Log hijackthis infection... générale ???

Résolu
FABTOUR Messages postés 9 Statut Membre -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
alors là, j'ai la totale... je crois
j'ai passé un coup de navilog, vu que le pc avait récupérer skinner (vu mon dernier message) mais ca n'a pas suffit....

Donc, je reprends depuis le début, avec un log hitjackthis...
Logfile of HijackThis v1.99.1
Scan saved at 22:16:00, on 30/11/2007
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\test.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
O4 - HKLM\..\Run: [SA] C:\Program Files\Logitech\QuickCam\SA3.EXE
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [LVComs] C:\WINNT\System32\LVComS.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe
O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
O4 - HKLM\..\RunServices: [secures23] mssecure.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

si qq'un peut me donner un coup de main,

Merci d'avance

8 réponses

  1. g!rly Messages postés 18462 Statut Contributeur 407
     
    salut,

    tu as fais l´option deux avec navilog ?

    post le rapport

    puis fais ceci :

    Télécharge combofix.exe (par sUBs) sur ton Bureau.

    -> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    0
  2. FABTOUR Messages postés 9 Statut Membre
     
    j'ai effectivement fait l'option 1 et 2 de navilog

    Ci dessous rapport combofix :
    ComboFix 07-11-19.4C - Administrateur 2007-11-30 22:50:53.2 - NTFSx86 MINIMAL
    Microsoft Windows 2000 Professionnel 5.0.2195.3.1252.1.1036.18.163 [GMT 1:00]
    Running from: C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner\Conditions générales.lnk
    .
    ---- Previous Run -------
    .
    C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner
    C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner\Confidentialité.lnk
    C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner\MessengerSkinner.lnk
    C:\Documents and Settings\Administrateur.DC846CB79DB3494\Menu Démarrer\Programmes\MessengerSkinner\Website.lnk

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-30 22:55 16,384 --a----t- C:\WINNT\system32\Perflib_Perfdata_530.dat
    2007-11-30 21:51 17,920 --a------ C:\WINNT\system32\reg.exe
    2007-11-30 21:50 <DIR> d-------- C:\Program Files\Navilog1
    2007-11-17 21:23 58,952 --a------ C:\WINNT\system32\MsgPlusLoader.dll
    2007-11-07 20:39 <DIR> d-------- C:\Program Files\Spyware-Secure

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-30 20:57 --------- d-----w C:\Program Files\Google
    2007-11-30 19:34 --------- d-----w C:\Program Files\Creative
    2007-11-24 13:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-28 15:43 --------- d-----w C:\Program Files\eMule
    2007-09-18 17:50 60,800 ----a-w C:\WINNT\system32\S32EVNT1.DLL
    2007-09-03 15:30 1,868,944 ----a-w C:\WINNT\system32\RSA32_16.DLL
    2007-08-27 15:13 537,992 ----a-w C:\WINNT\system32\SymNeti.dll
    2007-08-27 15:13 161,160 ----a-w C:\WINNT\system32\SymRedir.dll
    2006-02-11 16:12 271 ---h--w C:\Program Files\desktop.ini
    2006-02-11 16:12 22,115 ---h--w C:\Program Files\folder.htt
    2002-08-02 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "internat.exe"="internat.exe" [02-08-02 01:00 C:\WINNT\system32\internat.exe]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [07-09-04 22:40 ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [02-08-02 01:00 C:\WINNT\system32\mobsync.exe]
    "SoundMan"="SOUNDMAN.EXE" [06-01-17 19:47 C:\WINNT\soundman.exe]
    "NvCplDaemon"="RUNDLL32.exe" [02-08-02 01:00 C:\WINNT\system32\rundll32.exe]
    "NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [01-07-09 10:50 ]
    "msnappau"="C:\Program Files\MSN Apps\Updater\[u]0[/u]1.03.0000.1005\fr\msnappau.exe" [04-08-13 17:41 ]
    "SA"="C:\Program Files\Logitech\QuickCam\SA3.EXE" []
    "DXM6Patch_981116"="C:\WINNT\p_981116.exe" [98-11-30 18:04 ]
    "LVComs"="C:\WINNT\System32\LVComS.exe" [00-02-02 11:56 ]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [04-10-15 19:40 ]
    "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [04-07-30 11:04 ]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [06-04-28 11:27 ]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [06-03-24 19:30 ]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [07-02-22 12:08 ]
    "SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [04-11-10 11:57 ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 02:43 ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "winsystems25"="winsystems.exe" []
    "msconfig38"="mssvcc.exe" []
    "secures23"="mssecure.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "internat.exe"="internat.exe" [02-08-02 01:00 C:\WINNT\system32\internat.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [02-08-02 01:00 ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=MsgPlusLoader.dll

    *Newly Created Service* - IPNAT
    *Newly Created Service* - RASAUTO
    *Newly Created Service* - SHAREDACCESS
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-11-02 22:23:23 C:\WINNT\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Administrateur.job"
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-30 22:58:05
    Windows 5.0.2195 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-11-30 23:04:00 - machine was rebooted
    .
    --- E O F ---

    Merci de votre aide
    0
  3. g!rly Messages postés 18462 Statut Contributeur 407
     
    re,

    fais ceci

    Copie le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINNT\system32\reg.exe
    C:\WINNT\system32\Perflib_Perfdata_530.dat

    Folder::
    C:\Program Files\Spyware-Secure
    C:\Program Files\Navilog1

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    Télécharge HijackThis ici :

    -> https://www.zebulon.fr/telechargements/securite/systeme/hijackthis.html

    Tutoriel d´installation (images) :

    -> http://pchelpbordeaux.free.fr/tuto.html

    Tutoriel d´utilisation (video) :

    -> http://pageperso.aol.fr/balltrap34/demohijack.htm

    Post le rapport généré ici stp...
    0
  4. FABTOUR Messages postés 9 Statut Membre
     
    alors voilà, j'ai fait tout ce que tu m'as dit...
    Les rapports sont ci-dessous :

    Rapport combofix :

    ComboFix 07-11-19.4C - Administrateur 30/11/2007 23:59:38.3 - NTFSx86
    Microsoft Windows 2000 Professionnel 5.0.2195.3.1252.1.1036.18.94 [GMT 1:00]
    Running from: C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\CFScript.txt

    FILE
    C:\WINNT\system32\Perflib_Perfdata_530.dat
    C:\WINNT\system32\reg.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Navilog1
    C:\Program Files\Navilog1\Backupnavi\backup_registry.dat
    C:\Program Files\Navilog1\Backupnavi\npwnbs.dat
    C:\Program Files\Navilog1\Backupnavi\npwnbs.exe
    C:\Program Files\Navilog1\Backupnavi\npwnbs_nav.dat
    C:\Program Files\Navilog1\Backupnavi\npwnbs_navps.dat
    C:\Program Files\Navilog1\Backupnavi\vomcuuikz.exe
    C:\Program Files\Navilog1\Backupnavi\xjrwxv.dat
    C:\Program Files\Navilog1\Backupnavi\xjrwxv_nav.dat
    C:\Program Files\Navilog1\Backupnavi\xjrwxv_navps.dat
    C:\Program Files\Navilog1\catchme.exe
    C:\Program Files\Navilog1\GetPaths.exe
    C:\Program Files\Navilog1\gnc.exe
    C:\Program Files\Navilog1\navilog1.bat
    C:\Program Files\Navilog1\Process.exe
    C:\Program Files\Navilog1\reboot.exe
    C:\Program Files\Navilog1\reg.exe
    C:\Program Files\Navilog1\regnavi.reg
    C:\Program Files\Navilog1\traite.bat
    C:\Program Files\Navilog1\unins000.dat
    C:\Program Files\Navilog1\unins000.exe
    C:\Program Files\Spyware-Secure
    C:\Program Files\Spyware-Secure\config.s3db
    C:\Program Files\Spyware-Secure\Gfx_fr.bin
    C:\Program Files\Spyware-Secure\guid
    C:\Program Files\Spyware-Secure\help\help_Full_FR.zip
    C:\Program Files\Spyware-Secure\help\help_Full_FR\explo_intro.htm
    C:\Program Files\Spyware-Secure\help\help_Full_FR\explo_menu.htm
    C:\Program Files\Spyware-Secure\help\help_Full_FR\file.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\folder.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\folder_f.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\folder_o.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\images\fleche.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\images\folder.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\dowload-file-antispyware.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\menu.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\images\FR\scstep2.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\images\key.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\images\menu.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\images\support.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\images\title-hepfile.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\index.htm
    C:\Program Files\Spyware-Secure\help\help_Full_FR\menu3.js
    C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\3differentscan.htm
    C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\contactus.htm
    C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\found-objects.htm
    C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\lexic.htm
    C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\navigtabs.htm
    C:\Program Files\Spyware-Secure\help\help_Full_FR\rubs\quarantine.htm
    C:\Program Files\Spyware-Secure\help\help_Full_FR\spy.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_coud.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_droit.gif
    C:\Program Files\Spyware-Secure\help\help_Full_FR\trait_vert.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\title-hepfile.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\3differentscan.htm
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\contactus.htm
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\found-objects.htm
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\lexic.htm
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\navigtabs.htm
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\quarantine.htm
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\register.htm
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_coud.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_droit.gif
    C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_vert.gif
    C:\Program Files\Spyware-Secure\language
    C:\Program Files\Spyware-Secure\Launcher.exe
    C:\Program Files\Spyware-Secure\nbmw
    C:\Program Files\Spyware-Secure\quarantine.s3db
    C:\Program Files\Spyware-Secure\resources\cookies_1-10.dat
    C:\Program Files\Spyware-Secure\resources\filesDesc_1-10.dat
    C:\Program Files\Spyware-Secure\resources\filesDesc_1-10.dic
    C:\Program Files\Spyware-Secure\resources\filesExt_1-10.dat
    C:\Program Files\Spyware-Secure\resources\filesMulti_1-10.idx
    C:\Program Files\Spyware-Secure\resources\filesSimple_1-10.idx
    C:\Program Files\Spyware-Secure\resources\malwaresDB_1-10
    C:\Program Files\Spyware-Secure\resources\register_1-10.dat
    C:\Program Files\Spyware-Secure\serial
    C:\Program Files\Spyware-Secure\skin
    C:\Program Files\Spyware-Secure\Spyware-Secure.url
    C:\Program Files\Spyware-Secure\Spyware-Secure_repaironce.exe
    C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
    C:\Program Files\Spyware-Secure\sqlite3.dll
    C:\Program Files\Spyware-Secure\uninst.exe
    C:\Program Files\Spyware-Secure\unrar.dll
    C:\WINNT\system32\reg.exe

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-17 21:23 58,952 --a------ C:\WINNT\system32\MsgPlusLoader.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-30 20:57 --------- d-----w C:\Program Files\Google
    2007-11-30 19:34 --------- d-----w C:\Program Files\Creative
    2007-11-24 13:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-28 15:43 --------- d-----w C:\Program Files\eMule
    2007-09-18 17:50 60,800 ----a-w C:\WINNT\system32\S32EVNT1.DLL
    2007-09-03 15:30 1,868,944 ----a-w C:\WINNT\system32\RSA32_16.DLL
    2007-08-27 15:13 537,992 ----a-w C:\WINNT\system32\SymNeti.dll
    2007-08-27 15:13 161,160 ----a-w C:\WINNT\system32\SymRedir.dll
    2006-02-11 16:12 271 ---h--w C:\Program Files\desktop.ini
    2006-02-11 16:12 22,115 ---h--w C:\Program Files\folder.htt
    2002-08-02 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "internat.exe"="internat.exe" [02-08-02 01:00 C:\WINNT\system32\internat.exe]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [07-09-04 22:40 ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [02-08-02 01:00 C:\WINNT\system32\mobsync.exe]
    "SoundMan"="SOUNDMAN.EXE" [06-01-17 19:47 C:\WINNT\soundman.exe]
    "NvCplDaemon"="RUNDLL32.exe" [02-08-02 01:00 C:\WINNT\system32\rundll32.exe]
    "NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [01-07-09 10:50 ]
    "msnappau"="C:\Program Files\MSN Apps\Updater\[u]0[/u]1.03.0000.1005\fr\msnappau.exe" [04-08-13 17:41 ]
    "SA"="C:\Program Files\Logitech\QuickCam\SA3.EXE" []
    "DXM6Patch_981116"="C:\WINNT\p_981116.exe" [98-11-30 18:04 ]
    "LVComs"="C:\WINNT\System32\LVComS.exe" [00-02-02 11:56 ]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [04-10-15 19:40 ]
    "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [04-07-30 11:04 ]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [06-04-28 11:27 ]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [06-03-24 19:30 ]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [07-02-22 12:08 ]
    "SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [04-11-10 11:57 ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [07-03-14 02:43 ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "winsystems25"="winsystems.exe" []
    "msconfig38"="mssvcc.exe" []
    "secures23"="mssecure.exe" []

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "internat.exe"="internat.exe" [02-08-02 01:00 C:\WINNT\system32\internat.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [02-08-02 01:00 ]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=MsgPlusLoader.dll

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-11-02 22:23:23 C:\WINNT\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Administrateur.job"
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-01 00:10:31
    Windows 5.0.2195 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-12-01 0:14:16 - machine was rebooted
    C:\ComboFix2.txt ... 07-11-30 23:04
    .
    --- E O F ---

    Rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:16:20, on 01/12/2007
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\SOUNDMAN.EXE
    C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
    C:\WINNT\System32\LVComS.exe
    C:\PROGRA~1\Sygate\SPF\smc.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\HijackThis.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
    C:\WINNT\system32\svchost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
    O4 - HKLM\..\Run: [SA] C:\Program Files\Logitech\QuickCam\SA3.EXE
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] C:\WINNT\System32\LVComS.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\RunServices: [winsystems25] winsystems.exe
    O4 - HKLM\..\RunServices: [msconfig38] mssvcc.exe
    O4 - HKLM\..\RunServices: [secures23] mssecure.exe
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. g!rly Messages postés 18462 Statut Contributeur 407
     
    les erreures tu les as depuis quand?

    as tu installé messenger plus avec le sponssor?

    Copie le texte se situant dans le cadre ci-dessous :

    File::
    C:\WINNT\system32\winsystems.exe
    C:\WINNT\system32\mssvcc.exe
    C:\WINNT\system32\mssecure.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "winsystems25"=-
    "msconfig38"=-
    "secures23"=-

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.
    0
  7. FABTOUR Messages postés 9 Statut Membre
     
    re,
    alors les messages, je les ai depuis un p'tit moment...
    Quant à messenger, pas moi qui l'ai installer, j'peux pas te répondre comme ça (Si tu as une mainip pour trouver la réponse, give me it, et je le ferai)
    Autrement, les derniers rapports en date : ...

    combofix :

    ComboFix 07-11-19.4C - Administrateur 01/12/2007 0:55:37.4 - NTFSx86
    Microsoft Windows 2000 Professionnel 5.0.2195.3.1252.1.1036.18.71 [GMT 1:00]
    Running from: C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\ComboFix.exe
    Command switches used :: F:\CFScript.txt

    FILE
    C:\WINNT\system32\mssecure.exe
    C:\WINNT\system32\mssvcc.exe
    C:\WINNT\system32\winsystems.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-10-28 to 2007-11-30 ))))))))))))))))))))))))))))))))))))
    .

    2007-11-17 21:23 58,952 --a------ C:\WINNT\system32\MsgPlusLoader.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-30 20:57 --------- d-----w C:\Program Files\Google
    2007-11-30 19:34 --------- d-----w C:\Program Files\Creative
    2007-11-24 13:22 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-10-28 15:43 --------- d-----w C:\Program Files\eMule
    2007-09-18 17:50 60,800 ----a-w C:\WINNT\system32\S32EVNT1.DLL
    2007-09-03 15:30 1,868,944 ----a-w C:\WINNT\system32\RSA32_16.DLL
    2007-08-27 15:13 537,992 ----a-w C:\WINNT\system32\SymNeti.dll
    2007-08-27 15:13 161,160 ----a-w C:\WINNT\system32\SymRedir.dll
    2006-02-11 16:12 271 ---h--w C:\Program Files\desktop.ini
    2006-02-11 16:12 22,115 ---h--w C:\Program Files\folder.htt
    2002-08-02 00:00 32,528 ----a-w C:\WINNT\inf\wbfirdma.sys
    .

    ((((((((((((((((((((((((((((( snapshot@ven. 2007-11-30_22.59.48.85 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-11-30 23:55:44 16,384 ----atw C:\WINNT\system32\Perflib_Perfdata_45c.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "internat.exe"="internat.exe" [02/08/02 01:00 C:\WINNT\system32\internat.exe]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [04/09/07 22:40 ]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [02/08/02 01:00 C:\WINNT\system32\mobsync.exe]
    "SoundMan"="SOUNDMAN.EXE" [17/01/06 19:47 C:\WINNT\soundman.exe]
    "NvCplDaemon"="RUNDLL32.exe" [02/08/02 01:00 C:\WINNT\system32\rundll32.exe]
    "NeroCheck"="C:\WINNT\System32\NeroCheck.exe" [09/07/01 10:50 ]
    "msnappau"="C:\Program Files\MSN Apps\Updater\[u]0[/u]1.03.0000.1005\fr\msnappau.exe" [13/08/04 17:41 ]
    "SA"="C:\Program Files\Logitech\QuickCam\SA3.EXE" []
    "DXM6Patch_981116"="C:\WINNT\p_981116.exe" [30/11/98 18:04 ]
    "LVComs"="C:\WINNT\System32\LVComS.exe" [02/02/00 11:56 ]
    "SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [15/10/04 19:40 ]
    "Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [30/07/04 11:04 ]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [28/04/06 11:27 ]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [24/03/06 19:30 ]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [22/02/07 12:08 ]
    "SSC_UserPrompt"="C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe" [10/11/04 11:57 ]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14/03/07 02:43 ]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "internat.exe"="internat.exe" [02/08/02 01:00 C:\WINNT\system32\internat.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [02/08/02 01:00 ]

    C:\Documents and Settings\All Users.WINNT\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56]
    NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2006-02-12 15:11:56]
    WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-04-09 11:52:36]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=MsgPlusLoader.dll

    R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);C:\WINNT\system32\drivers\e10kx2k.sys
    S1 NetPT;NetBIOS Protection;C:\WINNT\system32\DRIVERS\netpt.sys
    S3 LVCam;Logitech QuickCam Express;C:\WINNT\system32\DRIVERS\LVCD.sys
    S3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINNT\system32\DRIVERS\usbiad.sys
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys
    S3 V0090VID;Creative WebCam Vista Plus;C:\WINNT\system32\DRIVERS\V0090Vid.sys

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-11-02 22:23:23 C:\WINNT\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Administrateur.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exen/TASK:
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-01 01:01:13
    Windows 5.0.2195 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 01/12/2007 1:02:19
    C:\ComboFix2.txt ... 01/12/07 00:14
    C:\ComboFix3.txt ... 30/11/07 23:04
    .
    --- E O F ---

    hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:02:55, on 01/12/2007
    Platform: Windows 2000 SP3 (WinNT 5.00.2195)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINNT\System32\smss.exe
    C:\WINNT\system32\winlogon.exe
    C:\WINNT\system32\services.exe
    C:\WINNT\system32\lsass.exe
    C:\WINNT\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINNT\system32\spoolsv.exe
    C:\WINNT\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\WINNT\System32\nvsvc32.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\SOUNDMAN.EXE
    C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe
    C:\WINNT\System32\LVComS.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\WINNT\system32\internat.exe
    C:\Program Files\Nikon\NkView6\NkvMon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
    C:\WINNT\system32\svchost.exe
    C:\WINNT\explorer.exe
    C:\Documents and Settings\Administrateur.DC846CB79DB3494\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
    O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\fr\msnappau.exe"
    O4 - HKLM\..\Run: [SA] C:\Program Files\Logitech\QuickCam\SA3.EXE
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [LVComs] C:\WINNT\System32\LVComS.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
    O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by109fd.bay109.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - https://tiragesphoto.fnac.com/
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    0
  8. g!rly Messages postés 18462 Statut Contributeur 407
     
    oui si tu veux bien, on reprendra les aventures demain...
    je vais me coucher > ton pc devrait deja aller mieux...
    bonne nuit
    @+
    0
  9. g!rly Messages postés 18462 Statut Contributeur 407
     
    --
    mouvement de non entraide a suivre très prochainement...
    0