Sujet Précédent Sujet Suivant

Encore un gros problème de Malware

Résolu/Fermé
pichouboy Messages postés 13 Date d'inscription lundi 30 juillet 2007 Statut Membre Dernière intervention 22 avril 2008 - 22 avril 2008 à 10:16
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 22 avril 2008 à 19:44
Bonjour,

Je rencontre une nouvelle fois un gros problème de Malware sur mon PC de bureau.
Aussi bien sous Firefox que sous IE7.

En gros, on me propose d'installer des logiciels de merde toutes les 2 minutes. (Tels que Anti Spyware Manager.)
J'ai passé un coup de Spybot, AdAware et CCleaner.

Voici ma log HiJackThis. Merci d'avance pour votre aide.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:41, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Criston Precision\Client\bin\MtxAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://intranet/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Eurosport
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [imhkgjeidg] c:\windows\system32\imhkgjeidg.exe imhkgjeidg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2864cec8] rundll32.exe "C:\WINDOWS\system32\yidldlit.dll",b
O4 - HKLM\..\Run: [BM2b57fd54] Rundll32.exe "C:\WINDOWS\system32\aghcoxkr.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mon Widget RMC] "C:\Program Files\Nosibay\Mon Widget RMC\launcher.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=HTTP://intranet/
O15 - Trusted Zone: https://cyberdocs.eurosport-tv.com/
O15 - Trusted Zone: *.eurosport-tv.com
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0EED7206-1661-11D7-84A3-00606744831D} (XStandard) - http://madcow.sti.eurosport.tv/3rd/xstandard/XStandard.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1) - http://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\Software\..\Telephony: DomainName = headoffice.eurosport.tv
O17 - HKLM\System\CCS\Services\Tcpip\..\{B658048A-F45C-4E64-8355-1C0B8C4EC016}: NameServer = 10.196.144.1,10.196.144.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Criston Precision Agent - Criston Software S.A. - C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
A voir également:

9 réponses

Réponse 1 / 9
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 avril 2008 à 12:09
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/



____________________



télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

c:\windows\system32\imhkgjeidg.exe
C:\WINDOWS\system32\yidldlit.dll
C:\WINDOWS\system32\aghcoxkr.dll


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_____________________


Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
0
pichouboy Messages postés 13 Date d'inscription lundi 30 juillet 2007 Statut Membre Dernière intervention 22 avril 2008
22 avril 2008 à 15:48
Merci.

J'ai fait tout ce que tu indiquais. Je n'ai pas pu récupérer les log MalwareByte's Anti-Malware et OTMoveIt :


Voici la log ComboFix :

ComboFix 08-04-20.5 - jlagier 2008-04-22 14:52:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.539 [GMT 2:00]
Running from: D:\Data\jlagier\My Documents\2. Perso\Nettoyage des infections\KillBagle.exe
* Created a new restore point
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\Downloaded Program Files\setup.dll
C:\WINDOWS\pack.epk
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aghcoxkr.dll
C:\WINDOWS\system32\fccYRlMD.dll
C:\WINDOWS\system32\jiiiOnpo.ini
C:\WINDOWS\system32\lmepollm.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnlmNEt.dll
C:\WINDOWS\system32\opnOiiij.dll
C:\WINDOWS\system32\pac.txt

----- BITS: Possible infected sites -----

hxxp://updates.swarmcast.net
.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-22 14:56 . 2008-04-22 14:56 53,248 --a------ C:\temp\catchme.dll
2008-04-22 14:56 . 2008-04-22 14:56 16,384 --a----t- C:\temp\Perflib_Perfdata_4dc.dat
2008-04-22 14:55 . 2008-04-22 14:55 0 --a----t- C:\temp\sqlite_rBlo1BOyfOTPIfa
2008-04-22 14:55 . 2008-04-22 14:55 0 --a----t- C:\temp\sqlite_0bgPiFJkBbZ8slQ
2008-04-22 14:50 . 2008-04-22 14:50 <DIR> d-------- C:\ComboFix
2008-04-22 12:43 . 2008-04-22 12:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 12:43 . 2008-04-22 12:43 <DIR> d-------- C:\Documents and Settings\jlagier\Application Data\Malwarebytes
2008-04-22 12:43 . 2008-04-22 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 12:12 . 2004-11-18 15:37 <DIR> d---s---- C:\Documents and Settings\fcollado\UserData
2008-04-22 12:12 . 2005-11-07 12:41 <DIR> d-------- C:\Documents and Settings\fcollado\Application Data\AdobeUM
2008-04-22 12:12 . 2008-04-22 12:25 <DIR> d-------- C:\Documents and Settings\fcollado
2008-04-22 12:12 . 2008-04-22 14:52 1,024 --ah----- C:\Documents and Settings\fcollado\ntuser.dat.LOG
2008-04-22 10:11 . 2008-04-22 10:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-21 19:39 . 2008-04-21 19:38 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-21 19:39 . 2008-04-21 19:39 2,548 --a------ C:\WINDOWS\unins000.dat
2008-04-21 18:53 . 2008-04-22 12:30 109,724 --a------ C:\WINDOWS\BM2b57fd54.xml
2008-04-21 18:53 . 2008-04-22 13:33 53,312 --------- C:\WINDOWS\system32\vhijisdt.dll
2008-04-21 18:48 . 2008-04-21 18:57 <DIR> d-------- C:\Program Files\AntiSpywareMaster
2008-04-21 18:45 . 2008-04-21 18:48 <DIR> d-------- C:\WINDOWS\system32\xcsDd01
2008-04-21 12:13 . 2008-04-21 12:26 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-21 12:12 . 2008-04-21 12:27 <DIR> d-------- C:\Program Files\Windows Live
2008-04-21 12:12 . 2008-04-21 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 16:20 . 2008-04-15 16:20 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Google
2008-04-15 16:18 . 2004-11-18 15:37 <DIR> d---s---- C:\Documents and Settings\$sdadon\UserData
2008-04-15 16:18 . 2004-11-18 12:01 <DIR> d--h----- C:\Documents and Settings\$sdadon\Templates
2008-04-15 16:18 . 2004-11-18 03:45 <DIR> dr------- C:\Documents and Settings\$sdadon\Start Menu
2008-04-15 16:18 . 2004-11-18 12:35 <DIR> dr-h----- C:\Documents and Settings\$sdadon\SendTo
2008-04-15 16:18 . 2008-04-15 16:19 <DIR> dr-h----- C:\Documents and Settings\$sdadon\Recent
2008-04-15 16:18 . 2004-11-18 03:45 <DIR> d--h----- C:\Documents and Settings\$sdadon\PrintHood
2008-04-15 16:18 . 2004-11-19 11:50 <DIR> d--h----- C:\Documents and Settings\$sdadon\NetHood
2008-04-15 16:18 . 2005-10-20 15:07 <DIR> d--h----- C:\Documents and Settings\$sdadon\Local Settings
2008-04-15 16:18 . 2008-04-15 16:19 <DIR> dr------- C:\Documents and Settings\$sdadon\Favorites
2008-04-15 16:18 . 2005-10-20 15:27 <DIR> d-------- C:\Documents and Settings\$sdadon\Desktop
2008-04-15 16:18 . 2008-04-16 11:04 <DIR> d--hs---- C:\Documents and Settings\$sdadon\Cookies
2008-04-15 16:18 . 2004-11-22 13:12 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Sun
2008-04-15 16:18 . 2005-05-18 15:28 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Real
2008-04-15 16:18 . 2005-10-20 15:06 <DIR> d---s---- C:\Documents and Settings\$sdadon\Application Data\Microsoft
2008-04-15 16:18 . 2004-11-22 13:31 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Macromedia
2008-04-15 16:18 . 2004-11-18 12:35 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Identities
2008-04-15 16:18 . 2005-11-07 12:41 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\AdobeUM
2008-04-15 16:18 . 2008-04-15 16:20 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Adobe
2008-04-15 16:18 . 2008-04-15 16:20 <DIR> dr-h----- C:\Documents and Settings\$sdadon\Application Data
2008-04-15 16:18 . 2008-04-22 09:48 2,883,584 --ah----- C:\Documents and Settings\$sdadon\ntuser.dat
2008-04-15 16:18 . 2008-04-22 14:52 1,024 --ah----- C:\Documents and Settings\$sdadon\ntuser.dat.LOG
2008-04-15 16:17 . 2008-04-15 16:19 <DIR> d-------- C:\Documents and Settings\$sdadon
2008-03-26 11:40 . 2008-03-26 11:40 <DIR> d-------- C:\Program Files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 09:47 --------- d-----w C:\Program Files\Google
2008-04-22 09:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-22 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-21 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-26 09:40 --------- d-----w C:\Program Files\Common Files\Real
2008-03-04 11:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 11:34 --------- d-----w C:\Program Files\Java Web Start
2008-03-04 11:34 --------- d-----w C:\Program Files\Java
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-25 04:50 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 09:00 94208]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]
"SetRefresh"="C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 18:01 525824]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 11:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 11:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 11:36 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"2864cec8"="C:\WINDOWS\system32\yidldlit.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 10:48 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Intellimenus"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mtxNotify]
mtxNotify.dll 2007-10-23 21:16 49152 C:\WINDOWS\system32\mtxNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\chgt_pass_adm.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1659004503-630328440-1417001333-1702\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1659004503-630328440-1417001333-1702\Scripts\Logon\[u]0[/u]\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-2352\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\euisadc003\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-4086\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-4086\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-4086\Scripts\Logon\1\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6542\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6542\Scripts\Logon\[u]0[/u]\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\2\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\2\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8127\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\2\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\2\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8564\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8564\Scripts\Logon\[u]0[/u]\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\2\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\2\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8702\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\euisadc004\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8702\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=antidog.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\2\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\3\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\3\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8799\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\euisadc004\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8799\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=antidog.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\2\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\3\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\3\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\2\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\2\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5400:TCP"= 5400:TCP:Criston Precision Agent
"1610:TCP"= 1610:TCP:Criston Precision Agent

S3 APSINV;APSINV;C:\WINDOWS\system32\DRIVERS\APSINV.SYS [2001-08-18 05:12]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 14:56:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Criston Precision Agent]
"ImagePath"="C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Criston Precision Agent]
"ImagePath"="C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Criston Precision\Client\bin\mtxagent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
.
**************************************************************************
.
Completion time: 2008-04-22 14:58:48 - machine was rebooted [jlagier]
ComboFix-quarantined-files.txt 2008-04-22 12:58:44

Pre-Run: 8,090,058,752 bytes free
Post-Run: 8,030,441,472 bytes free

241 --- E O F --- 2008-04-02 08:16:50
0
Réponse 2 / 9
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 avril 2008 à 15:54
analyse ce fichier sur virus total et si infécté tu le vire avec otmovit: https://www.virustotal.com/gui/


C:\WINDOWS\system32\vhijisdt.dll

____________

recolle un hijackhtis et dis tes soucis actuels
0
pichouboy Messages postés 13 Date d'inscription lundi 30 juillet 2007 Statut Membre Dernière intervention 22 avril 2008
22 avril 2008 à 18:13
Merci. Avant de le supprimer, j'aimerais te montrer le résultat (voir ci-dessous). Penses-tu que ça vaille le coup de supprimer ?




Fichier vhijisdt.dll reçu le 2008.04.22 18:01:29 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 3/32 (9.38%)


Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.4.22.0 2008.04.22 -
AntiVir 7.8.0.8 2008.04.22 TR/Trash.Gen
Authentium 4.93.8 2008.04.22 -
Avast 4.8.1169.0 2008.04.21 -
AVG 7.5.0.516 2008.04.21 -
BitDefender 7.2 2008.04.22 Adware.Virtumonde.GIO
CAT-QuickHeal 9.50 2008.04.22 -
ClamAV 0.92.1 2008.04.22 -
DrWeb 4.44.0.09170 2008.04.22 -
eSafe 7.0.15.0 2008.04.21 -
eTrust-Vet 31.3.5723 2008.04.22 -
Ewido 4.0 2008.04.22 -
F-Prot 4.4.2.54 2008.04.21 -
F-Secure 6.70.13260.0 2008.04.22 -
FileAdvisor 1 2008.04.22 -
Fortinet 3.14.0.0 2008.04.22 -
Ikarus T3.1.1.26 2008.04.22 -
Kaspersky 7.0.0.125 2008.04.22 -
McAfee 5278 2008.04.21 -
Microsoft 1.3408 2008.04.22 -
NOD32v2 3046 2008.04.22 -
Norman 5.80.02 2008.04.21 -
Panda 9.0.0.4 2008.04.21 -
Prevx1 V2 2008.04.22 -
Rising 20.41.12.00 2008.04.22 -
Sophos 4.28.0 2008.04.22 -
Sunbelt 3.0.1056.0 2008.04.17 -
Symantec 10 2008.04.22 -
TheHacker 6.2.92.286 2008.04.21 -
VBA32 3.12.6.4 2008.04.16 -
VirusBuster 4.3.26:9 2008.04.21 -
Webwasher-Gateway 6.6.2 2008.04.22 Trojan.Trash.Gen
Information additionnelle
File size: 53312 bytes
MD5...: 60fba1fd224ee11d65d9e382ec4f0cba
SHA1..: 9e162abcb03c064de853749fad395f2ee0aae581
SHA256: f928282511971bd6f153e7b662ac96fc9da79bc1d5730af434b01d8ca5c22564
SHA512: 1dab5295238dad01908a320a4ae12666f0254b4f1e2cccf2d9215144188a8bbd
577af8a09453c7a7221f28d984b458dfe5afe22c63bd477a8c58f7b5fcd21e94
PEiD..: -
PEInfo: -
0
Réponse 3 / 9
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 avril 2008 à 18:15
oui vire le!
0
pichouboy Messages postés 13 Date d'inscription lundi 30 juillet 2007 Statut Membre Dernière intervention 22 avril 2008
22 avril 2008 à 18:20
J'ai effacé. Merc bcp bcp bcp. Plus de problème semble-t-il...

Voici la log HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19, on 2008-04-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Criston Precision\Client\bin\MtxAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://intranet/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Eurosport
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2864cec8] rundll32.exe "C:\WINDOWS\system32\yidldlit.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=HTTP://intranet/
O15 - Trusted Zone: https://cyberdocs.eurosport-tv.com/
O15 - Trusted Zone: *.eurosport-tv.com
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0EED7206-1661-11D7-84A3-00606744831D} (XStandard) - http://madcow.sti.eurosport.tv/3rd/xstandard/XStandard.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1) - http://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\Software\..\Telephony: DomainName = headoffice.eurosport.tv
O17 - HKLM\System\CCS\Services\Tcpip\..\{B658048A-F45C-4E64-8355-1C0B8C4EC016}: NameServer = 10.196.144.1,10.196.144.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O20 - Winlogon Notify: mtxNotify - C:\WINDOWS\SYSTEM32\mtxNotify.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Criston Precision Agent - Criston Software S.A. - C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 4 / 9
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 avril 2008 à 18:22
fix cette ligne

O4 - HKLM\..\Run: [2864cec8] rundll32.exe "C:\WINDOWS\system32\yidldlit.dll",b


_________________



Fais un clic droit sur ce lien : (IL-MAFIOSO)
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
0
pichouboy Messages postés 13 Date d'inscription lundi 30 juillet 2007 Statut Membre Dernière intervention 22 avril 2008
22 avril 2008 à 18:35
Voici :

Search Navipromo version 3.5.4 commencé le 2008-04-22 à 18:31:43.60

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "jlagier"

Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO


Microsoft Windows XP [Version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***




*** Recherche dossiers dans "C:\WINDOWS" ***



*** Recherche dossiers dans "C:\Program Files" ***



*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***




*** Recherche dossiers dans "C:\Documents and Settings\jlagier\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\jlagier\locals~1\applic~1" ***



*** Recherche dossiers dans "C:\Documents and Settings\jlagier\startm~1\programs" ***


*** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs" ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier trouvé



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\jlagier\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\$sdadon\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\fcollado\locals~1\applic~1" *

* Recherche dans "C:\DOCUME~1\livefoot\locals~1\applic~1" *



*** Recherche fichiers ***




*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\jlagier\locals~1\applic~1" :


* Dans "C:\DOCUME~1\$sdadon\locals~1\applic~1" :


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


* Dans "C:\DOCUME~1\fcollado\locals~1\applic~1" :


* Dans "C:\DOCUME~1\livefoot\locals~1\applic~1" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 2008-04-22 à 18:34:01.03 ***
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 avril 2008 à 19:06
ok desinstalle navilog via ton panneau de configuration

encore des pubs? des soucis?

recolle un hijackhtis
0
pichouboy Messages postés 13 Date d'inscription lundi 30 juillet 2007 Statut Membre Dernière intervention 22 avril 2008
22 avril 2008 à 19:09
A priori ça va. Merci.

Voici la log HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08, on 2008-04-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Criston Precision\Client\bin\MtxAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://intranet/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Eurosport
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2864cec8] rundll32.exe "C:\WINDOWS\system32\yidldlit.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=HTTP://intranet/
O15 - Trusted Zone: https://cyberdocs.eurosport-tv.com/
O15 - Trusted Zone: *.eurosport-tv.com
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0EED7206-1661-11D7-84A3-00606744831D} (XStandard) - http://madcow.sti.eurosport.tv/3rd/xstandard/XStandard.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1) - http://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\Software\..\Telephony: DomainName = headoffice.eurosport.tv
O17 - HKLM\System\CCS\Services\Tcpip\..\{B658048A-F45C-4E64-8355-1C0B8C4EC016}: NameServer = 10.196.144.1,10.196.144.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O20 - Winlogon Notify: mtxNotify - C:\WINDOWS\SYSTEM32\mtxNotify.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Criston Precision Agent - Criston Software S.A. - C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 6 / 9
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 avril 2008 à 19:30
telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !



Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :





File::
C:\WINDOWS\system32\yidldlit.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2864cec8"=-






Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
pichouboy Messages postés 13 Date d'inscription lundi 30 juillet 2007 Statut Membre Dernière intervention 22 avril 2008
22 avril 2008 à 19:38
Voici les 2 log :


ComboFix 08-04-20.5 - jlagier 2008-04-22 19:34:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.531 [GMT 2:00]
Running from: C:\Documents and Settings\jlagier\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\jlagier\Desktop\CFscript.txt
* Created a new restore point
* Resident AV is active


[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE ::
C:\WINDOWS\system32\yidldlit.dll
.

((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-22 19:35 . 2008-04-22 19:35 53,248 --a------ C:\temp\catchme.dll
2008-04-22 14:55 . 2008-04-22 14:55 2,048 --a----t- C:\temp\sqlite_rBlo1BOyfOTPIfa
2008-04-22 14:55 . 2008-04-22 14:55 2,048 --a----t- C:\temp\sqlite_0bgPiFJkBbZ8slQ
2008-04-22 12:43 . 2008-04-22 12:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 12:43 . 2008-04-22 12:43 <DIR> d-------- C:\Documents and Settings\jlagier\Application Data\Malwarebytes
2008-04-22 12:43 . 2008-04-22 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-22 12:12 . 2004-11-18 15:37 <DIR> d---s---- C:\Documents and Settings\fcollado\UserData
2008-04-22 12:12 . 2005-11-07 12:41 <DIR> d-------- C:\Documents and Settings\fcollado\Application Data\AdobeUM
2008-04-22 12:12 . 2008-04-22 12:25 <DIR> d-------- C:\Documents and Settings\fcollado
2008-04-22 12:12 . 2008-04-22 14:52 1,024 --ah----- C:\Documents and Settings\fcollado\ntuser.dat.LOG
2008-04-22 10:11 . 2008-04-22 10:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-21 19:39 . 2008-04-21 19:38 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-21 19:39 . 2008-04-21 19:39 2,548 --a------ C:\WINDOWS\unins000.dat
2008-04-21 18:53 . 2008-04-22 12:30 109,724 --a------ C:\WINDOWS\BM2b57fd54.xml
2008-04-21 18:48 . 2008-04-21 18:57 <DIR> d-------- C:\Program Files\AntiSpywareMaster
2008-04-21 18:45 . 2008-04-21 18:48 <DIR> d-------- C:\WINDOWS\system32\xcsDd01
2008-04-21 12:13 . 2008-04-21 12:26 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-21 12:12 . 2008-04-21 12:27 <DIR> d-------- C:\Program Files\Windows Live
2008-04-21 12:12 . 2008-04-21 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-15 16:20 . 2008-04-15 16:20 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Google
2008-04-15 16:18 . 2004-11-18 15:37 <DIR> d---s---- C:\Documents and Settings\$sdadon\UserData
2008-04-15 16:18 . 2004-11-18 12:01 <DIR> d--h----- C:\Documents and Settings\$sdadon\Templates
2008-04-15 16:18 . 2004-11-18 03:45 <DIR> dr------- C:\Documents and Settings\$sdadon\Start Menu
2008-04-15 16:18 . 2004-11-18 12:35 <DIR> dr-h----- C:\Documents and Settings\$sdadon\SendTo
2008-04-15 16:18 . 2008-04-15 16:19 <DIR> dr-h----- C:\Documents and Settings\$sdadon\Recent
2008-04-15 16:18 . 2004-11-18 03:45 <DIR> d--h----- C:\Documents and Settings\$sdadon\PrintHood
2008-04-15 16:18 . 2004-11-19 11:50 <DIR> d--h----- C:\Documents and Settings\$sdadon\NetHood
2008-04-15 16:18 . 2008-04-22 19:35 <DIR> d--h----- C:\Documents and Settings\$sdadon\Local Settings
2008-04-15 16:18 . 2008-04-15 16:19 <DIR> dr------- C:\Documents and Settings\$sdadon\Favorites
2008-04-15 16:18 . 2005-10-20 15:27 <DIR> d-------- C:\Documents and Settings\$sdadon\Desktop
2008-04-15 16:18 . 2008-04-16 11:04 <DIR> d--hs---- C:\Documents and Settings\$sdadon\Cookies
2008-04-15 16:18 . 2004-11-22 13:12 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Sun
2008-04-15 16:18 . 2005-05-18 15:28 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Real
2008-04-15 16:18 . 2005-10-20 15:06 <DIR> d---s---- C:\Documents and Settings\$sdadon\Application Data\Microsoft
2008-04-15 16:18 . 2004-11-22 13:31 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Macromedia
2008-04-15 16:18 . 2004-11-18 12:35 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Identities
2008-04-15 16:18 . 2005-11-07 12:41 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\AdobeUM
2008-04-15 16:18 . 2008-04-15 16:20 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Adobe
2008-04-15 16:18 . 2008-04-15 16:20 <DIR> dr-h----- C:\Documents and Settings\$sdadon\Application Data
2008-04-15 16:18 . 2008-04-22 09:48 2,883,584 --ah----- C:\Documents and Settings\$sdadon\ntuser.dat
2008-04-15 16:18 . 2008-04-22 14:52 1,024 --ah----- C:\Documents and Settings\$sdadon\ntuser.dat.LOG
2008-04-15 16:17 . 2008-04-15 16:19 <DIR> d-------- C:\Documents and Settings\$sdadon
2008-03-26 11:40 . 2008-03-26 11:40 <DIR> d-------- C:\Program Files\Common Files\xing shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 17:07 --------- d-----w C:\Program Files\Navilog1
2008-04-22 09:47 --------- d-----w C:\Program Files\Google
2008-04-22 09:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-22 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-21 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-21 16:59 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-03-26 09:40 --------- d-----w C:\Program Files\Common Files\Real
2008-03-26 09:38 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-26 09:38 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2008-03-04 11:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-04 11:34 --------- d-----w C:\Program Files\Java Web Start
2008-03-04 11:34 --------- d-----w C:\Program Files\Java
.

((((((((((((((((((((((((((((( snapshot@2008-04-22_14.58.26.59 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-22 11:39:17 72,268 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-22 12:58:52 72,268 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-22 11:39:17 444,836 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-22 12:58:52 444,836 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-25 04:50 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 09:00 94208]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]
"SetRefresh"="C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 18:01 525824]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 11:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 11:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 11:36 114688]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 10:48 53760 C:\WINDOWS\system32\narrator.exe]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Intellimenus"= 1 (0x1)
"NoInstrumentation"= 1 (0x1)
"DisablePersonalDirChange"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mtxNotify]
mtxNotify.dll 2007-10-23 21:16 49152 C:\WINDOWS\system32\mtxNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\chgt_pass_adm.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1659004503-630328440-1417001333-1702\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1659004503-630328440-1417001333-1702\Scripts\Logon\[u]0[/u]\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-2352\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\euisadc003\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-4086\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-4086\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-4086\Scripts\Logon\1\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6542\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6542\Scripts\Logon\[u]0[/u]\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\2\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\2\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8127\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\2\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\2\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8564\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8564\Scripts\Logon\[u]0[/u]\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\2\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\2\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8702\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\euisadc004\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8702\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=antidog.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\2\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\3\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\3\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8799\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\euisadc004\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8799\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=antidog.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\2\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\3\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\3\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\[u]0[/u]\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\1\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\2\[u]0[/u]]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\2\1]
"Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5400:TCP"= 5400:TCP:Criston Precision Agent
"1610:TCP"= 1610:TCP:Criston Precision Agent

S3 APSINV;APSINV;C:\WINDOWS\system32\DRIVERS\APSINV.SYS [2001-08-18 05:12]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 19:35:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Criston Precision Agent]
"ImagePath"="C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Criston Precision Agent]
"ImagePath"="C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe"
.
Completion time: 2008-04-22 19:37:06
ComboFix-quarantined-files.txt 2008-04-22 17:36:53
ComboFix2.txt 2008-04-22 12:58:50

Pre-Run: 7,971,618,816 bytes free
Post-Run: 7,962,959,872 bytes free

220 --- E O F --- 2008-04-02 08:16:50




















Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37, on 2008-04-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Criston Precision\Client\bin\MtxAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=HTTP://intranet/
O15 - Trusted Zone: https://cyberdocs.eurosport-tv.com/
O15 - Trusted Zone: *.eurosport-tv.com
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0EED7206-1661-11D7-84A3-00606744831D} (XStandard) - http://madcow.sti.eurosport.tv/3rd/xstandard/XStandard.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1) - http://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\Software\..\Telephony: DomainName = headoffice.eurosport.tv
O17 - HKLM\System\CCS\Services\Tcpip\..\{B658048A-F45C-4E64-8355-1C0B8C4EC016}: NameServer = 10.196.144.1,10.196.144.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O20 - Winlogon Notify: mtxNotify - C:\WINDOWS\SYSTEM32\mtxNotify.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Criston Precision Agent - Criston Software S.A. - C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 7 / 9
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 avril 2008 à 19:40
ok c'est bon!!!


lance toolcleaner pour virer les logiciels que je t'ai fais mettre

http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
0
pichouboy Messages postés 13 Date d'inscription lundi 30 juillet 2007 Statut Membre Dernière intervention 22 avril 2008
22 avril 2008 à 19:43
Parfait.

Merci bcp pour ton aide extrêmement précieuse et efficace.

Bonne soirée
0
Réponse 8 / 9
pichouboy Messages postés 13 Date d'inscription lundi 30 juillet 2007 Statut Membre Dernière intervention 22 avril 2008
22 avril 2008 à 19:44
Problème résolu.
0
Réponse 9 / 9
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
22 avril 2008 à 19:44
bonne soirée!
0

Discussions similaires

Comment supprimer tor.jack sur Android
sabinelouisonbruno -
akaloupile -

4 réponses
Win64:Malware-gen
ptb35 -
MisteryBean -

3 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
Problème de malware
jbijp -
MisteryBean -

1 réponse
Pc infecté ? Analyse de Gridinsoft
slimocb -
bazfile -

7 réponses