Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Winjpg.jpg et win.exe j'en ai marre

Dernière réponse le 1 jun 2009 à 15:29:15 fa5fou5, le 13 avr 2009 à 21:48:10

Signaler ce message aux modérateurs

Bonjour,
mon ordinateur a été affecté par un virus un trojan plutôt (je ne suis pas expert dans le domaine).==> ni le gestionnaire des taches ni le fenetre des commandes marchent.
Je lui ai fait une analyse par Hijackthis et en voici le rapport 1
après je lui ai fait une analyse par le combofix (il est fort celui la) et je croix qu'il les a restitué et en voici le rapport 2 mais je soupçonne que le virus winjpg.jpg existe encore (O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg -----extrait du rapport 3)
et enfin un autre rapport avec le hijackthis rapport 3

Alors les experts qu'en dites vous?
merci bien

-------------------------------rapport 1 -------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:59:01, on 13/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rachid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\wscript.exe
C:\WINDOWS\system32\cmd.execf
C:\32788R22FWJFW\NirCmd.cfexe
C:\Documents and Settings\Rachid\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freewebtown.com/blackooh/BlaCk-TiMeind3x.html.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = .-~= Hacked by x4x =~-.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [regdiit] C:\WINDOWS\system32\win.exe
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\R\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
End of file - 5587 bytes
---------------------------------------------------------------------------------------------------------
-------------------------------------------rapport2-------------------------------------
ComboFix 09-04-13.A2 - Rachid 2009-04-13 21:16.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511.273 [GMT 2:00]
Lancé depuis: c:\documents and settings\R\Bureau\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated)
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\docume~1\Rachid\LOCALS~1\Temp\install_flash_player.exe
c:\windows\system32\e100bmsg.dll
D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-13 au 2009-04-13 ))))))))))))))))))))))))))))))))))))
.

2009-04-13 09:26 . 2009-04-13 19:16 93508 --sha-r C:\winfile.jpg
2009-04-13 09:26 . 2009-04-13 19:00 93508 --sha-r c:\windows\system32\winjpg.jpg
2009-04-13 08:20 . 2004-08-03 21:08 26496 -c--a-w c:\windows\system32\dllcache\usbstor.sys
2009-04-13 07:56 . 2009-04-13 08:04 -------- d-----w c:\windows\SHELLNEW
2009-04-13 07:54 . 2009-04-13 07:54 -------- d--h--r C:\MSOCache
2009-04-12 20:41 . 2009-04-12 22:39 -------- d-----w c:\windows\system32\CatRoot_bak
2009-04-12 12:56 . 2009-04-12 12:56 -------- d-----w c:\documents and settings\R\Local Settings\Application Data\Microsoft Help
2009-04-12 12:56 . 2009-04-13 08:09 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-12 12:19 . 2008-06-14 17:59 272768 -c----w c:\windows\system32\dllcache\bthport.sys
2009-04-12 12:19 . 2008-06-14 17:59 272768 ------w c:\windows\system32\drivers\bthport.sys
2009-04-12 12:12 . 2009-04-12 12:12 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-04-12 12:11 . 2008-08-14 13:44 2138112 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-12 12:11 . 2008-08-14 13:44 2059776 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-12 12:11 . 2008-08-14 13:44 2182400 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-12 12:11 . 2008-08-14 13:44 2017792 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-12 12:07 . 2008-10-24 11:10 453632 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-04-12 09:28 . 2009-04-12 23:20 -------- d--h--w c:\windows\$hf_mig$
2009-04-11 21:19 . 2009-04-11 21:19 25 ----a-w c:\windows\cdplayer.ini
2009-04-11 21:15 . 2009-04-11 21:15 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-04-11 18:21 . 2009-04-11 18:21 -------- d-----w c:\documents and settings\R\Application Data\SolidWorksNewsReader
2009-04-11 18:19 . 2009-04-13 09:08 -------- d-----w c:\documents and settings\R\Application Data\SolidWorks
2009-04-11 16:18 . 2009-04-11 16:18 26 ----a-w C:\register.js
2009-04-11 14:47 . 2009-04-11 14:47 -------- d-----w c:\documents and settings\R\Application Data\Foxit
2009-04-11 14:32 . 2009-04-11 14:32 -------- d-s---w c:\documents and settings\R\UserData
2009-04-11 14:24 . 2004-08-19 14:10 28672 -c--a-w c:\windows\system32\dllcache\vidcap.ax
2009-04-11 14:24 . 2004-08-19 14:10 28672 ----a-w c:\windows\system32\vidcap.ax
2009-04-11 14:24 . 2004-08-19 14:10 91648 -c--a-w c:\windows\system32\dllcache\kswdmcap.ax
2009-04-11 14:24 . 2004-08-19 14:10 91648 ----a-w c:\windows\system32\kswdmcap.ax
2009-04-11 14:24 . 2004-08-19 14:10 61952 -c--a-w c:\windows\system32\dllcache\kstvtune.ax
2009-04-11 14:24 . 2004-08-19 14:10 61952 ----a-w c:\windows\system32\kstvtune.ax
2009-04-11 14:24 . 2004-08-19 14:09 54784 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-04-11 14:24 . 2004-08-19 14:09 54784 ----a-w c:\windows\system32\vfwwdm32.dll
2009-04-11 14:24 . 2004-08-19 14:10 43008 -c--a-w c:\windows\system32\dllcache\ksxbar.ax
2009-04-11 14:24 . 2004-08-19 14:10 43008 ----a-w c:\windows\system32\ksxbar.ax
2009-04-11 14:23 . 2004-08-03 21:07 6400 -c--a-w c:\windows\system32\dllcache\splitter.sys
2009-04-11 14:23 . 2004-08-03 21:07 6400 ----a-w c:\windows\system32\drivers\splitter.sys
2009-04-11 14:23 . 2004-08-03 21:15 82944 -c--a-w c:\windows\system32\dllcache\wdmaud.sys
2009-04-11 14:23 . 2004-08-03 21:15 82944 ----a-w c:\windows\system32\drivers\wdmaud.sys
2009-04-11 14:21 . 2004-08-19 14:09 4096 -c--a-w c:\windows\system32\dllcache\ksuser.dll
2009-04-11 14:21 . 2004-08-19 14:09 4096 ----a-w c:\windows\system32\ksuser.dll
2009-04-11 14:21 . 2004-08-03 21:08 60288 -c--a-w c:\windows\system32\dllcache\drmk.sys
2009-04-11 14:21 . 2004-08-03 21:08 60288 ----a-w c:\windows\system32\drivers\drmk.sys
2009-04-11 14:21 . 2004-08-19 14:10 130048 -c--a-w c:\windows\system32\dllcache\ksproxy.ax
2009-04-11 14:21 . 2004-08-19 14:10 130048 ----a-w c:\windows\system32\ksproxy.ax
2009-04-11 14:21 . 2003-07-17 16:19 230416 ----a-w c:\windows\system32\drivers\stac97.sys
2009-04-11 14:17 . 2002-10-16 07:29 49152 ----a-w c:\windows\amcap.exe
2009-04-11 14:17 . 2003-05-15 15:17 61440 ----a-w c:\windows\system32\VM31bSTI.dll
2009-04-11 14:17 . 2003-01-21 13:19 40960 ----a-w c:\windows\VM_STI.EXE
2009-04-11 14:17 . 2000-10-31 10:00 307200 ----a-w c:\windows\vidcap32.Exe
2009-04-11 14:17 . 2009-04-11 14:17 -------- d-----w c:\windows\CatRoot
2009-04-11 14:17 . 2004-03-22 14:22 90559 ----a-w c:\windows\system32\drivers\usbVM31b.sys
2009-04-11 14:17 . 2003-07-11 09:12 159799 ----a-w c:\windows\system32\VM31bPrp.Ax
2009-04-11 14:17 . 2002-08-22 15:02 53248 ----a-w c:\windows\StillCap.exe
2009-04-11 14:17 . 2002-08-22 14:34 147456 ----a-w c:\windows\VMCap.exe
2009-04-11 13:57 . 2009-04-13 19:00 -------- d-----w c:\documents and settings\Rachid\Tracing
2009-04-11 13:02 . 2004-06-28 09:40 1171456 ----a-w c:\windows\system32\TPwrSave.cpl
2009-04-11 13:02 . 2004-06-28 09:39 266240 ----a-w c:\windows\system32\TPSMain.exe
2009-04-11 13:02 . 2004-06-28 09:39 45056 ----a-w c:\windows\system32\TPwrCfg.dll
2009-04-11 13:02 . 2004-06-28 09:39 40960 ----a-w c:\windows\system32\TPSAddin.dll
2009-04-11 13:02 . 2004-06-28 09:39 49152 ----a-w c:\windows\system32\TPSDel.dll
2009-04-11 13:02 . 2004-06-28 09:39 40960 ----a-w c:\windows\system32\TPSMainCtl.dll
2009-04-11 13:02 . 2004-06-28 09:39 86016 ----a-w c:\windows\system32\CpuPerf.dll
2009-04-11 13:02 . 2004-06-28 09:39 40960 ----a-w c:\windows\system32\TPSBattM.exe
2009-04-11 13:02 . 2004-06-28 09:39 49152 ----a-w c:\windows\system32\TPSTrace.dll
2009-04-11 13:02 . 2004-06-28 09:39 77824 ----a-w c:\windows\system32\TPwrReg.dll
2009-04-11 13:02 . 2009-04-11 13:02 -------- d-----w c:\documents and settings\Rachid\WINDOWS
2009-04-11 13:00 . 2003-08-26 08:22 94208 ----a-w c:\windows\system32\TCtrlCommon.dll
2009-04-11 12:59 . 2004-08-11 09:36 253952 ----a-w c:\windows\system32\[u]00THotkey.exe
2009-04-11 12:59 . 2004-02-16 10:34 9216 ----a-w c:\windows\system32\drivers\TVALZ.SYS
2009-04-11 12:59 . 2003-12-19 13:42 53248 ----a-w c:\windows\system32\InsSecRc.scr
2009-04-11 12:59 . 2003-12-19 13:42 53248 ----a-w c:\windows\system32\InsSec.scr
2009-04-11 12:59 . 2002-10-25 08:51 638 ----a-w c:\windows\system32\[u]00THotkey.exe.manifest
2009-04-11 12:59 . 2002-04-29 08:26 24576 ----a-w c:\windows\system32\TWarnMsg.exe
2009-04-11 12:59 . 2001-06-23 18:28 24576 ----a-w c:\windows\system32\[u]000StTHK.exe
2009-04-11 12:59 . 1999-10-13 08:47 24576 ----a-w c:\windows\system32\Tsci.dll
2009-04-11 12:59 . 1999-10-13 08:45 24576 ----a-w c:\windows\system32\Thci.dll
2009-04-11 12:59 . 1998-11-13 11:16 308224 ----a-w c:\windows\IsUn040c.exe
2009-04-11 12:58 . 2009-04-11 13:00 -------- d-----w C:\toshbios.upd
2009-04-11 12:54 . 2009-04-11 12:55 -------- d-----w c:\windows\nview
2009-04-11 12:49 . 2004-11-05 09:08 670208 ----a-w c:\windows\system32\drivers\hardlock.sys
2009-04-11 12:46 . 2009-04-11 12:46 23 ---ha-w c:\windows\yacht.xws
2009-04-11 12:40 . 2009-04-11 12:40 -------- d-----w c:\windows\system32\GroupPolicy
2009-04-11 12:36 . 2009-04-11 12:48 -------- d-----w c:\documents and settings\R\Local Settings\Application Data\Google
2009-04-11 12:35 . 2009-04-13 09:08 95480 ----a-w c:\documents and settings\R\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-11 12:35 . 2009-04-11 12:35 -------- d-----w c:\documents and settings\R\Local Settings\Application Data\Deployment
2009-04-11 12:34 . 2009-04-11 12:34 42 ----a-w c:\windows\trailer.xws
2009-04-11 12:21 . 2009-04-11 12:21 -------- d-----w c:\windows\system32\LogFiles
2009-04-11 12:05 . 2001-08-17 21:59 3072 ----a-w c:\windows\system32\drivers\audstub.sys
2009-04-11 12:04 . 2004-08-19 15:54 58496 ----a-w c:\windows\system32\drivers\redbook.sys
2009-04-11 12:04 . 2001-08-17 21:46 6400 ----a-w c:\windows\system32\drivers\enum1394.sys
2009-04-11 12:03 . 2004-08-19 15:59 5504 ----a-w c:\windows\system32\drivers\intelide.sys
2009-04-11 12:03 . 2004-08-19 16:09 77312 ----a-w c:\windows\system32\usbui.dll
2009-04-11 12:03 . 2004-08-03 23:07 42368 ----a-w c:\windows\system32\drivers\AGP440.SYS
2009-04-11 12:03 . 2001-08-17 21:58 9344 ----a-w c:\windows\system32\drivers\compbatt.sys
2009-04-11 12:03 . 2004-08-03 23:07 14080 ----a-w c:\windows\system32\drivers\CmBatt.sys
2009-04-11 12:03 . 2001-08-17 21:57 14080 ----a-w c:\windows\system32\drivers\battc.sys
2009-04-11 12:02 . 2009-04-12 23:20 1374 ----a-w c:\windows\imsins.BAK
2009-04-11 12:02 . 2009-04-11 12:24 879010 ----a-w c:\windows\system32\PerfStringBackup.INI
2009-04-11 12:02 . 2009-04-13 08:09 -------- d-sh--w c:\windows\Installer
2009-04-11 12:02 . 2009-04-11 11:22 4205 ----a-w c:\windows\ODBCINST.INI
2009-04-11 12:02 . 2001-09-28 12:00 77824 -c--a-w c:\windows\system32\dllcache\spcommon.dll
2009-04-11 12:02 . 2001-09-28 12:00 65536 -c--a-w c:\windows\system32\dllcache\spcplui.dll
2009-04-11 12:02 . 2001-09-28 12:00 888 -c--a-w c:\windows\system32\dllcache\sam.sdf
2009-04-11 12:02 . 2001-09-28 12:00 774144 -c--a-w c:\windows\system32\dllcache\spttseng.dll
2009-04-11 12:02 . 2001-09-28 12:00 605050 -c--a-w c:\windows\system32\dllcache\r1033tts.lxa
2009-04-11 12:02 . 2001-09-28 12:00 1685606 -c--a-w c:\windows\system32\dllcache\sam.spd
2009-04-11 12:00 . 2009-04-11 11:33 -------- d-----w C:\Documents and Settings
2009-04-11 12:00 . 2009-04-11 11:22 -------- d--h--w c:\documents and settings\Default User
2009-04-11 12:00 . 2009-04-11 11:21 -------- d-----w c:\documents and settings\All Users
2009-04-11 12:00 . 2009-04-11 12:00 0 ----a-w c:\windows\NDSTray.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 08:05 . 2009-04-13 08:05 -------- d-----w c:\program files\Microsoft Works
2009-04-13 08:05 . 2009-04-13 08:05 -------- d-----w c:\program files\MSBuild
2009-04-13 08:03 . 2009-04-13 08:03 -------- d-----w c:\program files\Microsoft.NET
2009-04-13 07:58 . 2009-04-13 07:57 -------- d-----w c:\program files\Microsoft Visual Studio 8
2009-04-12 23:15 . 2009-04-12 23:15 -------- d-----w c:\program files\MSXML 4.0
2009-04-12 12:18 . 2009-04-11 11:21 86331 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-11 21:18 . 2009-04-11 21:18 -------- d-----w c:\program files\Fichiers communs\xing shared
2009-04-11 21:18 . 2009-04-11 21:14 -------- d-----w c:\program files\Fichiers communs\Real
2009-04-11 21:15 . 2003-03-18 21:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-04-11 21:14 . 2009-04-11 21:14 -------- d-----w c:\program files\Real
2009-04-11 20:19 . 2009-04-11 11:56 -------- d-----w c:\program files\Symantec
2009-04-11 20:19 . 2009-04-11 11:56 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-04-11 20:19 . 2009-04-11 11:56 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-11 20:19 . 2009-04-11 11:56 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-04-11 20:19 . 2009-04-11 11:56 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-11 14:47 . 2009-04-11 14:47 -------- d-----w c:\program files\Foxit Software
2009-04-11 14:21 . 2009-04-11 14:21 -------- d-----w c:\program files\SigmaTel
2009-04-11 14:21 . 2009-04-11 11:46 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 14:17 . 2009-04-11 14:17 -------- d-----w c:\program files\Vimicro
2009-04-11 13:50 . 2009-04-11 13:50 -------- d-----w c:\program files\Microsoft
2009-04-11 13:50 . 2009-04-11 13:49 -------- d-----w c:\program files\Windows Live
2009-04-11 13:49 . 2009-04-11 13:49 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-11 13:35 . 2009-04-11 13:35 -------- d-----w c:\program files\Fichiers communs\Windows Live
2009-04-11 13:00 . 2009-04-11 11:46 -------- d-----w c:\program files\TOSHIBA
2009-04-11 12:56 . 2009-04-11 12:36 -------- d-----w c:\program files\SolidWorks
2009-04-11 12:54 . 2009-04-11 11:43 -------- d-----w c:\program files\Fichiers communs\InstallShield
2009-04-11 12:44 . 2009-04-11 12:44 -------- d-----w c:\program files\Fichiers communs\eDrawings2007
2009-04-11 12:43 . 2009-04-11 12:36 -------- d-----w c:\program files\Fichiers communs\SolidWorks Shared
2009-04-11 12:36 . 2009-04-11 12:36 -------- d-----w c:\program files\Fichiers communs\Solidworks Data
2009-04-11 12:24 . 2001-09-28 12:00 71686 ----a-w c:\windows\system32\perfc00C.dat
2009-04-11 12:24 . 2001-09-28 12:00 458886 ----a-w c:\windows\system32\perfh00C.dat
2009-04-11 12:11 . 2009-04-11 11:56 -------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-04-11 11:56 . 2009-04-11 11:55 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-04-11 11:55 . 2009-04-11 11:55 -------- d-----w c:\program files\Norton AntiVirus
2009-04-11 11:55 . 2009-04-11 11:55 -------- d-----w c:\program files\Windows Sidebar
2009-04-11 11:54 . 2009-04-11 11:54 -------- d-----w c:\program files\NortonInstaller
2009-04-11 11:54 . 2009-04-11 11:54 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-11 11:49 . 2009-04-11 11:49 -------- d-----w c:\program files\Intel
2009-04-11 11:23 . 2009-04-11 11:23 -------- d-----w c:\program files\microsoft frontpage
2009-04-11 11:20 . 2009-04-11 11:20 -------- d-----w c:\program files\Services en ligne
2009-04-11 11:18 . 2009-04-11 11:18 21892 ----a-w c:\windows\system32\emptyregdb.dat
2009-04-10 10:24 . 2009-04-11 11:45 126976 ----a-r c:\windows\system32\Prounstl.exe
2009-04-10 10:24 . 2009-04-11 11:45 21504 ----a-r c:\windows\system32\NicCo.dll
2009-04-10 10:24 . 2009-04-11 11:45 20992 ----a-r c:\windows\system32\NicInst.dll
2009-04-10 10:24 . 2009-04-11 11:45 163328 ----a-r c:\windows\system32\drivers\e100b325.sys
2009-04-10 10:20 . 2009-04-11 11:47 12032 ----a-w c:\windows\system32\drivers\Netdevio.sys
2009-02-27 10:57 . 2009-04-11 11:56 36400 ----a-r c:\windows\system32\drivers\SymIM.sys
2009-02-09 14:17 . 2004-08-19 14:00 1846400 ----a-w c:\windows\system32\win32k.sys
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"Google Update"="c:\documents and settings\Rachid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-11 133104]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-19 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2006-08-25 356352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-15 4866048]
"00THotkey"="c:\windows\system32\[u]00THotkey.exe" [2004-08-11 11:36 253952]
"SigmaTel StacMon"="c:\program files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe" [2003-08-03 86073]
"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-11 198160]
"CTFMON"="c:\windows\system32\wscript.exe" [2004-08-19 114688]
"NDSTray.exe"="NDSTray.exe" [BU]
"CFSServ.exe"="CFSServ.exe" [BU]
"nwiz"="nwiz.exe" [2004-04-15 c:\windows\system32\nwiz.exe]
"000StTHK"="000StTHK.exe" [2001-06-23 20:28 24576 c:\windows\system32\[u]000StTHK.exe]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" [2004-06-28 c:\windows\system32\TPSMain.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=c:\windows\system32\wscript.exe /E:vbs c:\windows\system32\winjpg.jpg

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=c:\windows\system32\win.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS [2009-02-27 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NAV\1005000.086\BHDrvx86.sys [2009-02-27 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NAV\1005000.086\ccHPx86.sys [2009-04-11 482352]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090408.002\IDSxpx86.sys [2009-01-29 276344]
S2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-02-27 115560]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-04-10 101936]

.
Contenu du dossier 'Tâches planifiées'

2009-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1202660629-854245398-1003.job
- c:\documents and settings\Rachid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-11 14:35]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-regdiit - c:\windows\system32\win.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.freewebtown.com/blackooh/BlaCk-TiMeind3x.html.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {7D22C0F6-82FE-4EA8-B782-AA2D681B1E74} = 41.227.192.140 213.150.191.9
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2009-04-13 21:18
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
Heure de fin: 2009-04-13 21:19
ComboFix-quarantined-files.txt 2009-04-13 19:19

Avant-CF: 38 954 213 376 octets libres
Après-CF: 39,050,080,256 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

262 --- E O F --- 2009-04-12 23:21
------------------------------------------------------------------------------------------------------
-------------------------------rapport 3--------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:26, on 13/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\00THotkey.exe
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Rachid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Rachid\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rachid\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Rachid\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE USB PC Camera 301P
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CTFMON] C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Rachid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{7D22C0F6-82FE-4EA8-B782-AA2D681B1E74}: NameServer = 41.227.192.140 213.150.191.9
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 5290 bytes
----------------------------------------------------------------------------------------------------

Configuration: Windows XP
Safari 525.19

Meilleures réponses pour « winjpg.jpg et win.exe j'en ai marre » dans :

Winlogon - winlogon.exe Voir winlogon - winlogon.exe Le processus winlogon.exe (winlogon signifiant Windows LogOn Process, en français ouverture de session Windows) est un processus générique de Windows NT/2000/XP servant à gérer l'ouverture et la fermeture des sessions. Le...

Winmgmt - winmgmt.exe Voir winmgmt - winmgmt.exe Le processus winmgmt.exe (winmgmt signifiant Windows Management Services) est un processus générique de Windows 98/NT/Me/2000/XP permettant de réaliser des scripts servant à la gestion du matériel, des comptes utilisateurs, du...

Winampa - winampa.exe Voir winampa - winampa.exe Le processus winampa.exe (winampa signifiant Winamp Application) est un processus correspondant au lecteur de mp3 Winamp de NullSoft. Il s'agit d'un processus applicatif pouvant être arrêté.

Problème d'ouverture de WORD (WINWORD.EXE) (Résolu) Voir

Virus "windows\system32\WINSYS2.EXE" (Résolu) Voir

Win32.exe Voir

Wins - wins.exe Voirwins - wins.exe Le processus wins.exe (wins signifiant Windows Internet Name Service) est un processus générique de Windows NT/2000/XP servant à gérer les noms WINS. Le processus wins n'est en aucun cas un Virus résident, un ver, un cheval de...

Télécharge Malwarebytes' Anti-Malware: Lire la suite

Posez votre question Répondre

kioupiou, le 13 avr 2009 à 21:53:38

Télécharge Malwarebytes' Anti-Malware: http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

. sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Il va se mettre à jour une fois faite
. rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés)

. cliques sur Supprimer la sélection

. Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. redemarre le pc
. une fois redémarré double-cliques sur malwarebytes
. rends toi dans l'onglet quarantaine et supprime tout.
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller

Répondre à kioupiou

zola83, le 1 jun 2009 à 15:26:44

Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2169
Windows 5.1.2600 Service Pack 2

23/05/2009 21:34:30
mbam-log-2009-05-23 (21-34-30).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 319079
Temps écoulé: 1 hour(s), 26 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\System\DisableCMD (Hijack.CMDPrompt) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

Répondre à zola83

bil, le 30 mai 2009 à 19:37:02

Je te remérsie baucau et voila
Malwarebytes' Anti-Malware 1.37
Version de la base de données: 2197
Windows 5.1.2600 Service Pack 2

30/05/2009 18:20:54
mbam-log-2009-05-30 (18-20-54).txt

Type de recherche: Examen complet (C:\|D:\|E:\|G:\|)
Eléments examinés: 142570
Temps écoulé: 2 hour(s), 15 minute(s), 45 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 44
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 13
Fichier(s) infecté(s): 37

Processus mémoire infecté(s):
C:\documents and settings\bilal\local settings\application data\qkqcwce.exe (Adware.Navipromo.H) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\imeshmediabar.stockbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6c380604-92b2-4633-becb-bde03fa45980} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4481c34a-10df-4c96-92a6-0ef31b6b95d6} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f9c23cd1-6da9-4e0b-8367-c6f9f1f78baf} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\imeshmediabar.stockbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.Webmediaplayer) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\qkqcwce (Adware.Navipromo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ctfmon (Backdoor.Poison) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\101x135 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\Shared (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\documents and settings\bilal\local settings\application data\awjyhfl_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\bilal\local settings\application data\awjyhfl_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\bilal\local settings\application data\awjyhfl.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\bilal\local settings\application data\kkzyxv_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\bilal\local settings\application data\kkzyxv_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\bilal\local settings\application data\kkzyxv.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\bilal\local settings\application data\qkqcwce_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\bilal\local settings\application data\qkqcwce_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\bilal\local settings\application data\qkqcwce.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\bilal\local settings\application data\qkqcwce.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\bilal\local settings\application data\wmgma_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\bilal\local settings\application data\wmgma_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
c:\documents and settings\bilal\local settings\application data\wmgma.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshMediaBar.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
c:\program files\windows live\messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\History\search3 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\setting2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\settings.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\mywebsearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\001E159F.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\0023103A.urr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\00231582.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\0023A924.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\0023E992.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\wrkparam.lst (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\101x135\00231582.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\101x135\0023A924.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\funwebproducts\screensaver\Images\101x135\0023E992.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\WebMediaPlayer.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
c:\program files\webmediaplayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wscript.exe (Backdoor.Poison) -> Delete on reboot.

Répondre à bil

gen-hackman, le 1 jun 2009 à 15:29:15

Répondre à gen-hackman

Posez votre question Répondre