Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

infectés de spywares ?

 

Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

infectés de spywares ?

Prévenir les modérateurs en cas d'abus 
peyo4010
peyo4010
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/11/2008 à 15:17:06  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
bonjour,

 je crois que je suis infecté de spyware j'ai tout le temps des messages d'alerte et il me demande toujours un scan et cela m'a installé antivirus scan sur le bureau.
 
 Que dois-je faire?
 Merci d'avance

 je suis sous windows vista

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 24/11/2008 à 15:18:38  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut peyo4010


 On va vérifier ça, télécharge Hijackthis V 2.02 sur le bureau :

 http://www.trendsecure.com/por [...] nstall.exe


 - Double clique sur HJTInstall.exe sur le bureau

 - Clique sur Install ensuite sur I Accept

 - ferme toutes les fenêtres, HJT doit être exécuté seul (tout autre programme fermé).

 - double clique sur le raccourci d'HijackThis sur ton Bureau
 (Pour Vista, clique droit sur le raccourci d'HijackThis sur ton Bureau, puis "Exécuter en tant qu'administrateur".
 - et clique sur Do a system scan and save a logfile pour lancer le scan

 Quand le rapport apparaît dans le bloc note, allez dans Edition, puis Sélectionner Tout, le texte est alors sélectionné, retourne dans Edition toujours en laissant le texte sélectionné, et cliquez sur copier.

 Dans ta prochaine réponse, faire un clic droit et coller, je procéderai a son analyse.
 Ferme le bloc note et la fenêtre de HJT


 Aide : http://forum.telecharger.01net [...] ges-1.html


 @++

(Publicité)
peyo4010
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/11/2008 à 15:32:43  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 15:24:46, on 24/11/2008
 Platform: Windows Vista  (WinNT 6.00.1904)
 MSIE: Internet Explorer v7.00 (7.00.6000.16681)
 Boot mode: Normal

 Running processes:
 C:\Windows\System32\smss.exe
 C:\Windows\system32\csrss.exe
 C:\Windows\system32\wininit.ex​e
 C:\Windows\system32\csrss.exe
 C:\Windows\system32\services.e​xe
 C:\Windows\system32\lsass.exe
 C:\Windows\system32\lsm.exe
 C:\Windows\system32\winlogon.e​xe
 C:\Windows\system32\svchost.ex​e
 C:\Windows\system32\svchost.ex​e
 C:\Windows\System32\svchost.ex​e
 C:\Windows\System32\svchost.ex​e
 C:\Windows\system32\svchost.ex​e
 C:\Windows\system32\SLsvc.exe
 C:\Windows\system32\svchost.ex​e
 C:\Windows\system32\svchost.ex​e
 C:\Windows\system32\Dwm.exe
 C:\Windows\Explorer.EXE
 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 C:\Program Files\Alwil Software\Avast4\ashServ.exe
 C:\Program Files\WebMediaViewer\qttask.ex​e
 C:\Program Files\WebMediaViewer\hpmon.exe
 C:\Program Files\Spyware Doctor\pctsTray.exe
 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
 C:\WINDOWS\System32\rundll32.e​xe
 C:\Program Files\Windows Sidebar\sidebar.exe
 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
 C:\Program Files\DAEMON Tools Lite\daemon.exe
 C:\Program Files\Picasa2\PicasaMediaDetec​tor.exe
 C:\Program Files\PDFCreator\PDFCreator.ex​e
 C:\Program Files\WebMediaViewer\qttaskm.e​xe
 C:\Windows\System32\spoolsv.ex​e
 C:\Windows\system32\taskeng.ex​e
 C:\Windows\system32\svchost.ex​e
 C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
 C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
 C:\Windows\system32\taskeng.ex​e
 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 C:\Windows\system32\svchost.ex​e
 C:\Windows\system32\svchost.ex​e
 C:\Program Files\WebMediaViewer\hpmom.exe
 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
 C:\Windows\System32\svchost.ex​e
 C:\Windows\System32\svchost.ex​e
 C:\Windows\system32\svchost.ex​e
 C:\Windows\system32\ctfmon.exe
 C:\Program Files\Spyware Doctor\pctsAuxs.exe
 C:\Windows\system32\svchost.ex​e
 C:\Windows\System32\svchost.ex​e
 C:\Windows\system32\SearchInde​xer.exe
 C:\Windows\system32\DRIVERS\xa​udio.exe
 C:\Windows\system32\WUDFHost.e​xe
 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 C:\Program Files\Spyware Doctor\pctsSvc.exe
 C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
 C:\Windows\system32\conime.exe
 C:\Program Files\Windows Live\Messenger\usnsvc.exe
 C:\Program Files\Spyware Doctor\upgrade.exe
 C:\Windows\system32\SearchProt​ocolHost.exe
 C:\Windows\system32\SearchFilt​erHost.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = about:blank
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://lo.st
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me =
 O2 - BHO: {227015ef-89eb-8178-dd34-5a988​6729560} - {06592768-89a5-43dd-8718-be98f​e510722} - C:\Windows\system32\mbajyl.dll
 O2 - BHO: (no name) - {12D1E7A6-C55A-400F-A122-39285​E10B635} - C:\Windows\system32\yayYOIab.d​ll
 O2 - BHO: (no name) - {64466B8E-20A7-4A4A-AFF4-AAD9C​A68B52C} - C:\Program Files\WebMediaViewer\hpmun.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv​.dll
 O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - c:\program files\google\googletoolbar2.dl​l
 O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51​AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_To​olbar.dll
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - c:\program files\google\googletoolbar2.dl​l
 O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D​952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_To​olbar.dll
 O3 - Toolbar: Browser Toolbar - {2EEF94DF-75F6-42E9-B7FB-AF5A1​70A6E2E} - C:\Program Files\WebMediaViewer\browseul.​dll
 O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
 O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
 O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\urqOIxXq.d​ll,#1
 O4 - HKLM\..\Run: [be9a9c89] rundll32.exe "C:\Windows\system32\psclknnc.​dll",b
 O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
 O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
 O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetec​tor.exe
 O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e"
 O4 - HKLM\..\Policies\Explorer\Run: [QuickTime Task] C:\Program Files\WebMediaViewer\qttask.ex​e
 O4 - HKLM\..\Policies\Explorer\Run: [VMware hptray] C:\Program Files\WebMediaViewer\hpmon.exe
 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
 O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User '?')
 O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User '?')
 O4 - HKUS\S-1-5-21-757477431-116201​9187-1703053298-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
 O4 - HKUS\S-1-5-21-757477431-116201​9187-1703053298-1000\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e" (User '?')
 O4 - S-1-5-21-757477431-1162019187-​1703053298-1000 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User '?')
 O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
 O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.ex​e
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Off​ice12\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\b​in\ssv.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\b​in\ssv.dll
 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663E​E0C6C49} - C:\PROGRA~1\MICROS~3\Office12\​ONBttnIE.dll
 O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663E​E0C6C49} - C:\PROGRA~1\MICROS~3\Office12\​ONBttnIE.dll
 O9 - Extra button: (no name) - {3B8FB116-D358-48A3-A5C7-DB84F​15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
 O9 - Extra 'Tools' menuitem: IExplorer Security - {3B8FB116-D358-48A3-A5C7-DB84F​15CBB04} - http://www.ietoolexpress.com/redirect.php (file missing)
 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C5​71A8263} - C:\PROGRA~1\MICROS~3\Office12\​REFIEBAR.DLL
 O13 - Gopher Prefix:
 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05C​B959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w [...] dfr-fr.cab
 O20 - AppInit_DLLs: mbajyl.dll
 O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
 O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\C​LCapSvc.exe
 O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\C​LSched.exe
 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
 O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\h​pqwmiex.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\I​ntel 32\IDriverT.exe
 O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
 O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
 O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingServ​ice.exe
 O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaD​B9.exe
 O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
 O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
 O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
 O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xa​udio.exe

 --
 End of file - 10407 bytes

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 24/11/2008 à 15:39:29  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut peyo4010


 -Télécharge et installe MalwareByte's Anti-Malware
 http://www.malwarebytes.org/mb [...] -setup.exe

 - Mets le à jour

 ---

 - Redémarre en mode sans échec :

 Au redémarrage de ton PC tapote sur la touche F8 ou F5 sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur

 ---

 - Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
 - Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
 - clique sur Rechercher

 - Une fois le scan terminé, une fenêtre s'ouvre, clique sur  sur Ok

 - Si MalwareByte's n'a rien détecté, clique sur Ok  Un rapport va apparaître ferme-le.

 - Si MalwareByte's a détecté des infections, clique sur Afficher les résultats  ensuite sur Supprimer la sélection

 - Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

 Note : Si MalwareByte's  a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

 Tutoriel pour MalwareByte's ici :
 http://www.malekal.com/tutoria [...] alware.php


 @++  :)

peyo4010
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/11/2008 à 20:24:43  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Malwarebytes' Anti-Malware 1.30
 Version de la base de données: 1419
 Windows 6.0.6000

 24/11/2008 20:15:21
 mbam-log-2008-11-24 (20-15-21).txt

 Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
 Eléments examinés: 189402
 Temps écoulé: 47 minute(s), 23 second(s)

 Processus mémoire infecté(s): 0
 Module(s) mémoire infecté(s): 1
 Clé(s) du Registre infectée(s): 25
 Valeur(s) du Registre infectée(s): 9
 Elément(s) de données du Registre infecté(s): 2
 Dossier(s) infecté(s): 1
 Fichier(s) infecté(s): 56

 Processus mémoire infecté(s):
 (Aucun élément nuisible détecté)

 Module(s) mémoire infecté(s):
 C:\WINDOWS\System32\yayYOIab.d​ll (Trojan.Vundo.H) -> Delete on reboot.

 Clé(s) du Registre infectée(s):
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{06592768-89a5-43dd-87​18-be98fe510722} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 HKEY_CLASSES_ROOT\CLSID\{06592​768-89a5-43dd-8718-be98fe51072​2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{3bcc6fb7-32a0-4159-bb​bc-b3f9f5371214} (Trojan.Vundo.H) -> Delete on reboot.
 HKEY_CLASSES_ROOT\CLSID\{3bcc6​fb7-32a0-4159-bbbc-b3f9f537121​4} (Trojan.Vundo.H) -> Delete on reboot.
 HKEY_CLASSES_ROOT\CLSID\{2eef9​4df-75f6-42e9-b7fb-af5a170a6e2​e} (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Ext\Stats\{2eef94df-75f6-42e9-​b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_CLASSES_ROOT\CLSID\{64466​b8e-20a7-4a4a-aff4-aad9ca68b52​c} (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Ext\Stats\{64466b8e-20a7-4a4a-​aff4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{64466b8e-20a7-4a4a-af​f4-aad9ca68b52c} (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Ext\Stats\{7545d8c8-f53c-4e2f-​8fa0-d248ef4a6e61} (Rogue.Installer) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Ext\Stats\{3b8fb116-d358-48a3-​a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\SearchScopes\{0b385ee​3-ee18-4c69-bf55-6b6b406ef591} (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Extensions\{3b8fb116-​d358-48a3-a5c7-db84f15cbb04} (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Ext\Stats\{06592768-89a5-43dd-​8718-be98fe510722} (Trojan.Vundo) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
 HKEY_CLASSES_ROOT\webmedia.chl (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\Online Alert Manager (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\IExplorer add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Uninstall\Browser Toolbar (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

 Valeur(s) du Registre infectée(s):
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run\be9a9c89 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Toolbar\{2eef94df-75f​6-42e9-b7fb-af5a170a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\Toolbar\WebBrowser\{2​eef94df-75f6-42e9-b7fb-af5a170​a6e2e} (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Policies\Explorer\Run\vmware hptray (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Policies\Explorer\Run\quickti​me task (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\New Windows\Allow\*.securewebinfo.​com (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\New Windows\Allow\*.safetyincludes​.com (Trojan.Zlob) -> Quarantined and deleted successfully.
 HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Internet Explorer\New Windows\Allow\*.securemanaging​.com (Trojan.Zlob) -> Quarantined and deleted successfully.

 Elément(s) de données du Registre infecté(s):
 HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\LSA\Noti​fication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\yayyoiab -> Quarantined and deleted successfully.
 HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\LSA\Auth​entication Packages (Trojan.Vundo) -> Data: c:\windows\system32\yayyoiab  -> Quarantined and deleted successfully.

 Dossier(s) infecté(s):
 C:\Program Files\WebMediaViewer (Trojan.Zlob) -> Quarantined and deleted successfully.

 Fichier(s) infecté(s):
 C:\WINDOWS\System32\mbajyl.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\yayYOIab.d​ll (Trojan.Vundo.H) -> Delete on reboot.
 C:\WINDOWS\System32\baIOYyay.i​ni (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\baIOYyay.i​ni2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\awtqnmND.d​ll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\DNmnqtwa.i​ni (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\DNmnqtwa.i​ni2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\fCroNGaw.d​ll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\waGNorCf.i​ni (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\waGNorCf.i​ni2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\psclknnc.d​ll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\cnnklcsp.i​ni (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\uRlIaASj.d​ll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\jSAaIlRu.i​ni (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\jSAaIlRu.i​ni2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\wvUnOGvw.d​ll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\wvGOnUvw.i​ni (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\wvGOnUvw.i​ni2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\browseul.​dll (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\hpmun.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Users\hp\AppData\Local\Temp​\lwpwer.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
 C:\Users\hp\AppData\Local\Temp​\tmp0000bf48 (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\Users\hp\AppData\Local\Temp​\tmp0000c744 (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\Users\hp\AppData\Local\Temp​\tmp0000c7e0 (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\Users\hp\AppData\Local\Temp​\tmp0000cb88 (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\Users\hp\AppData\Local\Temp​\tmp0000cd4c (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\Users\hp\AppData\Local\Temp​\tmp0000d26b (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\Users\hp\AppData\Local\Temp​\tmp0000d577 (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\Users\hp\AppData\Local\Temp​\tmp0000e0eb (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\Users\hp\AppData\Local\Temp​\tmp0001cb3a (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\gpctebax.d​ll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\pmnmklJB.d​ll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\ppxrtxoc.d​ll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\qgjjsw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\rxmljsou.d​ll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\sSMeFUkj.d​ll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\vtUkjKdE.d​ll (Trojan.Vundo) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\browseu.e​xe (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\hpmon.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\hpmun.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\myd.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\mym.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\myp.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\myv.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\ot.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\qttask.ex​e (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\qttaskm.e​xe (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\qttasku.e​xe (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Program Files\WebMediaViewer\ts.ico (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\WINDOWS\System32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
 C:\ProgramData\Microsoft\Windo​ws\Start Menu\Antivirus Scan.url (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Users\hp\AppData\Local\Temp​\xrg1.exe (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Users\Public\Desktop\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\ProgramData\Microsoft\Windo​ws\Start Menu\Online Antispyware Test.url (Trojan.Zlob) -> Quarantined and deleted successfully.
 C:\Users\Public\Desktop\Antivi​rus Scan.url (Rogue.Link) -> Quarantined and deleted successfully.
 C:\Users\hp\Favorites\Antiviru​s Scan.url (Rogue.Link) -> Quarantined and deleted successfully.

(Publicité)
Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 24/11/2008 à 20:48:51  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut peyo4010


 Télécharge combofix.exe (de sUBs) sur le bureau :

 http://download.bleepingcomput [...] mboFix.exe
 http://www.techsupportforum.co [...] mboFix.exe
 http://www.forospyware.com/sUBs/ComboFix.exe

 Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
 http://forum.pcastuces.com/des [...] -f31s4.htm


 ==> Sauvegarde et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

 Double clique sur combofix.exe, clique sur OUI et valide par Entrée

 Il te sera demandé d’installer la console si elle n’est pas installer, clique sur NON

 Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

 NOTE : Le rapport se trouve également ici : C:\ Combofix.txt

 Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


 @++  :)

peyo4010
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/11/2008 à 21:33:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
ComboFix 08-11-23.02 - hp 2008-11-24 21:20:48.1 - NTFSx86

 Lancé depuis: c:\users\hp\Desktop\ComboFix.e​xe
 .

 ((((((((((((((((((((((((((((((​((((((   Autres suppressions   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .

 c:\users\hp\Documents\My Documents.url
 c:\windows\system32\ctenhmpd.i​ni
 c:\windows\system32\gonqcwjw.i​ni
 c:\windows\system32\ifpsedch.i​ni
 c:\windows\system32\jhjdpnnr.i​ni
 c:\windows\system32\mirsvkym.i​ni
 c:\windows\system32\xcjckdmt.i​ni
 c:\windows\system32\YxIiPqru.i​ni
 c:\windows\System32\YxIiPqru.i​ni2

 .
 (((((((((((((((((((((((((((((   Fichiers créés du 2008-10-24 au 2008-11-24  ))))))))))))))))))))))))))))))​))))))
 .

 2008-11-24 16:20 . 2008-11-24 16:20 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
 2008-11-24 16:20 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mb​amswissarmy.sys
 2008-11-24 16:20 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mb​am.sys
 2008-11-20 15:16 . 2007-11-02 11:47 83,496 --a------ c:\windows\System32\drivers\s9​16bus.sys
 2008-11-20 15:16 . 2007-11-02 11:47 12,200 --a------ c:\windows\System32\drivers\s9​16whnt.sys
 2008-11-20 15:16 . 2007-11-02 11:47 12,200 --a------ c:\windows\System32\drivers\s9​16wh.sys
 2008-11-16 18:10 . 2008-11-17 21:20 54,156 --ah----- c:\windows\QTFont.qfn
 2008-11-16 18:10 . 2008-11-16 18:10 1,409 --a------ c:\windows\QTFont.for
 2008-11-03 01:14 . 2008-11-13 23:57 <REP> d-------- c:\program files\Championship Manager 01-02
 2008-10-28 17:36 . 2008-10-28 17:36 <REP> d-------- c:\users\hp\AppData\Roaming\Te​mplate
 2008-10-28 17:35 . 2008-10-30 19:35 130 --a------ c:\users\hp\AppData\Roaming\wk​lnhst.dat

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2008-11-24 19:59 --------- d-----w c:\program files\Spyware Doctor
 2008-11-24 19:58 --------- d---a-w c:\programdata\TEMP
 2008-11-24 19:19 --------- d-----w c:\users\hp\AppData\Roaming\Op​enOffice.org2
 2008-11-07 22:56 --------- d-----w c:\program files\Common Files\Adobe
 2008-10-31 01:03 --------- d-----w c:\users\hp\AppData\Roaming\te​mp
 2008-10-29 13:26 --------- d-----w c:\program files\Everest Poker
 2008-10-28 13:01 --------- d-----w c:\program files\WinamaxPoker
 2008-10-22 23:00 --------- d-----w c:\program files\Ethnos4 Demo
 2008-10-22 22:53 --------- d-----w c:\program files\Common Files\Borland Shared
 2008-10-18 08:55 --------- d-----w c:\programdata\Roxio
 2008-10-16 10:08 --------- d-----w c:\users\hp\AppData\Roaming\Im​age Zone Express
 2008-09-30 19:38 36,734 ----a-w c:\windows\System32\OggDSunins​t.exe
 2008-08-06 07:44 12,884 ----a-w c:\users\hp\AppData\Roaming\nv​Modes.dat
 2008-07-31 10:30 691 ----a-w c:\users\hp\AppData\Roaming\Ge​tValue.vbs
 2008-07-31 10:30 35 ----a-w c:\users\hp\AppData\Roaming\Se​tValue.bat
 2008-07-10 07:39 174 --sha-w c:\program files\desktop.ini
 2000-10-18 10:19 57,344 --sha-w c:\windows\System32\mfc42loc.d​ll
 1995-09-20 14:16 35,088 --sha-w c:\windows\System32\msjint32.d​ll
 1995-09-20 14:13 977,680 --sha-w c:\windows\System32\msjt3032.d​ll
 1995-09-20 14:16 23,824 --sha-w c:\windows\System32\msjter32.d​ll
 1995-09-24 09:02 243,472 --sha-w c:\windows\System32\vbar2232.d​ll
 1998-05-18 01:06 368,912 --sha-w c:\windows\System32\vbar332.dl​l
 .

 ((((((((((((((((((((((((((((((​(((   Points de chargement Reg   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 .
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 REGEDIT4

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-01 1232896]
 "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
 "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
 "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetec​tor.exe" [2008-02-26 443968]
 "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.ex​e" [2003-09-29 175616]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
 "NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\RunOnce]
 "Launcher"="c:\windows\SMINST\​launcher.exe" [2006-11-07 44128]

 c:\users\hp\AppData\Roaming\Mi​crosoft\Windows\Start Menu\Programs\Startup\
 OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

 c:\programdata\Microsoft\Windo​ws\Start Menu\Programs\Startup\
 HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
 Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
 PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.ex​e [2008-04-04 2641920]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\policies\system]
 "EnableLUA"= 0 (0x0)

 [hkey_local_machine\software\mi​crosoft\windows\currentversion​\explorer\ShellExecuteHooks]
 "{88485281-8b4b-4f8d-9ede-82e2​9a064277}"= "c:\progra~1\MarkAny\CONTEN~1\​MACSMA~1.DLL" [2004-11-23 192512]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\windows]
 "AppInit_DLLs"=mbajyl.dll

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "msacm.divxa32"= divxa32.acm

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Wind​ows Defender]
 --a------ 2008-04-01 14:13 1006264 c:\program files\Windows Defender\MSASCui.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecFirewall]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Svc\S-1-5-21-757477431-1162019187-1703053298-1000]
 "EnableNotificationsRef"=dword​:00000001

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Firew​allRules]
 "{AF7F5C86-8A63-4795-9F34-DFAE​48F3A11E}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
 "{D2942D8D-E4CA-470B-9C3B-2578​8BFC32A3}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
 "{2931BB84-9E1B-49F4-822B-10B3​7050D2FF}"= c:\program files\Windows Live\Messenger\livecall.exe:Wi​ndows Live Messenger (Phone)
 "{D32A87B5-2CCC-4445-9B29-B9D7​AFF42A99}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Mi​crosoft Office OneNote
 "{52C083AF-647F-457E-9818-B64A​0A01ED5B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Mi​crosoft Office OneNote
 "TCP Query User{F45497EB-114D-423B-8999-3​B4728A78D5A}c:\\program files\\echanblard\\emule.exe"= UDP:c:\program files\echanblard\emule.exe:eCh​anblard
 "UDP Query User{FFF80B93-B170-4B7A-9C2D-3​D70003648FC}c:\\program files\\echanblard\\emule.exe"= TCP:c:\program files\echanblard\emule.exe:eCh​anblard
 "{5D78719C-3863-4E13-8EBF-015F​F96F441D}"= UDP:c:\windows\System32\muzapp​.exe:MUZ AOD APP player
 "{FC22BDDD-50B6-46A2-88AA-8062​B25D6AE4}"= TCP:c:\windows\System32\muzapp​.exe:MUZ AOD APP player
 "{C2D1499A-DC9C-494E-8D94-047D​BC692DCD}"= UDP:c:\program files\Cyanide\Pro Rugby Manager 2005\RUGBY.EXE:Pro Rugby Manager 2005
 "{10B0BA8E-95F0-4489-8019-4E57​95120F0C}"= TCP:c:\program files\Cyanide\Pro Rugby Manager 2005\RUGBY.EXE:Pro Rugby Manager 2005
 "{0207ED47-5C43-4F5D-B325-77AA​A34F9DE1}"= UDP:c:\program files\Cyanide\GameCenter\GameC​enter.exe:GameCenter
 "{7AAF3786-F057-4ED3-AE4B-A847​4E98415E}"= TCP:c:\program files\Cyanide\GameCenter\GameC​enter.exe:GameCenter
 "{3DEF6522-93D1-493B-A7C4-688A​FE5173ED}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
 "{002DF975-50DB-4E17-B816-3572​3939AB00}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
 "TCP Query User{131C0BA7-81FF-461F-A938-A​D29179244DA}c:\\users\\hp\\app​data\\local\\emule\\emule.exe"​= UDP:c:\users\hp\appdata\local\​emule\emule.exe:emule.exe
 "UDP Query User{31E98A17-E3A7-4B1D-B044-A​C900E3B89B4}c:\\users\\hp\\app​data\\local\\emule\\emule.exe"​= TCP:c:\users\hp\appdata\local\​emule\emule.exe:emule.exe
 "{BFAEB491-C5D3-4EA2-BF26-F2D9​96F1DBCA}"= c:\program files\Windows Live\Messenger\livecall.exe:Wi​ndows Live Messenger (Phone)

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Restr​ictedServices\Static\System]
 "DFSR-1"= RPort=5722|UDP:%SystemRoot%\sy​stem32\svchost.exe|Svc=DFSR:Al​low inbound TCP traffic|


 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\svchost]
 bthsvcs REG_MULTI_SZ    BthServ
 HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
 hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{0f91d25​9-ffd1-11dc-91ac-001636997e0d}​]
 \shell\Setup\command - setup.exe

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{4b7a7c7​c-44f6-11dd-81e7-001636997e0d}​]
 \shell\AutoRun\command - H:\LaunchU3.exe -a
 .
 Contenu du dossier 'Tâches planifiées'

 2008-11-04 c:\windows\Tasks\WebReg Photosmart C4100 series.job
 - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36]
 .
 - - - - ORPHELINS SUPPRIMES - - - -

 ShellExecuteHooks-{8E509EF7-62​09-4A5C-A145-22F514F51C4F} - c:\windows\system32\urqOIxXq.d​ll



 ******************************​******************************​**************

 catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2008-11-24 21:27:24
 Windows 6.0.6000  NTFS

 Recherche de processus cachés ...

 Recherche d'éléments en démarrage automatique cachés ...

 Recherche de fichiers cachés ...

 Scan terminé avec succès
 Fichiers cachés: 0

 ******************************​******************************​**************
 .
 Heure de fin: 2008-11-24 21:30:28
 ComboFix-quarantined-files.txt  2008-11-24 20:30:21
 ComboFix2.txt  2008-05-16 17:51:10

 Avant-CF: 41 931 870 208 octets libres
 Après-CF: 42,177,802,240 octets libres

 146 --- E O F --- 2008-07-15 10:54:51

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 24/11/2008 à 21:54:16  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut peyo4010


 - Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

 - Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :

 



 KillAll::

 Registry::
 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\windows]
 "AppInit_DLLs"=-




 - Enregistre ce fichier sur le bureau (Impératif)

 -Nom du fichier : CFScript.txt
 -Type du fichier : tous les fichiers

 - Clique sur Enregistrer et quitte le Bloc Notes

 Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

 - Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :

 http://images4.hiboox.com/imag​es/3408/6af2c97f0f4e497013ed9b​32fc36b566.gif

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ ComboFix.txt


 Avec ce rapport, poste moi un nouveau rapport HijackThis


 @++ :)

(Publicité)
peyo4010
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/11/2008 à 22:45:57  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
ComboFix 08-11-23.02 - hp 2008-11-24 22:21:03.2 - NTFSx86

 Lancé depuis: c:\users\hp\Desktop\ComboFix.e​xe
 Commutateurs utilisés :: c:\users\hp\Desktop\CFScript.t​xt
 .

 (((((((((((((((((((((((((((((   Fichiers créés du 2008-10-24 au 2008-11-24  ))))))))))))))))))))))))))))))​))))))
 .

 2008-11-24 21:50 . 2008-11-18 19:02 51,792 --a------ c:\windows\System32\drivers\as​wMonFlt.sys
 2008-11-24 16:20 . 2008-11-24 16:20 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
 2008-11-24 16:20 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mb​amswissarmy.sys
 2008-11-24 16:20 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mb​am.sys
 2008-11-20 15:16 . 2007-11-02 11:47 83,496 --a------ c:\windows\System32\drivers\s9​16bus.sys
 2008-11-20 15:16 . 2007-11-02 11:47 12,200 --a------ c:\windows\System32\drivers\s9​16whnt.sys
 2008-11-20 15:16 . 2007-11-02 11:47 12,200 --a------ c:\windows\System32\drivers\s9​16wh.sys
 2008-11-16 18:10 . 2008-11-17 21:20 54,156 --ah----- c:\windows\QTFont.qfn
 2008-11-16 18:10 . 2008-11-16 18:10 1,409 --a------ c:\windows\QTFont.for
 2008-11-03 01:14 . 2008-11-13 23:57 <REP> d-------- c:\program files\Championship Manager 01-02
 2008-10-28 17:36 . 2008-10-28 17:36 <REP> d-------- c:\users\hp\AppData\Roaming\Te​mplate
 2008-10-28 17:35 . 2008-10-30 19:35 130 --a------ c:\users\hp\AppData\Roaming\wk​lnhst.dat

 .
 ((((((((((((((((((((((((((((((​((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 2008-11-24 21:31 --------- d---a-w c:\programdata\TEMP
 2008-11-24 20:51 --------- d-----w c:\users\hp\AppData\Roaming\Op​enOffice.org2
 2008-11-24 20:41 --------- d-----w c:\program files\Spyware Doctor
 2008-11-07 22:56 --------- d-----w c:\program files\Common Files\Adobe
 2008-10-31 01:03 --------- d-----w c:\users\hp\AppData\Roaming\te​mp
 2008-10-29 13:26 --------- d-----w c:\program files\Everest Poker
 2008-10-28 13:01 --------- d-----w c:\program files\WinamaxPoker
 2008-10-22 23:00 --------- d-----w c:\program files\Ethnos4 Demo
 2008-10-22 22:53 --------- d-----w c:\program files\Common Files\Borland Shared
 2008-10-18 08:55 --------- d-----w c:\programdata\Roxio
 2008-10-16 10:08 --------- d-----w c:\users\hp\AppData\Roaming\Im​age Zone Express
 2008-09-30 19:38 36,734 ----a-w c:\windows\System32\OggDSunins​t.exe
 2008-08-06 07:44 12,884 ----a-w c:\users\hp\AppData\Roaming\nv​Modes.dat
 2008-07-31 10:30 691 ----a-w c:\users\hp\AppData\Roaming\Ge​tValue.vbs
 2008-07-31 10:30 35 ----a-w c:\users\hp\AppData\Roaming\Se​tValue.bat
 2008-07-10 07:39 174 --sha-w c:\program files\desktop.ini
 2000-10-18 10:19 57,344 --sha-w c:\windows\System32\mfc42loc.d​ll
 1995-09-20 14:16 35,088 --sha-w c:\windows\System32\msjint32.d​ll
 1995-09-20 14:13 977,680 --sha-w c:\windows\System32\msjt3032.d​ll
 1995-09-20 14:16 23,824 --sha-w c:\windows\System32\msjter32.d​ll
 1995-09-24 09:02 243,472 --sha-w c:\windows\System32\vbar2232.d​ll
 1998-05-18 01:06 368,912 --sha-w c:\windows\System32\vbar332.dl​l
 .

 (((((((((((((((((((((((((((((   snapshot@2008-11-24_21.28.24,8​3   ))))))))))))))))))))))))))))))​)))))))))))
 .
 - 2008-11-24 20:27:27 262,144 --sha-w c:\windows\ServiceProfiles\Loc​alService\ntuser.dat
 + 2008-11-24 21:30:11 262,144 --sha-w c:\windows\ServiceProfiles\Loc​alService\ntuser.dat
 + 2008-11-24 21:30:11 262,144 ---ha-w c:\windows\ServiceProfiles\Loc​alService\ntuser.dat.LOG1
 - 2008-11-24 20:27:22 262,144 --sha-w c:\windows\ServiceProfiles\Net​workService\ntuser.dat
 + 2008-11-24 21:30:11 262,144 --sha-w c:\windows\ServiceProfiles\Net​workService\ntuser.dat
 + 2008-11-24 21:30:11 262,144 ---ha-w c:\windows\ServiceProfiles\Net​workService\ntuser.dat.LOG1
 + 2008-11-18 17:41:38 1,233,112 ----a-w c:\windows\System32\aswBoot.ex​e
 + 2008-11-18 17:35:22 97,480 ----a-w c:\windows\System32\AvastSS.sc​r
 - 2008-11-24 19:44:28 16,384 --sha-w c:\windows\System32\config\sys​temprofile\AppData\Local\Micro​soft\Windows\History\History.I​E5\index.dat
 + 2008-11-24 21:30:13 16,384 --sha-w c:\windows\System32\config\sys​temprofile\AppData\Local\Micro​soft\Windows\History\History.I​E5\index.dat
 - 2008-11-24 19:44:28 32,768 --sha-w c:\windows\System32\config\sys​temprofile\AppData\Local\Micro​soft\Windows\Temporary Internet Files\Content.IE5\index.dat
 + 2008-11-24 21:30:13 32,768 --sha-w c:\windows\System32\config\sys​temprofile\AppData\Local\Micro​soft\Windows\Temporary Internet Files\Content.IE5\index.dat
 - 2008-11-24 19:44:28 16,384 --sha-w c:\windows\System32\config\sys​temprofile\AppData\Roaming\Mic​rosoft\Windows\Cookies\index.d​at
 + 2008-11-24 21:30:13 16,384 --sha-w c:\windows\System32\config\sys​temprofile\AppData\Roaming\Mic​rosoft\Windows\Cookies\index.d​at
 - 2008-11-24 20:15:21 262,144 ----a-w c:\windows\System32\config\sys​temprofile\ntuser.dat
 + 2008-11-24 20:40:33 262,144 ----a-w c:\windows\System32\config\sys​temprofile\ntuser.dat
 + 2008-11-24 20:40:33 262,144 ---ha-w c:\windows\System32\config\sys​temprofile\ntuser.dat.LOG1
 + 2008-11-18 18:02:43 20,560 ----a-w c:\windows\System32\drivers\as​wFsBlk.sys
 + 2008-11-18 18:01:09 23,152 ----a-w c:\windows\System32\drivers\as​wRdr.sys
 + 2008-11-18 18:03:33 110,160 ----a-w c:\windows\System32\drivers\as​wSP.sys
 + 2008-11-18 18:01:23 50,864 ----a-w c:\windows\System32\drivers\as​wTdi.sys
 - 2008-11-20 21:47:42 103,924 ----a-w c:\windows\System32\perfc009.d​at
 + 2008-11-24 20:47:31 103,924 ----a-w c:\windows\System32\perfc009.d​at
 - 2008-11-20 21:47:42 117,572 ----a-w c:\windows\System32\perfc00C.d​at
 + 2008-11-24 20:47:31 117,572 ----a-w c:\windows\System32\perfc00C.d​at
 - 2008-11-20 21:47:42 610,142 ----a-w c:\windows\System32\perfh009.d​at
 + 2008-11-24 20:47:31 610,142 ----a-w c:\windows\System32\perfh009.d​at
 - 2008-11-20 21:47:42 690,832 ----a-w c:\windows\System32\perfh00C.d​at
 + 2008-11-24 20:47:31 690,832 ----a-w c:\windows\System32\perfh00C.d​at
 - 2008-11-24 19:21:35 8,270 ----a-w c:\windows\System32\WDI\{86432​a0b-3c7d-4ddf-a89c-172faa90485​d}\S-1-5-21-757477431-11620191​87-1703053298-1000_UserData.bi​n
 + 2008-11-24 21:03:19 8,270 ----a-w c:\windows\System32\WDI\{86432​a0b-3c7d-4ddf-a89c-172faa90485​d}\S-1-5-21-757477431-11620191​87-1703053298-1000_UserData.bi​n
 - 2008-11-24 19:21:35 105,378 ----a-w c:\windows\System32\WDI\BootPe​rformanceDiagnostics_SystemDat​a.bin
 + 2008-11-24 21:03:18 105,494 ----a-w c:\windows\System32\WDI\BootPe​rformanceDiagnostics_SystemDat​a.bin
 - 2008-11-24 19:21:07 50,668 ----a-w c:\windows\System32\WDI\Shutdo​wnPerformanceDiagnostics_Syste​mData.bin
 + 2008-11-24 21:03:10 50,878 ----a-w c:\windows\System32\WDI\Shutdo​wnPerformanceDiagnostics_Syste​mData.bin
 .
 -- Instantané actualisé --
 .
 ((((((((((((((((((((((((((((((​(((   Points de chargement Reg   ))))))))))))))))))))))))))))))​))))))))))))))))))
 .
 .
 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
 REGEDIT4

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-04-01 1232896]
 "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
 "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
 "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetec​tor.exe" [2008-02-26 443968]
 "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.ex​e" [2003-09-29 175616]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-08-25 1168264]
 "NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\RunOnce]
 "Launcher"="c:\windows\SMINST\​launcher.exe" [2006-11-07 44128]

 c:\users\hp\AppData\Roaming\Mi​crosoft\Windows\Start Menu\Programs\Startup\
 OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

 c:\programdata\Microsoft\Windo​ws\Start Menu\Programs\Startup\
 HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
 Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
 PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.ex​e [2008-04-04 2641920]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows\currentversion​\policies\system]
 "EnableLUA"= 0 (0x0)

 [hkey_local_machine\software\mi​crosoft\windows\currentversion​\explorer\ShellExecuteHooks]
 "{88485281-8b4b-4f8d-9ede-82e2​9a064277}"= "c:\progra~1\MarkAny\CONTEN~1\​MACSMA~1.DLL" [2004-11-23 192512]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "msacm.divxa32"= divxa32.acm

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\shared tools\msconfig\startupreg\Wind​ows Defender]
 --a------ 2008-04-01 14:13 1006264 c:\program files\Windows Defender\MSASCui.exe

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecAntiVirus]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Monitoring\SymantecFirewall]
 "DisableMonitoring"=dword:0000​0001

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\security center\Svc\S-1-5-21-757477431-1162019187-1703053298-1000]
 "EnableNotificationsRef"=dword​:00000001

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Firew​allRules]
 "{AF7F5C86-8A63-4795-9F34-DFAE​48F3A11E}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
 "{D2942D8D-E4CA-470B-9C3B-2578​8BFC32A3}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
 "{2931BB84-9E1B-49F4-822B-10B3​7050D2FF}"= c:\program files\Windows Live\Messenger\livecall.exe:Wi​ndows Live Messenger (Phone)
 "{D32A87B5-2CCC-4445-9B29-B9D7​AFF42A99}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Mi​crosoft Office OneNote
 "{52C083AF-647F-457E-9818-B64A​0A01ED5B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Mi​crosoft Office OneNote
 "TCP Query User{F45497EB-114D-423B-8999-3​B4728A78D5A}c:\\program files\\echanblard\\emule.exe"= UDP:c:\program files\echanblard\emule.exe:eCh​anblard
 "UDP Query User{FFF80B93-B170-4B7A-9C2D-3​D70003648FC}c:\\program files\\echanblard\\emule.exe"= TCP:c:\program files\echanblard\emule.exe:eCh​anblard
 "{5D78719C-3863-4E13-8EBF-015F​F96F441D}"= UDP:c:\windows\System32\muzapp​.exe:MUZ AOD APP player
 "{FC22BDDD-50B6-46A2-88AA-8062​B25D6AE4}"= TCP:c:\windows\System32\muzapp​.exe:MUZ AOD APP player
 "{C2D1499A-DC9C-494E-8D94-047D​BC692DCD}"= UDP:c:\program files\Cyanide\Pro Rugby Manager 2005\RUGBY.EXE:Pro Rugby Manager 2005
 "{10B0BA8E-95F0-4489-8019-4E57​95120F0C}"= TCP:c:\program files\Cyanide\Pro Rugby Manager 2005\RUGBY.EXE:Pro Rugby Manager 2005
 "{0207ED47-5C43-4F5D-B325-77AA​A34F9DE1}"= UDP:c:\program files\Cyanide\GameCenter\GameC​enter.exe:GameCenter
 "{7AAF3786-F057-4ED3-AE4B-A847​4E98415E}"= TCP:c:\program files\Cyanide\GameCenter\GameC​enter.exe:GameCenter
 "{3DEF6522-93D1-493B-A7C4-688A​FE5173ED}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
 "{002DF975-50DB-4E17-B816-3572​3939AB00}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
 "TCP Query User{131C0BA7-81FF-461F-A938-A​D29179244DA}c:\\users\\hp\\app​data\\local\\emule\\emule.exe"​= UDP:c:\users\hp\appdata\local\​emule\emule.exe:emule.exe
 "UDP Query User{31E98A17-E3A7-4B1D-B044-A​C900E3B89B4}c:\\users\\hp\\app​data\\local\\emule\\emule.exe"​= TCP:c:\users\hp\appdata\local\​emule\emule.exe:emule.exe
 "{BFAEB491-C5D3-4EA2-BF26-F2D9​96F1DBCA}"= c:\program files\Windows Live\Messenger\livecall.exe:Wi​ndows Live Messenger (Phone)

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\Restr​ictedServices\Static\System]
 "DFSR-1"= RPort=5722|UDP:%SystemRoot%\sy​stem32\svchost.exe|Svc=DFSR:Al​low inbound TCP traffic|


 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\svchost]
 bthsvcs REG_MULTI_SZ    BthServ
 HPZ12 REG_MULTI_SZ    Pml Driver HPZ12 Net Driver HPZ12
 hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{0f91d25​9-ffd1-11dc-91ac-001636997e0d}​]
 \shell\Setup\command - setup.exe

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{4b7a7c7​c-44f6-11dd-81e7-001636997e0d}​]
 \shell\AutoRun\command - H:\LaunchU3.exe -a
 .
 Contenu du dossier 'Tâches planifiées'

 2008-11-04 c:\windows\Tasks\WebReg Photosmart C4100 series.job
 - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36]
 .

 ******************************​******************************​**************

 catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2008-11-24 22:30:22
 Windows 6.0.6000  NTFS

 Recherche de processus cachés ...

 Recherche d'éléments en démarrage automatique cachés ...

 Recherche de fichiers cachés ...

 Scan terminé avec succès
 Fichiers cachés: 0

 ******************************​******************************​**************
 .
 --------------------- DLLs chargées dans les processus actifs ---------------------

 - - - - - - - > 'Explorer.exe'(2440)
 c:\windows\system32\ieframe.dl​l
 .
 ------------------------ Autres processus actifs ------------------------
 .
 c:\windows\System32\audiodg.ex​e
 c:\program files\Alwil Software\Avast4\aswUpdSv.exe
 c:\program files\Alwil Software\Avast4\ashServ.exe
 c:\program files\OpenOffice.org 2.3\program\soffice.exe
 c:\program files\OpenOffice.org 2.3\program\soffice.bin
 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 c:\program files\Common Files\LightScribe\LSSrvc.exe
 c:\program files\Spyware Doctor\pctsAuxs.exe
 c:\program files\Spyware Doctor\pctsSvc.exe
 c:\windows\System32\WUDFHost.e​xe
 c:\windows\System32\drivers\XA​udio.exe
 c:\program files\Alwil Software\Avast4\ashMaiSv.exe
 c:\program files\Alwil Software\Avast4\ashWebSv.exe
 c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
 c:\windows\System32\conime.exe
 .
 ******************************​******************************​**************
 .
 Heure de fin: 2008-11-24 22:39:41 - La machine a redémarré
 ComboFix-quarantined-files.txt  2008-11-24 21:39:13
 ComboFix2.txt  2008-11-24 20:30:31
 ComboFix3.txt  2008-05-16 17:51:10

 Avant-CF: 41 938 841 600 octets libres
 Après-CF: 41,934,708,736 octets libres

 197 --- E O F --- 2008-07-15 10:54:51

peyo4010
Présent de temps en temps (De 50 à 99 messages postés)
  1. Posté le 24/11/2008 à 22:46:37  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 22:46:28, on 24/11/2008
 Platform: Windows Vista  (WinNT 6.00.1904)
 MSIE: Internet Explorer v7.00 (7.00.6000.16681)
 Boot mode: Normal

 Running processes:
 C:\Windows\System32\smss.exe
 C:\Windows\system32\csrss.exe
 C:\Windows\system32\wininit.ex​e
 C:\Windows\system32\csrss.exe
 C:\Windows\system32\services.e​xe
 C:\Windows\system32\lsass.exe
 C:\Windows\system32\lsm.exe
 C:\Windows\system32\winlogon.e​xe
 C:\Windows\system32\svchost.ex​e
 C:\Windows\system32\svchost.ex​e
 C:\Windows\System32\svchost.ex​e
 C:\Windows\System32\svchost.ex​e
 C:\Windows\system32\svchost.ex​e
 C:\Windows\system32\SLsvc.exe
 C:\Windows\system32\svchost.ex​e
 C:\Windows\system32\svchost.ex​e
 C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 C:\Windows\system32\Dwm.exe
 C:\Program Files\Alwil Software\Avast4\ashServ.exe
 C:\Windows\System32\spoolsv.ex​e
 C:\Windows\system32\taskeng.ex​e
 C:\Windows\system32\svchost.ex​e
 C:\Program Files\Spyware Doctor\pctsTray.exe
 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
 C:\Program Files\Windows Sidebar\sidebar.exe
 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
 C:\Program Files\DAEMON Tools Lite\daemon.exe
 C:\Windows\system32\taskeng.ex​e
 C:\Program Files\Picasa2\PicasaMediaDetec​tor.exe
 C:\Program Files\PDFCreator\PDFCreator.ex​e
 C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
 C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 C:\Windows\system32\svchost.ex​e
 C:\Windows\system32\svchost.ex​e
 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
 C:\Windows\System32\svchost.ex​e
 C:\Windows\System32\svchost.ex​e
 C:\Windows\system32\svchost.ex​e
 C:\Program Files\Spyware Doctor\pctsAuxs.exe
 C:\Program Files\Spyware Doctor\pctsSvc.exe
 C:\Windows\system32\svchost.ex​e
 C:\Windows\System32\svchost.ex​e
 C:\Windows\system32\SearchInde​xer.exe
 C:\Windows\system32\WUDFHost.e​xe
 C:\Windows\system32\DRIVERS\xa​udio.exe
 C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
 C:\Windows\system32\conime.exe
 C:\Windows\system32\wuauclt.ex​e
 C:\Windows\Explorer.exe
 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
 C:\Program Files\Internet Explorer\iexplore.exe
 C:\Windows\system32\taskeng.ex​e
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://www.google.fr/
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Default_Search_U​RL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://lo.st
 R0 - HKCU\Software\Microsoft\Intern​et Explorer\Toolbar,LinksFolderNa​me =
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv​.dll
 O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-51647​60863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - c:\program files\google\googletoolbar2.dl​l
 O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51​AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_To​olbar.dll
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - c:\program files\google\googletoolbar2.dl​l
 O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D​952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_To​olbar.dll
 O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
 O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
 O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
 O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
 O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
 O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
 O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetec​tor.exe
 O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e"
 O4 - HKUS\S-1-5-21-757477431-116201​9187-1703053298-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
 O4 - HKUS\S-1-5-21-757477431-116201​9187-1703053298-1000\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User '?')
 O4 - HKUS\S-1-5-21-757477431-116201​9187-1703053298-1000\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun (User '?')
 O4 - HKUS\S-1-5-21-757477431-116201​9187-1703053298-1000\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetec​tor.exe (User '?')
 O4 - HKUS\S-1-5-21-757477431-116201​9187-1703053298-1000\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.ex​e" (User '?')
 O4 - S-1-5-21-757477431-1162019187-​1703053298-1000 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User '?')
 O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
 O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
 O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
 O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.ex​e
 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Off​ice12\EXCEL.EXE/3000
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\b​in\ssv.dll
 O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\b​in\ssv.dll
 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663E​E0C6C49} - C:\PROGRA~1\MICROS~3\Office12\​ONBttnIE.dll
 O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663E​E0C6C49} - C:\PROGRA~1\MICROS~3\Office12\​ONBttnIE.dll
 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C5​71A8263} - C:\PROGRA~1\MICROS~3\Office12\​REFIEBAR.DLL
 O13 - Gopher Prefix:
 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05C​B959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w [...] dfr-fr.cab
 O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
 O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
 O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
 O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
 O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\C​LCapSvc.exe
 O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\C​LSched.exe
 O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
 O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\h​pqwmiex.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\I​ntel 32\IDriverT.exe
 O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
 O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
 O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingServ​ice.exe
 O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaD​B9.exe
 O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
 O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
 O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
 O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xa​udio.exe

 --
 End of file - 9568 bytes

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 25/11/2008 à 02:08:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut peyo4010


 Double clique sur le raccourci d'HijackThis sur ton Bureau, clique sur Do a scan system only coche la case devant la(les) ligne(s) suivante(s)

 R0 - HKLM\Software\Microsoft\Intern​et Explorer\Main,Start Page = http://lo.st


 - Ferme les fenêtres en cours sauf HijackThis, clique sur Fix checked

 - Quitte HijackThis


 -----


 Fais un scan en ligne ici http://webscanner.kaspersky.fr/ (A faire avec Internet Explorer)

 - Désactive ton Antivirus avant le scan
 - En bas à droite clique sur Démarrer Online-scanner dans la nouvelle fenêtre qui s'affiche clique sur J'accepte
 - Accepte les Contrôle ActivX

 - Choisis Poste de travail pour le scan. Celui-ci terminé clique sur Enregistrer rapport sous (Choisis fichier texte)
 - Poste le rapport

 - Pour t'aider à utiliser le scan en ligne http://forum.pcastuces.com/kas [...] f31s10.htm
 - Si tu as un probléme pour l'installation du Contrôle ActivX lis ceci http://www.inoculer.com/activex.php3


 NOTE : Si tu reçoit le message "La licence de Kaspersky On-line Scanner est périmée"
 Via Ajout/Suppression de programmes supprime Kaspersky Online Scanner et refaire l’installation.


 @++  :)

(Publicité)
 Page :
1

Aller à :
 

Sujets relatifs
spywares Infectés par Adw_Keygenax+Crck_Tuneup.A+Troj_Vmkiller.B
fichiers infectés fichiers infectés
Problèmes non résolus avec des fichiers suspects ou infectés Pc + clé usb infectés [résolu]
Mes onglets d'explorateurs internet infectés Infectés par 2 trojans : quelq'un peut m'aider ??
Rundll32.exe 0xc0000005/restore : infectés par des trojans Fichier infectés par WIN32: Rootkit-gen
Plus de sujets relatifs à : infectés de spywares ?

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
Contacts msn effacés+mail à mes contacts 5
Je pense être que mon PC est infecté par un spyware 6
(Résolu)De nouveaux ! 38
gadcom 16
Ecran bleu avertissement spyware + divers problèmes 33