Sujet Précédent Sujet Suivant

TROJAN METAJUAN DOWNLOADER

0emile0 Messages postés 2 Statut Membre -  
papyber Messages postés 6430 Statut Contributeur sécurité -
Bonjour,

Voilà je suis victime de trojan, norton localise et supprime des trojan du type METAJUAN et DOWNLOADER.
Mais ils finissent par revenir... Des publicités intempestives s'ouvrent frequemment.

Je ne sais pas quoi faire. AIDEZ MOI..

Voici un rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:27, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\DOCUME~1\Laurent\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\tpmcxbdr.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
A voir également:

4 réponses

Réponse 1 / 4
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
désactive ton antivirus, antispyware, et Spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite.
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

0
Réponse 2 / 4
0emile0 Messages postés 2 Statut Membre
 
voici

ComboFix 08-02-11.2 - Laurent 2008-02-11 19:38:47.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.239 [GMT 1:00]
Endroit: C:\Documents and Settings\Laurent\Mes documents\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\qommjih.dll
C:\WINDOWS\system32\ayadd.ini
C:\WINDOWS\system32\ayadd.ini2
C:\WINDOWS\system32\ddaya.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\hpsgpwex.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\qommjih.dll
C:\WINDOWS\system32\rdbxcmpt.ini
C:\WINDOWS\system32\tpmcxbdr.dll
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\NPF

((((((((((((((((((((((((((((( Fichiers créés 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))
.

2008-02-11 19:32 . 2004-08-10 20:00 263,488 -r-hs---- C:\cmldr
2008-02-11 15:48 . 2008-02-11 15:48 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-02-11 14:12 . 2008-02-11 14:12 <REP> d-------- C:\Program Files\Trend Micro
2008-02-11 13:40 . 2008-02-11 13:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-11 13:27 . 2008-02-11 13:27 <REP> d-------- C:\Program Files\Bonjour
2008-02-11 13:18 . 2008-02-11 13:18 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-11 11:08 . 2008-02-11 11:08 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Shareaza
2008-02-09 15:05 . 2008-02-09 15:05 21 --a------ C:\WINDOWS\kit.ini
2008-02-09 15:03 . 2008-02-09 15:03 <REP> d-------- C:\Program Files\Wanadoo
2008-02-09 15:01 . 2008-02-09 15:01 <REP> d-------- C:\Program Files\SAGEM
2008-02-09 15:00 . 2008-02-09 15:00 <REP> d-------- C:\Program Files\Securitoo
2008-02-07 18:40 . 2008-02-07 18:40 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\DivX
2008-02-07 18:39 . 2008-02-07 18:39 <REP> d-------- C:\Program Files\DivX
2008-02-06 23:09 . 2008-02-06 23:09 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Leadertech
2008-02-06 22:53 . 2008-01-04 22:58 43,528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-02-06 02:02 . 2008-02-06 02:02 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\vlc
2008-02-06 01:57 . 2008-02-06 01:57 <REP> d-------- C:\Program Files\VideoLAN
2008-02-05 12:30 . 2008-02-05 12:30 <REP> d-------- C:\Program Files\CCleaner
2008-02-02 20:45 . 2008-02-02 20:48 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-02 20:45 . 2008-02-02 20:48 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-02 00:13 . 2008-02-02 00:13 <REP> d--hs---- C:\FOUND.000
2008-01-30 22:15 . 2008-01-30 22:16 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\skypePM
2008-01-30 22:15 . 2008-01-30 22:16 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-01-29 02:39 . 2008-01-29 02:39 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-01-27 15:14 . 2008-01-27 15:14 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-27 13:34 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-27 13:34 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-01-27 13:34 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-27 02:14 . 2008-01-27 02:14 <REP> d-------- C:\Program Files\Google
2008-01-27 02:14 . 2008-01-27 02:14 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Skype
2008-01-27 02:13 . 2008-01-27 02:13 <REP> d-------- C:\Program Files\Skype
2008-01-27 02:13 . 2008-01-27 02:13 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-01-27 02:13 . 2008-01-27 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-01-26 22:56 . 2008-01-26 22:56 <REP> d--hs---- C:\Recycled
2008-01-26 22:26 . 2008-01-26 22:26 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Camfrog
2008-01-26 22:23 . 2008-01-26 22:23 <REP> d-------- C:\Program Files\Camfrog
2008-01-26 17:26 . 2008-01-26 17:26 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-01-26 17:26 . 2008-01-26 17:26 <REP> d-------- C:\Documents and Settings\Laurent\Contacts
2008-01-26 17:12 . 2008-01-26 17:12 <REP> d-------- C:\Program Files\Windows Live
2008-01-26 17:12 . 2008-01-26 17:13 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-26 17:12 . 2008-01-26 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-26 14:39 . 2008-01-26 14:39 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-01-25 13:44 . 2008-01-25 13:44 385 --a------ C:\WINDOWS\ODBC.INI
2008-01-25 13:42 . 2008-01-25 13:42 <REP> d-------- C:\WINDOWS\ShellNew
2008-01-24 16:58 . 2008-01-24 16:58 <REP> d-------- C:\WINDOWS\USB Vibration
2008-01-24 16:58 . 2002-11-14 22:32 55,808 --a------ C:\WINDOWS\system32\devcon.exe
2008-01-24 16:58 . 2006-07-04 17:17 53,921 --a------ C:\WINDOWS\system32\drivers\hid7906.sys
2008-01-24 16:57 . 2008-01-24 16:57 <REP> d-------- C:\Program Files\USB_PS2 Vibration Pad
2008-01-24 16:57 . 2008-01-24 16:57 <REP> d-------- C:\Program Files\USB Vibration
2008-01-24 16:51 . 2008-01-24 16:51 <REP> dr-h----- C:\Documents and Settings\Laurent\Application Data\SecuROM
2008-01-24 16:51 . 2008-01-24 16:51 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\AdobeUM
2008-01-24 16:51 . 2008-01-24 16:51 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-01-24 16:30 . 2008-01-24 16:30 <REP> d-------- C:\Program Files\EA Sports
2008-01-23 01:52 . 2008-01-23 01:52 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-01-22 15:44 . 2008-01-22 15:44 <REP> d--hs---- C:\Documents and Settings\Laurent\UserData
2008-01-21 23:46 . 2008-01-21 23:47 <REP> d-------- C:\Program Files\MSXML 4.0
2008-01-21 23:33 . 2006-03-21 04:23 23,040 --------- C:\WINDOWS\kb913800.exe
2008-01-21 23:29 . 2006-03-17 01:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-01-21 23:25 . 2008-01-21 23:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-01-21 23:23 . 2008-02-11 19:21 1,422 --a------ C:\WINDOWS\system32\eRLog.ini
2008-01-21 20:42 . 2008-01-21 20:42 <REP> d-------- C:\Program Files\Launch Manager
2008-01-21 20:42 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
2008-01-21 20:42 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL
2008-01-21 20:42 . 2008-01-21 20:42 83 --a------ C:\WINDOWS\LManager.UNI
2008-01-21 20:41 . 2008-01-21 20:41 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Symantec
2008-01-21 20:41 . 2006-01-20 15:56 225,350 --a------ C:\WINDOWS\system32\Epm-Po.dll
2008-01-21 20:41 . 2006-01-20 15:56 53,248 --a------ C:\WINDOWS\system32\acpimof.dll
2008-01-21 20:40 . 2006-08-19 04:30 <REP> d--h----- C:\Documents and Settings\Laurent\Voisinage réseau
2008-01-21 20:40 . 2006-08-19 04:30 <REP> d--h----- C:\Documents and Settings\Laurent\Voisinage d'impression
2008-01-21 20:40 . 2006-08-19 04:30 <REP> d--h----- C:\Documents and Settings\Laurent\Modèles
2008-01-21 20:40 . 2008-01-26 14:47 <REP> dr------- C:\Documents and Settings\Laurent\Mes documents
2008-01-21 20:40 . 2006-08-19 04:30 <REP> dr------- C:\Documents and Settings\Laurent\Menu Démarrer
2008-01-21 20:40 . 2008-01-21 20:40 <REP> dr------- C:\Documents and Settings\Laurent\Favoris
2008-01-21 20:40 . 2006-08-19 04:30 <REP> d-------- C:\Documents and Settings\Laurent\Bureau
2008-01-21 20:40 . 2006-08-19 05:40 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Acer
2008-01-21 20:39 . 2006-08-19 05:40 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer
2008-01-21 20:30 . 2004-08-10 20:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 19:48 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-02 19:48 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-21 20:48 --------- d-----w C:\Program Files\Yahoo!
2008-01-21 20:46 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-01-21 20:46 --------- d-----w C:\Program Files\Fichiers communs\Acer
2008-01-21 20:46 --------- d-----w C:\Program Files\Acer
2008-01-21 20:43 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-21 20:43 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
2008-01-21 20:43 --------- d-----w C:\Program Files\WinPCap
2008-01-21 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-28 13:11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"LaunchApp"="Alaunch" []
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 12:08 52840]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]
"LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776]
"LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:29]
R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-07-04 17:17]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-01 20:46:48 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Laurent.job"
- C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
"2008-02-11 14:45:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 19:40:17
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-11 19:40:48
ComboFix-quarantined-files.txt 2008-02-11 18:40:46
.
2008-02-08 02:02:31 --- E O F ---
0
Réponse 3 / 4
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
rapport en examen
0
Réponse 4 / 4
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
je t'ai fait attendre...panne d'internet!
faire un scan antivirus en ligne avec Internet explorer et accepter l'ActiveX
poster le rapport ici ensuite
https://www.bitdefender.fr/

En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
Dans la nouvelle fenêtre, clique sur j’accepte
La fenêtre change encore, clique sur scanner
Les signatures se chargent, etc.

tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses