qui plane quant aux responsabilités de mon FAI... J'aimerais aussi être fixé sur la réelle utilité de sp2...

Edit : Votre Bande Passante 8093.063 Kbps (1011.633 Ko/sec)

ça me parait conforme.
4 Octobre 2007 21:34:41

Bonjour

Le SP2 corrige de nombreuses failles de sécurité de Windows.

Je ne vois pas ce qui peut provoquer ces dysfonctionnements.

Va sur la section Internet & Réseaux, tu auras plus de réponses.
4 Octobre 2007 23:39:56

Bonsoir,

C'est entendu, je vais donc zieuter dans ce coin.

J'aimerais trouvé le problème, j'en tirerais des plus enseignements qu'en reinstallant...
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS