TROJAN METAJUAN DOWNLOADER

0emile0 Messages postés 2 Date d'inscription   Statut Membre -  
papyber Messages postés 6430 Statut Contributeur sécurité -
Bonjour,

Voilà je suis victime de trojan, norton localise et supprime des trojan du type METAJUAN et DOWNLOADER.
Mais ils finissent par revenir... Des publicités intempestives s'ouvrent frequemment.

Je ne sais pas quoi faire. AIDEZ MOI..

Voici un rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:52:27, on 11/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\DOCUME~1\Laurent\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\tpmcxbdr.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://fdata.over-blog.com/99/00/00/01/js/javauploader/ImageUploader4.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11912 bytes
Configuration: Windows XP
Internet Explorer 7.0

4 réponses

  1. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    Télécharge combofix.exe (par sUBs) sur ton Bureau
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    désactive ton antivirus, antispyware, et Spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite.
    Double clique combofix.exe.
    Tape sur la touche Y (Yes) pour démarrer le scan.
    Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    0
  2. 0emile0 Messages postés 2 Date d'inscription   Statut Membre
     
    voici

    ComboFix 08-02-11.2 - Laurent 2008-02-11 19:38:47.4 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.239 [GMT 1:00]
    Endroit: C:\Documents and Settings\Laurent\Mes documents\ComboFix.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\WINDOWS\system32\qommjih.dll
    C:\WINDOWS\system32\ayadd.ini
    C:\WINDOWS\system32\ayadd.ini2
    C:\WINDOWS\system32\ddaya.dll
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\hpsgpwex.dll
    C:\WINDOWS\system32\packet.dll
    C:\WINDOWS\system32\pthreadVC.dll
    C:\WINDOWS\system32\qommjih.dll
    C:\WINDOWS\system32\rdbxcmpt.ini
    C:\WINDOWS\system32\tpmcxbdr.dll
    C:\WINDOWS\system32\WanPacket.dll
    C:\WINDOWS\system32\wpcap.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\NPF

    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-11 to 2008-02-11 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-11 19:32 . 2004-08-10 20:00 263,488 -r-hs---- C:\cmldr
    2008-02-11 15:48 . 2008-02-11 15:48 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2008-02-11 14:12 . 2008-02-11 14:12 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-11 13:40 . 2008-02-11 13:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
    2008-02-11 13:27 . 2008-02-11 13:27 <REP> d-------- C:\Program Files\Bonjour
    2008-02-11 13:18 . 2008-02-11 13:18 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
    2008-02-11 11:08 . 2008-02-11 11:08 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Shareaza
    2008-02-09 15:05 . 2008-02-09 15:05 21 --a------ C:\WINDOWS\kit.ini
    2008-02-09 15:03 . 2008-02-09 15:03 <REP> d-------- C:\Program Files\Wanadoo
    2008-02-09 15:01 . 2008-02-09 15:01 <REP> d-------- C:\Program Files\SAGEM
    2008-02-09 15:00 . 2008-02-09 15:00 <REP> d-------- C:\Program Files\Securitoo
    2008-02-07 18:40 . 2008-02-07 18:40 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\DivX
    2008-02-07 18:39 . 2008-02-07 18:39 <REP> d-------- C:\Program Files\DivX
    2008-02-06 23:09 . 2008-02-06 23:09 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Leadertech
    2008-02-06 22:53 . 2008-01-04 22:58 43,528 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
    2008-02-06 02:02 . 2008-02-06 02:02 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\vlc
    2008-02-06 01:57 . 2008-02-06 01:57 <REP> d-------- C:\Program Files\VideoLAN
    2008-02-05 12:30 . 2008-02-05 12:30 <REP> d-------- C:\Program Files\CCleaner
    2008-02-02 20:45 . 2008-02-02 20:48 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2008-02-02 20:45 . 2008-02-02 20:48 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2008-02-02 00:13 . 2008-02-02 00:13 <REP> d--hs---- C:\FOUND.000
    2008-01-30 22:15 . 2008-01-30 22:16 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\skypePM
    2008-01-30 22:15 . 2008-01-30 22:16 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
    2008-01-29 02:39 . 2008-01-29 02:39 <REP> d-------- C:\WINDOWS\Downloaded Installations
    2008-01-27 15:14 . 2008-01-27 15:14 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2008-01-27 13:34 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-01-27 13:34 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-01-27 13:34 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-01-27 02:14 . 2008-01-27 02:14 <REP> d-------- C:\Program Files\Google
    2008-01-27 02:14 . 2008-01-27 02:14 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Skype
    2008-01-27 02:13 . 2008-01-27 02:13 <REP> d-------- C:\Program Files\Skype
    2008-01-27 02:13 . 2008-01-27 02:13 <REP> d-------- C:\Program Files\Fichiers communs\Skype
    2008-01-27 02:13 . 2008-01-27 02:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
    2008-01-26 22:56 . 2008-01-26 22:56 <REP> d--hs---- C:\Recycled
    2008-01-26 22:26 . 2008-01-26 22:26 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Camfrog
    2008-01-26 22:23 . 2008-01-26 22:23 <REP> d-------- C:\Program Files\Camfrog
    2008-01-26 17:26 . 2008-01-26 17:26 <REP> d-------- C:\Program Files\Windows Live Toolbar
    2008-01-26 17:26 . 2008-01-26 17:26 <REP> d-------- C:\Documents and Settings\Laurent\Contacts
    2008-01-26 17:12 . 2008-01-26 17:12 <REP> d-------- C:\Program Files\Windows Live
    2008-01-26 17:12 . 2008-01-26 17:13 <REP> d--hs---- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-01-26 17:12 . 2008-01-26 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-01-26 14:39 . 2008-01-26 14:39 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2008-01-25 13:44 . 2008-01-25 13:44 385 --a------ C:\WINDOWS\ODBC.INI
    2008-01-25 13:42 . 2008-01-25 13:42 <REP> d-------- C:\WINDOWS\ShellNew
    2008-01-24 16:58 . 2008-01-24 16:58 <REP> d-------- C:\WINDOWS\USB Vibration
    2008-01-24 16:58 . 2002-11-14 22:32 55,808 --a------ C:\WINDOWS\system32\devcon.exe
    2008-01-24 16:58 . 2006-07-04 17:17 53,921 --a------ C:\WINDOWS\system32\drivers\hid7906.sys
    2008-01-24 16:57 . 2008-01-24 16:57 <REP> d-------- C:\Program Files\USB_PS2 Vibration Pad
    2008-01-24 16:57 . 2008-01-24 16:57 <REP> d-------- C:\Program Files\USB Vibration
    2008-01-24 16:51 . 2008-01-24 16:51 <REP> dr-h----- C:\Documents and Settings\Laurent\Application Data\SecuROM
    2008-01-24 16:51 . 2008-01-24 16:51 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\AdobeUM
    2008-01-24 16:51 . 2008-01-24 16:51 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-01-24 16:30 . 2008-01-24 16:30 <REP> d-------- C:\Program Files\EA Sports
    2008-01-23 01:52 . 2008-01-23 01:52 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-01-22 15:44 . 2008-01-22 15:44 <REP> d--hs---- C:\Documents and Settings\Laurent\UserData
    2008-01-21 23:46 . 2008-01-21 23:47 <REP> d-------- C:\Program Files\MSXML 4.0
    2008-01-21 23:33 . 2006-03-21 04:23 23,040 --------- C:\WINDOWS\kb913800.exe
    2008-01-21 23:29 . 2006-03-17 01:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
    2008-01-21 23:25 . 2008-01-21 23:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-21 23:23 . 2008-02-11 19:21 1,422 --a------ C:\WINDOWS\system32\eRLog.ini
    2008-01-21 20:42 . 2008-01-21 20:42 <REP> d-------- C:\Program Files\Launch Manager
    2008-01-21 20:42 . 2004-12-08 14:10 16,896 --a------ C:\WINDOWS\system32\drivers\DKbFltr.SYS
    2008-01-21 20:42 . 2004-12-09 12:04 5,120 --a------ C:\WINDOWS\system32\FILTRCOI.DLL
    2008-01-21 20:42 . 2008-01-21 20:42 83 --a------ C:\WINDOWS\LManager.UNI
    2008-01-21 20:41 . 2008-01-21 20:41 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Symantec
    2008-01-21 20:41 . 2006-01-20 15:56 225,350 --a------ C:\WINDOWS\system32\Epm-Po.dll
    2008-01-21 20:41 . 2006-01-20 15:56 53,248 --a------ C:\WINDOWS\system32\acpimof.dll
    2008-01-21 20:40 . 2006-08-19 04:30 <REP> d--h----- C:\Documents and Settings\Laurent\Voisinage réseau
    2008-01-21 20:40 . 2006-08-19 04:30 <REP> d--h----- C:\Documents and Settings\Laurent\Voisinage d'impression
    2008-01-21 20:40 . 2006-08-19 04:30 <REP> d--h----- C:\Documents and Settings\Laurent\Modèles
    2008-01-21 20:40 . 2008-01-26 14:47 <REP> dr------- C:\Documents and Settings\Laurent\Mes documents
    2008-01-21 20:40 . 2006-08-19 04:30 <REP> dr------- C:\Documents and Settings\Laurent\Menu Démarrer
    2008-01-21 20:40 . 2008-01-21 20:40 <REP> dr------- C:\Documents and Settings\Laurent\Favoris
    2008-01-21 20:40 . 2006-08-19 04:30 <REP> d-------- C:\Documents and Settings\Laurent\Bureau
    2008-01-21 20:40 . 2006-08-19 05:40 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Acer
    2008-01-21 20:39 . 2006-08-19 05:40 <REP> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Acer
    2008-01-21 20:30 . 2004-08-10 20:00 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-02 19:48 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2008-02-02 19:48 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2008-01-21 20:48 --------- d-----w C:\Program Files\Yahoo!
    2008-01-21 20:46 --------- d-----w C:\Program Files\Fichiers communs\Logitech
    2008-01-21 20:46 --------- d-----w C:\Program Files\Fichiers communs\Acer
    2008-01-21 20:46 --------- d-----w C:\Program Files\Acer
    2008-01-21 20:43 21,275 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
    2008-01-21 20:43 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel
    2008-01-21 20:43 --------- d-----w C:\Program Files\WinPCap
    2008-01-21 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
    2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
    2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
    2008-01-04 21:58 9,464 ------w C:\WINDOWS\system32\drivers\cdralw2k.sys
    2008-01-04 21:58 9,336 ------w C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
    2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
    2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
    2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
    2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
    2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
    2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
    2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
    2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
    2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
    2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
    2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
    2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
    2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
    2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
    2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
    2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
    2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-28 13:11 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
    "LaunchApp"="Alaunch" []
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
    "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
    "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
    "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 110592 C:\WINDOWS\system32\bthprops.cpl]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 12:08 52840]
    "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
    "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
    "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
    "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2006-06-23 10:39 225280]
    "WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]
    "LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 15:47 331776]
    "LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 15:55 73728]
    "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22 517768]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 17:14]
    R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
    R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
    R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
    R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
    R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
    R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
    R2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:29]
    R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20]
    R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40]
    R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
    S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-07-04 17:17]

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-02-01 20:46:48 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Laurent.job"
    - C:\PROGRA~1\NORTON~1\Navw32.exeh/TASK:
    "2008-02-11 14:45:06 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-11 19:40:17
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-11 19:40:48
    ComboFix-quarantined-files.txt 2008-02-11 18:40:46
    .
    2008-02-08 02:02:31 --- E O F ---
    0
  3. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    rapport en examen
    0
  4. papyber Messages postés 6430 Statut Contributeur sécurité 257
     
    je t'ai fait attendre...panne d'internet!
    faire un scan antivirus en ligne avec Internet explorer et accepter l'ActiveX
    poster le rapport ici ensuite
    https://www.bitdefender.fr/

    En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    Dans la nouvelle fenêtre, clique sur j’accepte
    La fenêtre change encore, clique sur scanner
    Les signatures se chargent, etc.

    tuto en image
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm
    0