Mon ordinateur ai-t-il contaminé ?

Sylvain83 · Inscrit le: 11 Fév 2008 Messages: 12

Bonjour, tout est dans le titre.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:29:39, on 11/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\p2phost.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAMTBIE.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\eMule\emule.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9e.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\RunOnce: [Lusetup] C:\PROGRA~1\Symantec\LIVEUP~1\LUSetup.exe -s -a -q -log -version
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [team hide] "C:\ProgramData\Free Up Up.jufnf"
O4 - HKCU\..\Run: [Ball that ford software] "C:\ProgramData\Amen nurb plan.knt3t"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Moniteur WiFi OLITEC.exe.lnk = C:\Program Files\OLITEC\Moniteur WiFi OLITEC\Moniteur WiFi OLITEC.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 11546 bytes

naheulbeuk · Posté le: Mar Fév 12, 2008 6:22 pm Sujet du message:

bonsoir, t'es infecté par lop, tu dois avoir des fenetres de pubs CiD Wink

fais ceci dans l'ordre et en entier :

Note: Cette procédure a été créée spécifiquement pour cet utilisateur ! Si vous n'êtes pas cet utilisateur en question, ne suivez pas ces instructions au risque d'endommager votre PC !!!

1/ relance hijackthis et coche les cases devant ces lignes (si présentes) :

Sylvain83 · Inscrit le: 11 Fév 2008 Messages: 12

Bonsoir !

C'est vraiment gentil de m'aidé Very Happy

. Bref voilà, j'ai le compte rendue :

ComboFix 08-02-13.1 - Sylvain 2008-02-12 21:00:40.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.438 [GMT 1:00]
Endroit: C:\Users\Sylvain\Desktop\ComboFix.exe
Command switches used :: C:\Users\Sylvain\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ProgramData\Amen nurb plan.knt3t\
C:\ProgramData\Free Up Up.jufnf\
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.lnk
C:\Windows\pack.epk
C:\Windows\system32\nvs2.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-13 to 2008-02-13 ))))))))))))))))))))))))))))))))))))
.

2008-02-12 10:57 . 2008-02-12 10:57 132,745,355 --a------ C:\Windows\MEMORY.DMP
2008-02-11 18:28 . 2008-02-11 18:28 <REP> d-------- C:\Program Files\Trend Micro
2008-02-11 17:53 . 2008-02-11 17:53 <REP> d-------- C:\Windows\System32\Kaspersky Lab
2008-02-11 17:18 . 2008-02-11 17:18 <REP> d--h----- C:\Windows\PIF
2008-02-11 17:17 . 2008-02-11 17:17 16 --a------ C:\Windows\System32\coh.cache
2008-02-11 16:03 . 2008-02-11 16:04 <REP> d-------- C:\Program Files\Panda Security
2008-02-11 15:55 . 2008-02-11 15:55 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-02-11 15:55 . 2008-02-11 15:55 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-02-11 14:24 . 2008-02-11 14:24 <REP> d-------- C:\Program Files\Yahoo!
2008-02-11 14:24 . 2008-02-11 14:24 <REP> d-------- C:\Program Files\CCleaner
2008-02-08 22:46 . 2008-02-08 22:46 <REP> d-------- C:\Users\All Users\Adobe Systems
2008-02-08 22:46 . 2008-02-08 22:46 <REP> d-------- C:\ProgramData\Adobe Systems
2008-02-08 22:40 . 2008-02-08 22:40 <REP> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-04 19:58 . 2008-02-04 19:58 <REP> d-------- C:\Program Files\GIMP-2.0
2008-02-03 18:49 . 2008-02-03 20:56 <REP> d-------- C:\Users\All Users\FLEXnet
2008-02-03 18:49 . 2008-02-03 20:56 <REP> d-------- C:\ProgramData\FLEXnet
2008-02-03 18:47 . 2008-02-03 18:47 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-02-03 18:41 . 2008-02-03 18:41 209 --a------ C:\Windows\ODBCINST.INI
2008-01-19 19:05 . 2008-01-19 19:05 <REP> d-------- C:\Users\Sylvain\AppData\Roaming\PeerNetworking
2008-01-19 18:34 . 2008-01-19 18:34 <REP> d-------- C:\Program Files\MagicISO
2008-01-19 12:09 . 2008-01-20 15:39 <REP> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-01-19 12:09 . 2007-11-05 05:34 43,528 --------- C:\Windows\System32\drivers\PxHelp20.sys
2008-01-19 12:09 . 2007-11-05 05:34 9,464 --------- C:\Windows\System32\drivers\cdralw2k.sys
2008-01-19 12:09 . 2007-11-05 05:34 9,336 --------- C:\Windows\System32\drivers\cdr4_xp.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 15:35 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-12 09:57 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-11 19:44 --------- d-----w C:\Program Files\Norton Internet Security
2008-02-11 16:14 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-02-11 16:14 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-02-11 16:14 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-02-11 16:14 --------- d-----w C:\Program Files\Symantec
2008-02-11 16:12 --------- d-----w C:\ProgramData\Symantec
2008-02-10 14:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-06 17:54 --------- d-----w C:\Users\Sylvain\AppData\Roaming\gtk-2.0
2008-01-23 20:21 --------- d-----w C:\Program Files\BitTorrent
2008-01-22 16:51 --------- d-----w C:\Program Files\BitComet
2008-01-20 12:08 --------- d-----w C:\ProgramData\Comp Jugs Ball That
2008-01-20 12:08 --------- d-----w C:\ProgramData\chin cool
2008-01-19 11:28 --------- d-----w C:\ProgramData\eMule
2008-01-19 11:28 --------- d-----w C:\Program Files\eMule
2008-01-14 20:35 --------- d-----w C:\Users\Sylvain\AppData\Roaming\BitTorrent
2008-01-10 16:19 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 21:22 802,816 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-01-09 21:22 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-01-09 21:22 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-01-09 21:22 216,760 ----a-w C:\Windows\system32\drivers\netio.sys
2008-01-09 21:22 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-01-09 21:20 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 21:20 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 21:20 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 21:20 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 21:20 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-01-09 21:20 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 21:20 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-09 21:20 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-01-09 21:20 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 21:20 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-01-09 21:20 1,686,016 ----a-w C:\Windows\System32\gameux.dll
2008-01-09 21:20 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 21:20 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-08 15:38 --------- d-----w C:\Users\Sylvain\AppData\Roaming\Ahead
2008-01-06 10:56 --------- d-----w C:\Program Files\WIDCOMM
2007-12-13 17:46 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-13 17:45 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-13 17:45 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-13 17:44 824,832 ----a-w C:\Windows\System32\wininet.dll
2007-12-13 17:44 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-13 17:44 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-13 17:44 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-13 17:43 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-13 17:43 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-13 17:43 3,504,824 ----a-w C:\Windows\System32\ntkrnlpa.exe
2007-12-13 17:43 3,470,520 ----a-w C:\Windows\System32\ntoskrnl.exe
2007-12-13 17:43 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-13 17:43 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-11-17 23:26 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-14 15:32 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-14 15:32 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-14 15:32 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-14 15:32 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-14 15:32 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-14 15:32 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-14 15:32 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-14 15:32 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-14 15:32 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-14 15:32 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-14 15:31 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2007-11-14 15:31 8,704 ----a-w C:\Windows\System32\hccoin.dll
2007-08-30 08:55 174 --sha-w C:\Program Files\desktop.ini
2007-09-18 18:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-09-18 18:42 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-09-18 18:42 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2007-07-31 15:33 1391640 --a------ C:\Program Files\speed-bit\tbspee.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= C:\Program Files\speed-bit\tbspee.dll [2007-07-31 15:33 1391640]

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 22:20 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 13:34 2159104 C:\Windows\System32\oobefldr.dll]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 14:30 249856]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [ ]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"CollaborationHost"="C:\Windows\system32\p2phost.exe" [2006-11-02 13:35 191488]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"team hide"="C:\ProgramData\Free Up Up.u6tetw" [2008-02-13 21:01 290832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-27 23:41 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-07 13:53 4374528 C:\Windows\RtHDVCpl.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:08 107112]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:18 22696]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 14:30 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-06 11:20 282624]
"PSPVideo9"="C:\Program Files\pspvideo9\pspVideo9.exe" [2005-10-30 01:56 606208]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [ ]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-10-02 14:45 67488]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
BTTray.lnk - C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2005-06-21 12:29:20 577597]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Moniteur WiFi OLITEC.exe.lnk - C:\Program Files\OLITEC\Moniteur WiFi OLITEC\Moniteur WiFi OLITEC.exe [2007-05-26 20:51:54 913408]

R0 videX32;videX32;C:\Windows\system32\DRIVERS\videX32.sys [2006-10-17 20:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\Windows\system32\DRIVERS\xfilt.sys [2006-10-18 17:39]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 05:10]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-10-02 14:46]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-09-26 10:56]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-11-14 16:07]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\Windows\system32\DRIVERS\fetnd5bv.sys [2006-12-20 15:00]
R3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;C:\Windows\system32\DRIVERS\MRVW225.sys [2006-09-29 08:59]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-18 19:03]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 19:55]

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {738C6C16-78AB-DF7C-8254-292C11130D3B} /qb
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-11 19:44:45 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Sylvain.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 21:03:40
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-13 21:04:22
ComboFix-quarantined-files.txt 2008-02-13 20:04:20
.
2008-02-08 14:59:44 --- E O F ---

naheulbeuk · Posté le: Mar Fév 12, 2008 9:13 pm Sujet du message:

post moi un nouveau rapport hijackthis stp Very Happy

Sylvain83 · Inscrit le: 11 Fév 2008 Messages: 12

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:48:47, on 13/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAMTBIE.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Adobe Photoshop CS2\Photoshop.exe
C:\Users\Sylvain\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Users\Sylvain\AppData\Local\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: speed-bit Toolbar - {2ba521ac-b9b9-4433-ba45-dba2f02cba5a} - C:\Program Files\speed-bit\tbspee.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSPVideo9] C:\Program Files\pspvideo9\pspVideo9.exe -t
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [team hide] "C:\ProgramData\Free Up Up.u6tetw"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Moniteur WiFi OLITEC.exe.lnk = C:\Program Files\OLITEC\Moniteur WiFi OLITEC\Moniteur WiFi OLITEC.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/cabs/ascstubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe

--
End of file - 10260 bytes

naheulbeuk · Posté le: Mar Fév 12, 2008 10:06 pm Sujet du message:

re,

1/ coche et fix cette ligne dans hijackthis :

O4 - HKCU\..\Run: [team hide] "C:\ProgramData\Free Up Up.u6tetw"

2/ Télécharge ATF Cleaner by Atribune sur ton bureau.

son tuto : http://mickael.barroux.free.fr/securite/atf_cleaner.php

Lance ATF-Cleaner : Double-clique sur ATF-Cleaner.exe
Coche ceci :

Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
Recycle Bin

Clique sur Empty Selected et au message "Done Cleaning" sur Ok

3/ Fais un scan [g]BitDefender[/g] en ligne (avec [g]Internet Explorer[/g] pas avec Firefox !)
(clique à gauche sur scan online).
et post moi le rapport de ce scan ici une fois terminé !

Guide d'utilisation de Bitdefender en ligne (merci Bruce Lee) : http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm

bonne soirée Wink

Sylvain83 · Inscrit le: 11 Fév 2008 Messages: 12

naheulbeuk · Posté le: Mer Fév 13, 2008 7:27 am Sujet du message:

pas grave coche le reste Wink

Sylvain83 · Inscrit le: 11 Fév 2008 Messages: 12

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
<META>
</HEAD>
<BODY>

<table>
<tr>
<td>
BitDefender Online Scanner
</td>
<td>
 
</td>
<td>
 
</td>
</tr>
<tr>
<td>
Rapport d'analyse généré à: Thu, Feb 14, 2008 - 09:16:30
</td>
</tr>

<tr>
<td>
 
</td>
<td>
 
</td>
<td>
 
</td>
</tr>

<tr>
<td>
Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;
</td>
<td>
 
</td>
<td>
 
</td>
</tr>

<tr>
<td>
 
</td>
<td>
 
</td>
<td>
 
</td>
</tr>

<tr>
<td>
<table>
<tr>
<td>
Statistiques
</td>
</tr>
<tr>
<td>
Temps
</td>
<td>
10:55:33
</td>
</tr>
<tr>
<td>
Fichiers
</td>
<td>
466461
</td>
</tr>
<tr>
<td>
Directoires
</td>
<td>
14366
</td>
</tr>
<tr>
<td>
Secteurs de boot
</td>
<td>
4
</td>
</tr>
<tr>
<td>
Archives
</td>
<td>
2355
</td>
</tr>
<tr>
<td>
Paquets programmes
</td>
<td>
49669
</td>
</tr>
</table>
</td>
<td>
 
</td>
<td>
 
</td>
</tr>

<tr>
<td>
<table>
<tr>
<td>
Résultats
</td>
</tr>
<tr>
<td>
Virus identifiés
</td>
<td>
3
</td>
</tr>
<tr>
<td>
Fichiers infectés
</td>
<td>
8
</td>
</tr>
<tr>
<td>
Fichiers suspects
</td>
<td>
0
</td>
</tr>
<tr>
<td>
Avertissements
</td>
<td>
0
</td>
</tr>
<tr>
<td>
Désinfectés
</td>
<td>
0
</td>
</tr>
<tr>
<td>
Fichiers effacés
</td>
<td>
8
</td>
</tr>
</table>
</td>
<td>
 
</td>
<td>
 
</td>
</tr>

<tr>
<td>
<table>
<tr>
<td>
Info sur les moteurs
</td>
</tr>
<tr>
<td>
Définition virus
</td>
<td>
896914
</td>
</tr>
<tr>
<td>
Version des moteurs
</td>
<td>
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
</td>
</tr>
<tr>
<td>
Analyse des plugins
</td>
<td>
14
</td>
</tr>
<tr>
<td>
Archive des plugins
</td>
<td>
38
</td>
</tr>
<tr>
<td>
Unpack des plugins
</td>
<td>
7
</td>
</tr>
<tr>
<td>
E-mail plugins
</td>
<td>
6
</td>
</tr>
<tr>
<td>
Système plugins
</td>
<td>
1
</td>
</tr>
</table>
</td>
<td>
 
</td>
<td>
 
</td>
</tr>

<tr>
<td>
<table>
<tr>
<td>
Paramètres d'analyse
</td>
</tr>
<tr>
<td>
Première action
</td>
<td>
Désinfecté
</td>
</tr>
<tr>
<td>
Seconde Action
</td>
<td>
Supprimé
</td>
</tr>
<tr>
<td>
Heuristique
</td>
<td>
Oui
</td>
</tr>
<tr>
<td>
Acceptez les avertissements
</td>
<td>
Oui
</td>
</tr>
<tr>
<td>
Extensions analysées
</td>
<td>
*;
</td>
</tr>

<tr>
<td>
Excludez les extensions
</td>
<td>
 
</td>
</tr>
<tr>
<td>
Analyse d'emails
</td>
<td>
Oui
</td>
</tr>
<tr>
<td>
Analyse des Archives
</td>
<td>
Oui
</td>
</tr>
<tr>
<td>
Analyser paquets programmes
</td>
<td>
Oui
</td>
</tr>
<tr>
<td>
Analyse des fichiers
</td>
<td>
Oui
</td>
</tr>
<tr>
<td>
Analyse de boot
</td>
<td>
Oui
</td>
</tr>
</table>
</td>
<td>
 
</td>
<td>
 
</td>
</tr>

<tr>
<td>  
<table>
<tr>
<td>
Fichier analysé
</td>
<td>
 Statut
</td>
</tr>
<tr>
<td>
C:\ProgramData\chin cool\gqafuoaw.exe
</td>
<td>
Infecté par: Trojan.FatObfus.2.Gen
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\gqafuoaw.exe
</td>
<td>
Echec de la désinfection
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\gqafuoaw.exe
</td>
<td>
Supprimé
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\guxvsszc.exe
</td>
<td>
Infecté par: Trojan.FatObfus.2.Gen
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\guxvsszc.exe
</td>
<td>
Echec de la désinfection
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\guxvsszc.exe
</td>
<td>
Supprimé
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\hwrlmhzo.exe
</td>
<td>
Infecté par: Trojan.FatObfus.2.Gen
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\hwrlmhzo.exe
</td>
<td>
Echec de la désinfection
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\hwrlmhzo.exe
</td>
<td>
Supprimé
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\olnrqupw.exe
</td>
<td>
Infecté par: Trojan.Obfus.6.Gen
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\olnrqupw.exe
</td>
<td>
Echec de la désinfection
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\olnrqupw.exe
</td>
<td>
Supprimé
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\pluuhifv.exe
</td>
<td>
Infecté par: Trojan.Obfus.6.Gen
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\pluuhifv.exe
</td>
<td>
Echec de la désinfection
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\pluuhifv.exe
</td>
<td>
Supprimé
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\vkzlwfay.exe
</td>
<td>
Infecté par: Trojan.FatObfus.2.Gen
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\vkzlwfay.exe
</td>
<td>
Echec de la désinfection
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\vkzlwfay.exe
</td>
<td>
Supprimé
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\xhvboyxf.exe
</td>
<td>
Infecté par: Trojan.FatObfus.2.Gen
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\xhvboyxf.exe
</td>
<td>
Echec de la désinfection
</td>
</tr><tr>
<td>
C:\ProgramData\chin cool\xhvboyxf.exe
</td>
<td>
Supprimé
</td>
</tr><tr>
<td>
C:\QooBox\Quarantine\C\Windows\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008
</td>
<td>
Infecté par: Trojan.Mailskinner.C
</td>
</tr><tr>
<td>
C:\QooBox\Quarantine\C\Windows\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008
</td>
<td>
Echec de la désinfection
</td>
</tr><tr>
<td>
C:\QooBox\Quarantine\C\Windows\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0008
</td>
<td>
Supprimé
</td>
</tr><tr>
<td>
C:\QooBox\Quarantine\C\Windows\pack.epk.vir=>(NSIS 2g)
</td>
<td>
Echec de la mise à jour
</td>
</tr>
</table>
</td>

<td>
 
</td>
</tr>

<tr>
<td>
 
</td>
<td>
 
</td>
<td>
 
</td>
</tr>

<tr>
<td>
 
</td>
<td>
 
</td>
<td>
 
</td>
</tr>

</table>
 

</body>
</html>

Voilà...

naheulbeuk · Posté le: Mer Fév 13, 2008 5:56 pm Sujet du message:

bonjour, supprime ce dossier : C:\ProgramData\chin cool\ puis vide ta corbeille

tu n'as plus de souci ? Very Happy

Sylvain83 · Inscrit le: 11 Fév 2008 Messages: 12

Plus de problème !!!! Merci beaucoup !!!!

naheulbeuk · Posté le: Mer Fév 13, 2008 9:33 pm Sujet du message:

de rien

Voici quelques liens pour des conseils en sécurité :

Mon site Web sur la sécurité informatique !
Comment protéger son PC pour éviter d'être infecté ?

Prends le temps de les lire car elles sont très enréchissantes.

bonne soirée Very Happy

	Forum informatique -> Forum Internet / Réseau Sécurité Voir le sujet précédent :: Voir le sujet suivant