[PC2] Virus MSN Hijack à déchiffrer SVP Merci

Résolu

sourine Messages postés 189 Statut Membre -
jlpjlp Messages postés 52399 Statut Contributeur sécurité - 8 mars 2008 à 22:42

Bonjour,
J'ai un 2ème pc infecté par le dernier virus nommé Restarter.F par Secuser choppé via lien sur MSN à soigner (même si le premier n'est pas encore guéri !! lol)

Voici mon rapport, merci de toute l'aide que vous pourrez m'apporter car c'est une foutue belle merde !! ;-)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:43:51, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\ipsecpooler.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\480cc6474822c4d3bda7c05b0f4fe218\update\update.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SXG Advisor - {0F240256-9E39-4E57-AD5C-55700B7A2388} - C:\WINDOWS\dgtxrdfwrv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - (no file)
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1204151245.dll
O3 - Toolbar: ekvgsnw - {474928DE-BC0F-4637-ADC1-C6DD2D1161D7} - C:\WINDOWS\ekvgsnw.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe" dm=http://reparateurdesysteme.com ad=http://reparateurdesysteme.com sd=http://repay.reparateurdesysteme.com
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Fichiers communs\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O21 - SSODL: bxlrvps - {E7723154-B877-4674-9150-3B4499298C61} - C:\WINDOWS\bxlrvps.dll
O21 - SSODL: alofkmn - {FDA15159-774E-495B-8F88-7259CB1D6F33} - C:\WINDOWS\alofkmn.dll
O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: IP SEC PROTOCOL POLLER (IPSecPooler) - Unknown owner - C:\WINDOWS\system32\ipsecpooler.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Afficher la suite

A voir également:

[PC2] Virus MSN Hijack à déchiffrer SVP Merci
Virus mcafee - Accueil - Piratage
Hijack this - Télécharger - Antivirus & Antimalwares
Telecharger msn - Télécharger - Messagerie
Virus informatique - Guide
Msn messenger - Télécharger - Messagerie

81 réponses

Réponse 21 / 81

sourine Messages postés 189 Statut Membre 11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:03, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ipsecpooler.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B3B010A1-A877-4CD7-BAB5-9EE8F9965E20} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe" dm=http://reparateurdesysteme.com ad=http://reparateurdesysteme.com sd=http://repay.reparateurdesysteme.com
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: IP SEC PROTOCOL POLLER (IPSecPooler) - Unknown owner - C:\WINDOWS\system32\ipsecpooler.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Réponse 22 / 81

sourine Messages postés 189 Statut Membre 11

SmitFraudFix v2.298

Rapport fait à 14:33:40,27, 02/03/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\NETTOYAGE MSN\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ipsecpooler.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{24E31EA9-FCE2-404F-BD80-20543565D946}"="Windows Installer Class"

[HKEY_CLASSES_ROOT\CLSID\{24E31EA9-FCE2-404F-BD80-20543565D946}\InProcServer32]
@="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{24E31EA9-FCE2-404F-BD80-20543565D946}\InProcServer32]
@="C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll"

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"system"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection
DNS Server Search Order: 192.168.0.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4EC319B8-9269-4B75-9877-2E2C8D7EE7A9}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4EC319B8-9269-4B75-9877-2E2C8D7EE7A9}: DhcpNameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4EC319B8-9269-4B75-9877-2E2C8D7EE7A9}: NameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8CB24A7A-40AF-4406-9275-29863008D9EE}: DhcpNameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8CB24A7A-40AF-4406-9275-29863008D9EE}: NameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A486443C-62B0-4896-8CBA-C79FBD5B7C11}: DhcpNameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A486443C-62B0-4896-8CBA-C79FBD5B7C11}: NameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C6289EE7-8F88-4A52-B965-A9D9215CF2A1}: DhcpNameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C6289EE7-8F88-4A52-B965-A9D9215CF2A1}: NameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=85.255.113.202 85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.113.202 85.255.112.223

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Réponse 23 / 81

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

fais smitfraudfix avec l'option 5

_____________

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

________________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Réponse 24 / 81

sourine Messages postés 189 Statut Membre 11

ETAPE 1

SmitFraudFix v2.298

Rapport fait à 14:46:41,39, 02/03/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\NETTOYAGE MSN\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix

Description: Intel(R) PRO/Wireless 2200BG Network Connection
DNS Server Search Order: 192.168.0.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4EC319B8-9269-4B75-9877-2E2C8D7EE7A9}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4EC319B8-9269-4B75-9877-2E2C8D7EE7A9}: DhcpNameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4EC319B8-9269-4B75-9877-2E2C8D7EE7A9}: NameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8CB24A7A-40AF-4406-9275-29863008D9EE}: DhcpNameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8CB24A7A-40AF-4406-9275-29863008D9EE}: NameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A486443C-62B0-4896-8CBA-C79FBD5B7C11}: DhcpNameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A486443C-62B0-4896-8CBA-C79FBD5B7C11}: NameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C6289EE7-8F88-4A52-B965-A9D9215CF2A1}: DhcpNameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C6289EE7-8F88-4A52-B965-A9D9215CF2A1}: NameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=85.255.113.202 85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.113.202 85.255.112.223

»»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

Description: Intel(R) PRO/Wireless 2200BG Network Connection
DNS Server Search Order: 192.168.0.254

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4EC319B8-9269-4B75-9877-2E2C8D7EE7A9}: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4EC319B8-9269-4B75-9877-2E2C8D7EE7A9}: DhcpNameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{4EC319B8-9269-4B75-9877-2E2C8D7EE7A9}: NameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8CB24A7A-40AF-4406-9275-29863008D9EE}: DhcpNameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8CB24A7A-40AF-4406-9275-29863008D9EE}: NameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A486443C-62B0-4896-8CBA-C79FBD5B7C11}: DhcpNameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{A486443C-62B0-4896-8CBA-C79FBD5B7C11}: NameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C6289EE7-8F88-4A52-B965-A9D9215CF2A1}: DhcpNameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C6289EE7-8F88-4A52-B965-A9D9215CF2A1}: NameServer=85.255.113.202,85.255.112.223
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.254
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=85.255.113.202 85.255.112.223
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.113.202 85.255.112.223

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 81

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Aller dans Démarrer > Panneau de configuration > Connexions > clique droit sur la connexion > Propriétés > onglet Gestion de réseau
Mettre en surbrillance Protocole Internet (tcp/ip) puis cliquer sur le bouton Propriétés.
Dans les options (serveur DNS préféré et serveur DNS auxiliaire) on trouvera une de ces adresses présentes : 85.255.113.202,85.255.112.223 )
Pour les éliminer, cocher : Obtenir les adresses des serveurs DNS automatiquement puis cliquer 2 fois sur Ok et redémarrer le PC. Merci à Incognito02 pour cette astuce ;-)

_______________

colle ensuite un rapport combofix et hijakchtis

sourine Messages postés 189 Statut Membre 11

Ok, je vais faire ça...
En attendant j'ai lancé COMBOFIX et le pc a redémarré mais pour le moment je suis arretée sur le rapport txt..
et ecran bleu, le pc ne se lance pas...
Je reboot violemment ?

Réponse 26 / 81

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

oui reboot dans 5 min si ca perssite

Réponse 27 / 81

sourine Messages postés 189 Statut Membre 11

ComboFix 08-03-01.3 - Administrateur 2008-03-02 14:49:14.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.153 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\Combo-Fix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\rs.txt
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\drivers\symavc32.sys
C:\WINDOWS\system32\drivers\Voj34.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_YKAV39

((((((((((((((((((((((((((((( Fichiers créés 2008-02-02 to 2008-03-02 ))))))))))))))))))))))))))))))))))))
.

2008-03-02 13:45 . 2008-03-02 13:45 17,408 --a------ C:\Documents and Settings\Administrateur\xqswcy.exe
2008-03-02 13:42 . 2008-03-02 13:42 17,408 --a------ C:\Documents and Settings\Administrateur\zqnzqy.exe
2008-03-02 13:42 . 2008-03-02 13:42 17,408 --a------ C:\Documents and Settings\Administrateur\swfakg.exe
2008-03-02 13:40 . 2008-03-02 13:40 244 --ah----- C:\sqmnoopt01.sqm
2008-03-02 13:40 . 2008-03-02 13:40 232 --ah----- C:\sqmdata01.sqm
2008-03-02 13:15 . 2008-03-02 13:45 17,408 --a------ C:\WINDOWS\wsysst32.exe
2008-03-02 13:14 . 2008-03-02 13:14 17,408 --a------ C:\Documents and Settings\Administrateur\qtkecg.exe
2008-03-02 13:14 . 2008-03-02 13:42 5,120 --a------ C:\WINDOWS\winsyn.dll
2008-03-02 04:15 . 2008-03-02 14:33 4,606 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-02 03:37 . 2008-03-02 03:53 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-03-02 03:13 . 2008-03-02 03:13 <REP> d-------- C:\Program Files\Trend Micro
2008-03-02 02:12 . 2008-03-02 14:22 <REP> d-------- C:\fixwareout
2008-03-02 01:48 . 2008-03-02 01:48 244 --ah----- C:\sqmnoopt00.sqm
2008-03-02 01:48 . 2008-03-02 01:48 232 --ah----- C:\sqmdata00.sqm
2008-03-02 01:28 . 2008-03-02 01:28 <REP> d-------- C:\Program Files\CCleaner
2008-03-01 13:40 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-01 13:40 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-01 12:32 . 2008-03-02 03:09 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-02-29 22:35 . 2008-02-29 22:57 <REP> d-------- C:\MSNFix
2008-02-29 22:14 . 2008-03-02 03:00 <REP> d-------- C:\Program Files\Unlocker
2008-02-29 21:55 . 2008-02-29 21:55 75 --a------ C:\WINDOWS\system32\DelReboot
2008-02-29 21:27 . 2008-02-29 21:27 <REP> d-------- C:\Program Files\Avira
2008-02-29 21:27 . 2008-02-29 21:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-02-28 22:55 . 2008-02-28 22:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-02-28 22:54 . 2008-03-02 04:44 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-02-28 22:53 . 2008-03-02 04:44 <REP> d-------- C:\Program Files\Symantec
2008-02-28 22:00 . 2008-02-28 22:00 54,764 --a------ C:\WINDOWS\system\userinfo32.ggt
2008-02-28 20:57 . 2008-02-28 21:57 <REP> d-------- C:\Program Files\ReparateurDeSysteme
2008-02-28 20:57 . 2008-02-28 20:57 <REP> d-------- C:\Program Files\Fichiers communs\ReparateurDeSysteme
2008-02-28 20:57 . 2008-02-28 20:57 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-28 20:57 . 2008-02-28 20:57 <REP> dr------- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2008-02-28 11:13 . 2008-02-28 22:02 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-27 23:39 . 2008-02-27 23:39 167,936 --a------ C:\WINDOWS\system32\drivers\Ykav39.sys
2008-02-27 23:39 . 2008-03-02 14:25 14 --ah----- C:\WINDOWS\mmax_hren2.ini
2008-02-27 23:36 . 2008-02-28 20:46 506,880 --a--c--- C:\WINDOWS\system32\dllcache\winlogon.exe
2008-02-27 23:35 . 2008-02-28 20:57 40,960 --a------ C:\WINDOWS\mmhren1.exe
2008-02-27 23:31 . 2008-02-28 22:02 167,936 --a------ C:\WINDOWS\system32\drivers\riode32.sys
2008-02-27 23:25 . 2008-02-27 23:25 387,584 --a------ C:\WINDOWS\system32\ipsecpooler.exe
2008-02-27 23:25 . 2008-02-27 23:25 29 --a------ C:\WINDOWS\system32\gqaqtaqa.tmp
2008-02-27 23:24 . 2008-02-27 23:24 54,764 --a------ C:\WINDOWS\system\hipsrv.mm
2008-02-27 23:24 . 2008-02-27 23:24 53,248 --a------ C:\WINDOWS\system32\oleauth32.dll
2008-02-27 23:24 . 2008-02-27 23:24 53,248 --a------ C:\WINDOWS\system32\mstscex.dll
2008-02-27 23:24 . 2008-02-27 23:24 4,224 --a------ C:\WINDOWS\system32\drivers\kcp.sys
2008-02-27 23:24 . 2008-02-27 23:24 3,200 --a------ C:\WINDOWS\system32\ipsecndis.sys
2008-02-27 20:57 . 2008-02-27 20:57 550 --a------ C:\WINDOWS\eReg.dat
2008-02-27 20:30 . 2008-02-27 20:30 <REP> d-------- C:\Program Files\Maxis
2008-02-26 13:44 . 2008-03-02 03:27 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-26 13:44 . 2008-02-26 13:44 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-24 20:08 . 2008-02-24 20:08 <REP> d-------- C:\Program Files\Microsoft Games
2008-02-23 08:40 . 2008-02-23 08:40 0 --a------ C:\WINDOWS\NDSBrow.INI
2008-02-23 01:06 . 2008-02-23 01:32 <REP> d-------- C:\Program Files\Windows Live
2008-02-23 01:06 . 2008-02-23 01:30 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-23 01:06 . 2008-02-23 01:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-23 01:00 . 2008-02-23 01:00 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-02-22 23:55 . 2008-02-22 23:55 <REP> d-------- C:\Program Files\Windows Resource Kits
2008-02-22 22:38 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-22 22:38 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-22 22:38 . 2007-07-30 19:19 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-22 22:38 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-22 21:43 . 2008-02-22 21:43 <REP> d---s---- C:\Documents and Settings\Administrateur\UserData
2008-02-05 08:03 . 2008-02-05 08:03 <REP> d-------- C:\Program Files\Core Design
2008-02-05 08:03 . 1997-08-14 16:17 117,248 --a------ C:\WINDOWS\system32\Edec.dll
2008-02-05 08:03 . 1997-08-14 16:31 98,816 --a------ C:\WINDOWS\system32\Dec130.dll
2008-02-05 08:03 . 1997-08-14 16:24 89,600 --a------ C:\WINDOWS\system32\Winsdec.dll
2008-02-05 08:03 . 1997-08-14 11:10 80,896 --a------ C:\WINDOWS\system32\Winstr.dll
2008-02-05 08:03 . 1997-08-14 16:06 60,416 --a------ C:\WINDOWS\system32\Winplay.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 20:00 12,400 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-27 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-22 22:43 --------- d-----w C:\Program Files\Zylom Games
2008-02-22 19:53 --------- d-----w C:\Program Files\HP
2008-02-22 19:53 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-22 19:52 --------- d-----w C:\Program Files\AutoCAD 2006
2008-02-22 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-01-29 21:26 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\MSN6
2008-01-25 01:53 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Zylom
2008-01-21 19:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-01-21 19:33 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PlayFirst
2008-01-21 00:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\JollyBear
2008-01-21 00:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-01-20 00:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\HipSoft
2008-01-15 14:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\HP
2008-01-15 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-01-15 13:33 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-01-12 17:14 --------- d-----w C:\Program Files\Lionhead Studios Ltd
2008-01-11 23:57 95,208 ----a-w C:\Documents and Settings\Administrateur\Application Data\GDIPFONTCACHEV1.DAT
2008-01-11 23:54 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Talkback
2006-07-15 15:32 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-15 16:19 65536]
"Microsoft hren1"="C:\WINDOWS\mmhren1.exe" [2008-02-28 20:57 40960]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2004-04-27 10:10 32881]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-01-26 17:03 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-01-26 17:03 118784]
"00THotkey"="C:\WINDOWS\System32\[u]0[/u]0THotkey.exe" [2004-03-29 11:10 253952]
"000StTHK"="000StTHK.exe" [2001-06-23 19:28 24576 C:\WINDOWS\system32\[u]0[/u]00StTHK.exe]
"TFNF5"="TFNF5.exe" [2003-12-02 12:15 73728 C:\WINDOWS\system32\TFNF5.exe]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2004-03-30 12:51 118784]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe" [2003-08-03 15:01 86073]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-10-30 14:46 192512]
"TouchED"="C:\Program Files\TOSHIBA\TouchED\TouchED.Exe" [2003-03-11 12:58 122880]
"LTSMMSG"="LTSMMSG.exe" [2003-04-18 09:06 32768 C:\WINDOWS\ltsmmsg.exe]
"TPSMain"="TPSMain.exe" [2004-04-01 13:20 266240 C:\WINDOWS\system32\TPSMain.exe]
"TMESRV.EXE"="C:\Program Files\TOSHIBA\TME3\TMESRV31.exe" [2004-04-13 11:14 126976]
"TMERzCtl.EXE"="C:\Program Files\TOSHIBA\TME3\TMERzCtl.exe" [2003-10-29 11:12 81920]
"TFncKy"="TFncKy.exe" []
"PRONoMgr.exe"="c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2003-12-10 01:36 86016]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-19 16:09 144384]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"NDSTray.exe"="NDSTray.exe" []
"Microsoft hren1"="C:\WINDOWS\mmhren1.exe" [2008-02-28 20:57 40960]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 16:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= file:///C:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
c:\WINDOWS\System32\LgNotify.dll 2003-12-16 15:49 110592 c:\WINDOWS\system32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\services.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 kcp;kcp;C:\WINDOWS\system32\drivers\kcp.sys [2008-02-27 23:24]
R1 TMEI3E;TMEI3E;C:\WINDOWS\system32\Drivers\TMEI3E.SYS [2002-09-26 12:15]
R2 IPSecPooler;IP SEC PROTOCOL POLLER;C:\WINDOWS\system32\ipsecpooler.exe [2008-02-27 23:25]
R3 IPSECNDISBRIDGE;IP SEC PROTOCOL NDIS BRIDGE DRIVER;C:\WINDOWS\system32\ipsecndis.sys [2008-02-27 23:24]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\system32\DRIVERS\LTSM.sys [2002-09-17 15:12]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-07-15 20:57]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 14:58:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

? [1004]

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\mstscex.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\1XConfig.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-02 15:01:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-02 14:00:48
.
2008-03-02 03:06:07 --- E O F ---

Réponse 28 / 81

sourine Messages postés 189 Statut Membre 11

je suis en train de voir pour les propriétés DNS

Réponse 29 / 81

sourine Messages postés 189 Statut Membre 11

toutes les propriétés sont en dns auto et dhcp auto

Une petite précision : je suis sur un portable, loguée en Wifi via un routeur/firewall perso netgear...

Réponse 30 / 81

sourine Messages postés 189 Statut Membre 11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:01, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ipsecpooler.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: IP SEC PROTOCOL POLLER (IPSecPooler) - Unknown owner - C:\WINDOWS\system32\ipsecpooler.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Réponse 31 / 81

sourine Messages postés 189 Statut Membre 11

Réponse 32 / 81

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

__________________

installe la derniere version java puis vire ta version 1.4.2 via ton panneau de configuration

https://www.java.com/fr/
__________________
installe la derniere version internet explorer;

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
__________________

colle un rapport antivir et un nouveau hijackthis

sourine Messages postés 189 Statut Membre 11

merci encore pour ton aide...; !

bon ça commence mal au lancement de Sdfix j'ai un message indiquant que le fichier est déjà utilisé...
J'imagine que je devrais le réinstaller en le renommant, non ?

RECTIFICATION :c'est ok, je lance la procédure...

Réponse 33 / 81

sourine Messages postés 189 Statut Membre 11

[b]SDFix: Version 1.150 [/b]

Run by Administrateur on 02/03/2008 at 17:35

Microsoft Windows XP [version 5.1.2600]
Running From: C:\sdfix

[b]Checking Services [/b]:

Name:
hipsrv
IPSECNDISBRIDGE
IPSecPooler
kcp
userinfo32

Path:
\??\C:\WINDOWS\system\hipsrv.mm
\??\C:\WINDOWS\system32\ipsecndis.sys
C:\WINDOWS\system32\ipsecpooler.exe
\??\C:\WINDOWS\system32\drivers\kcp.sys
\??\C:\WINDOWS\system\userinfo32.ggt

hipsrv - Deleted
IPSECNDISBRIDGE - Deleted
IPSecPooler - Deleted
kcp - Deleted
userinfo32 - Deleted

[b]Infected Winlogon.exe Found![/b]

Winlogon File Locations:

"C:\WINDOWS\ServicePackFiles\i386\winlogon.exe" 506368 19/08/2004 16:10
"C:\WINDOWS\system32\winlogon.exe" 506880 28/02/2008 20:46
"C:\WINDOWS\system32\dllcache\winlogon.exe" 506880 28/02/2008 20:46

Infected Files Are Listed Below:

C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\dllcache\winlogon.exe

Note: SDFix Does Not Repair This File!

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Service asc3550o - Deleted after Reboot

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\GQAQTAQA.TMP - Deleted
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe - Deleted
C:\WINDOWS\system32\drivers\etc\BackupHosts.bak - Deleted
C:\WINDOWS\system32\ipsecndis.sys - Deleted
C:\WINDOWS\system32\ipsecpooler.exe - Deleted
C:\WINDOWS\system32\mstscex.dll - Deleted
C:\WINDOWS\system32\oleauth32.dll - Deleted
C:\WINDOWS\system32\real.txt - Deleted
C:\WINDOWS\system\hipsrv.mm - Deleted
C:\WINDOWS\system\userinfo32.ggt - Deleted
C:\WINDOWS\system32\drivers\kcp.sys - Deleted

Folder C:\Documents and Settings\All Users\Application Data\SalesMon - Removed

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 17:47:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000135

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\ADMINI~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype. The whole world can talk for free."
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:

File Backups: - C:\sdfix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Sat 1 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ad213d081e2675ef87a62c73b8abf209\BIT59.tmp"
Sun 2 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d6e228e44f2018dd79eeb427a0b47d06\BIT2.tmp"

[b]Finished![/b]

Réponse 34 / 81

sourine Messages postés 189 Statut Membre 11

sinon pour JAVA ok, mais pour IE, t'es vraiment sur que tu veux que j'installe la version 7 car j'aime pas du tout du tout et si je peux éviter cela m'arrangerait !!

Sinon, le fichier n'est toujours pas supprimé et ma question est : avez vous les uns ou les autres déjà réussi à désinfecter un pc infecté par le dernier virus MSN ??

Merci

(je m'inquiète car sur mon 2ème pc en "traitement" je ne peux meme plus démarrer le pc en mode normal désormais...)

Réponse 35 / 81

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

il vaut mieux avoir la derniere version interent explorer car windows se mets a jour avec

__________

sinon tu pourra surfer avec firefox ou opera ou safari si tu n'aime pas la derniere version interent explorer

maintenant c'est pas primordial pour l'instant que tu mette la version 7 mais ne surf plus avec...

pour firefox
http://www.mozilla-europe.org/fr/products/firefox/

pour opera

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/61.html

j'en ai désinfécté une centaine d'ordi avec ce virus

pour ton deuxieme post tu peux faire sdfix et nous coller un rapport hijackthis par la suite

Réponse 36 / 81

sourine Messages postés 189 Statut Membre 11

j'uitlise deja firefox 2.12 et pour IE on verra plus tard...

alors j'ai installé la dernière version Java et désinstaller l'autre.

Je constate que j'ai un nouveau message d'erreur envoyé par antivir concernant le fichier mmhren1.exe

Punaise, on n'en voit pas le bout !! lol

Réponse 37 / 81

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

colle un rapport antivir (il me faut les fichiers infécté)

et un nouveau hijackthis

Réponse 38 / 81

sourine Messages postés 189 Statut Membre 11

AntiVir PersonalEdition Classic
Report file date: dimanche 2 mars 2008 19:54

Scanning for 1130387 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: TOSHIBA

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 17:36:38
ANTIVIR2.VDF : 7.0.2.181 1993728 Bytes 24/02/2008 17:36:38
ANTIVIR3.VDF : 7.0.2.216 135168 Bytes 02/03/2008 17:36:38
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 02/03/2008 17:36:43
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 02/03/2008 17:36:43
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 2 mars 2008 19:54

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
Scan process 'NDSTray.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'TFncKy.exe' - '1' Module(s) have been scanned
Scan process 'TMEEJME.exe' - '1' Module(s) have been scanned
Scan process 'TMERzCtl.exe' - '1' Module(s) have been scanned
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'ltsmmsg.exe' - '1' Module(s) have been scanned
Scan process 'TouchED.exe' - '1' Module(s) have been scanned
Scan process 'Apoint.exe' - '1' Module(s) have been scanned
Scan process 'stacmon.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'TFNF5.exe' - '1' Module(s) have been scanned
Scan process '00THotkey.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process '1XConfig.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'TMESRV31.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\winlogon.exe'
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

49 processes with 49 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\mmhren1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.iww
[INFO] The file was moved to '4832f86e.qua'!
C:\WINDOWS\mmhren1.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.iww

The registry was scanned ( '41' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Administrateur\qtkecg.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '4835fca3.qua'!
C:\Documents and Settings\Administrateur\swfakg.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '4830fca8.qua'!
C:\Documents and Settings\Administrateur\xqswcy.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '483dfca4.qua'!
C:\Documents and Settings\Administrateur\zqnzqy.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '4838fca6.qua'!
C:\Documents and Settings\Administrateur\Bureau\catchme.zip
[0] Archive type: ZIP
--> hipsrv.mm
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> userinfo32.ggt
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
--> kcp.sys
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm.20
--> services.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> mstscex.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm.37
[INFO] The file was moved to '483efde1.qua'!
C:\Documents and Settings\Administrateur\Bureau\catchme\hipsrv.mm
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '483afdf2.qua'!
C:\Documents and Settings\Administrateur\Bureau\catchme\kcp.sys
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm.20
[INFO] The file was moved to '483afdee.qua'!
C:\Documents and Settings\Administrateur\Bureau\catchme\mstscex.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm.37
[INFO] The file was moved to '483efe02.qua'!
C:\Documents and Settings\Administrateur\Bureau\catchme\services.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '483cfdf6.qua'!
C:\Documents and Settings\Administrateur\Bureau\catchme\userinfo32.ggt
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '482ffe06.qua'!
C:\Documents and Settings\Administrateur\Bureau\NETTOYAGE MSN\Navilog1.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.50
[INFO] The file was moved to '4840fe06.qua'!
C:\Program Files\Fichiers communs\ReparateurDeSysteme\strpmon.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] The file was moved to '483d0a0b.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\symavc32.sys.vir
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48380f0e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\Voj34.sys.vir
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '48350f06.qua'!
C:\sdfix\backups\backups.zip
[0] Archive type: ZIP
--> backups/mstscex.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm.37
--> backups/oleauth32.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm.37
[INFO] The file was moved to '482e0fb1.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP1\A0001012.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm.37
[INFO] The file was moved to '47fb0fc2.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP1\A0001013.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm.37
[INFO] The file was moved to '47fb0fd4.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP1\A0001020.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm.37
[INFO] The file was moved to '47fb0fd6.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP1\A0001021.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm.37
[INFO] The file was moved to '47fb0fd8.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP3\A0001174.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.iww
[INFO] The file was moved to '47fb0fe2.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP3\A0001175.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '47fb0fe4.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP3\A0001176.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '47fb0fe5.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP3\A0001177.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '47fb0fe7.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP3\A0001178.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '47fb0fe9.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP3\A0001179.sys
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm.20
[INFO] The file was moved to '47fb0fea.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP3\A0001180.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.bnm.37
[INFO] The file was moved to '47fb0feb.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP3\A0001181.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47fb0fed.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP3\A0001182.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.50
[INFO] The file was moved to '47fb0fee.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP3\A0001183.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] The file was moved to '47fb0ff0.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP3\A0001184.exe
[DETECTION] Is the Trojan horse TR/Patched.Q.12
[INFO] The file was moved to '47fb0ff1.qua'!
C:\System Volume Information\_restore{77D31D08-AB81-4832-821E-78584B486DDD}\RP3\A0001185.exe
[DETECTION] Is the Trojan horse TR/Patched.Q.12
[INFO] The file was moved to '47fb0ff3.qua'!
C:\WINDOWS\bck1.dat
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '48361032.qua'!
C:\WINDOWS\lwsys32.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '483e104b.qua'!
C:\WINDOWS\wsysst32.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[INFO] The file was moved to '4844104d.qua'!
C:\WINDOWS\system32\winlogon.VIR
[DETECTION] Is the Trojan horse TR/Patched.Q.12
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\drivers\riode32.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '483a178e.qua'!
C:\WINDOWS\system32\drivers\Ykav39.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '482c1799.qua'!

End of the scan: dimanche 2 mars 2008 22:08
Used time: 2:13:59 min

The scan has been done completely.

4743 Scanning directories
298704 Files were scanned
44 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
37 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
298660 Files not concerned
6850 Archives were scanned
3 Warnings
0 Notes

Réponse 39 / 81

sourine Messages postés 189 Statut Membre 11

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:48, on 02/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE
C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe
C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F3 - REG:win.ini: run=C:\WINDOWS\mmhren1.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TMESRV.EXE] C:\Program Files\TOSHIBA\TME3\TMESRV31.EXE /Logon
O4 - HKLM\..\Run: [TMERzCtl.EXE] C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE /Service
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Tmesrv3 (Tmesrv) - TOSHIBA - C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

Réponse 40 / 81

sourine Messages postés 189 Statut Membre 11

et voilà le bilan...

2h15 pour faire le scan Antivir... c'est une bonne moyenne !

Y'a encore un sacré bazar la dedans, j'ai l'impression que l'on n'en verra jamais le bout !

Discussions similaires

Softonic,est-ce un virus ?

symboles et écritures pour nick msn

Désinstaller Softonic

[PC2] Virus MSN Hijack à déchiffrer SVP Merci

81 réponses

Votre réponse

Discussions similaires

Newsletters