Encore un gros problème de Malware

Résolu
pichouboy Messages postés 13 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

Je rencontre une nouvelle fois un gros problème de Malware sur mon PC de bureau.
Aussi bien sous Firefox que sous IE7.

En gros, on me propose d'installer des logiciels de merde toutes les 2 minutes. (Tels que Anti Spyware Manager.)
J'ai passé un coup de Spybot, AdAware et CCleaner.

Voici ma log HiJackThis. Merci d'avance pour votre aide.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:11:41, on 22/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Criston Precision\Client\bin\MtxAgent.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://intranet/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://intranet/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Eurosport
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [imhkgjeidg] c:\windows\system32\imhkgjeidg.exe imhkgjeidg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [2864cec8] rundll32.exe "C:\WINDOWS\system32\yidldlit.dll",b
O4 - HKLM\..\Run: [BM2b57fd54] Rundll32.exe "C:\WINDOWS\system32\aghcoxkr.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mon Widget RMC] "C:\Program Files\Nosibay\Mon Widget RMC\launcher.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=HTTP://intranet/
O15 - Trusted Zone: https://cyberdocs.eurosport-tv.com/
O15 - Trusted Zone: *.eurosport-tv.com
O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
O16 - DPF: {0EED7206-1661-11D7-84A3-00606744831D} (XStandard) - http://madcow.sti.eurosport.tv/3rd/xstandard/XStandard.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1) - http://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\Software\..\Telephony: DomainName = headoffice.eurosport.tv
O17 - HKLM\System\CCS\Services\Tcpip\..\{B658048A-F45C-4E64-8355-1C0B8C4EC016}: NameServer = 10.196.144.1,10.196.144.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Criston Precision Agent - Criston Software S.A. - C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8702 bytes
Configuration: Windows XP
Internet Explorer 7.0

9 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    ____________________

    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    c:\windows\system32\imhkgjeidg.exe
    C:\WINDOWS\system32\yidldlit.dll
    C:\WINDOWS\system32\aghcoxkr.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _____________________

    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
    1. pichouboy Messages postés 13 Statut Membre
       
      Merci.

      J'ai fait tout ce que tu indiquais. Je n'ai pas pu récupérer les log MalwareByte's Anti-Malware et OTMoveIt :


      Voici la log ComboFix :

      ComboFix 08-04-20.5 - jlagier 2008-04-22 14:52:30.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.539 [GMT 2:00]
      Running from: D:\Data\jlagier\My Documents\2. Perso\Nettoyage des infections\KillBagle.exe
      * Created a new restore point
      * Resident AV is active


      [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
      C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
      C:\WINDOWS\Downloaded Program Files\setup.dll
      C:\WINDOWS\pack.epk
      C:\WINDOWS\pskt.ini
      C:\WINDOWS\system32\aghcoxkr.dll
      C:\WINDOWS\system32\fccYRlMD.dll
      C:\WINDOWS\system32\jiiiOnpo.ini
      C:\WINDOWS\system32\lmepollm.dll
      C:\WINDOWS\system32\mcrh.tmp
      C:\WINDOWS\system32\nnnlmNEt.dll
      C:\WINDOWS\system32\opnOiiij.dll
      C:\WINDOWS\system32\pac.txt

      ----- BITS: Possible infected sites -----

      hxxp://updates.swarmcast.net
      .
      ((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
      .

      2008-04-22 14:56 . 2008-04-22 14:56 53,248 --a------ C:\temp\catchme.dll
      2008-04-22 14:56 . 2008-04-22 14:56 16,384 --a----t- C:\temp\Perflib_Perfdata_4dc.dat
      2008-04-22 14:55 . 2008-04-22 14:55 0 --a----t- C:\temp\sqlite_rBlo1BOyfOTPIfa
      2008-04-22 14:55 . 2008-04-22 14:55 0 --a----t- C:\temp\sqlite_0bgPiFJkBbZ8slQ
      2008-04-22 14:50 . 2008-04-22 14:50 <DIR> d-------- C:\ComboFix
      2008-04-22 12:43 . 2008-04-22 12:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-04-22 12:43 . 2008-04-22 12:43 <DIR> d-------- C:\Documents and Settings\jlagier\Application Data\Malwarebytes
      2008-04-22 12:43 . 2008-04-22 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-04-22 12:12 . 2004-11-18 15:37 <DIR> d---s---- C:\Documents and Settings\fcollado\UserData
      2008-04-22 12:12 . 2005-11-07 12:41 <DIR> d-------- C:\Documents and Settings\fcollado\Application Data\AdobeUM
      2008-04-22 12:12 . 2008-04-22 12:25 <DIR> d-------- C:\Documents and Settings\fcollado
      2008-04-22 12:12 . 2008-04-22 14:52 1,024 --ah----- C:\Documents and Settings\fcollado\ntuser.dat.LOG
      2008-04-22 10:11 . 2008-04-22 10:11 <DIR> d-------- C:\Program Files\Trend Micro
      2008-04-21 19:39 . 2008-04-21 19:38 691,545 --a------ C:\WINDOWS\unins000.exe
      2008-04-21 19:39 . 2008-04-21 19:39 2,548 --a------ C:\WINDOWS\unins000.dat
      2008-04-21 18:53 . 2008-04-22 12:30 109,724 --a------ C:\WINDOWS\BM2b57fd54.xml
      2008-04-21 18:53 . 2008-04-22 13:33 53,312 --------- C:\WINDOWS\system32\vhijisdt.dll
      2008-04-21 18:48 . 2008-04-21 18:57 <DIR> d-------- C:\Program Files\AntiSpywareMaster
      2008-04-21 18:45 . 2008-04-21 18:48 <DIR> d-------- C:\WINDOWS\system32\xcsDd01
      2008-04-21 12:13 . 2008-04-21 12:26 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-04-21 12:12 . 2008-04-21 12:27 <DIR> d-------- C:\Program Files\Windows Live
      2008-04-21 12:12 . 2008-04-21 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-04-15 16:20 . 2008-04-15 16:20 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Google
      2008-04-15 16:18 . 2004-11-18 15:37 <DIR> d---s---- C:\Documents and Settings\$sdadon\UserData
      2008-04-15 16:18 . 2004-11-18 12:01 <DIR> d--h----- C:\Documents and Settings\$sdadon\Templates
      2008-04-15 16:18 . 2004-11-18 03:45 <DIR> dr------- C:\Documents and Settings\$sdadon\Start Menu
      2008-04-15 16:18 . 2004-11-18 12:35 <DIR> dr-h----- C:\Documents and Settings\$sdadon\SendTo
      2008-04-15 16:18 . 2008-04-15 16:19 <DIR> dr-h----- C:\Documents and Settings\$sdadon\Recent
      2008-04-15 16:18 . 2004-11-18 03:45 <DIR> d--h----- C:\Documents and Settings\$sdadon\PrintHood
      2008-04-15 16:18 . 2004-11-19 11:50 <DIR> d--h----- C:\Documents and Settings\$sdadon\NetHood
      2008-04-15 16:18 . 2005-10-20 15:07 <DIR> d--h----- C:\Documents and Settings\$sdadon\Local Settings
      2008-04-15 16:18 . 2008-04-15 16:19 <DIR> dr------- C:\Documents and Settings\$sdadon\Favorites
      2008-04-15 16:18 . 2005-10-20 15:27 <DIR> d-------- C:\Documents and Settings\$sdadon\Desktop
      2008-04-15 16:18 . 2008-04-16 11:04 <DIR> d--hs---- C:\Documents and Settings\$sdadon\Cookies
      2008-04-15 16:18 . 2004-11-22 13:12 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Sun
      2008-04-15 16:18 . 2005-05-18 15:28 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Real
      2008-04-15 16:18 . 2005-10-20 15:06 <DIR> d---s---- C:\Documents and Settings\$sdadon\Application Data\Microsoft
      2008-04-15 16:18 . 2004-11-22 13:31 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Macromedia
      2008-04-15 16:18 . 2004-11-18 12:35 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Identities
      2008-04-15 16:18 . 2005-11-07 12:41 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\AdobeUM
      2008-04-15 16:18 . 2008-04-15 16:20 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Adobe
      2008-04-15 16:18 . 2008-04-15 16:20 <DIR> dr-h----- C:\Documents and Settings\$sdadon\Application Data
      2008-04-15 16:18 . 2008-04-22 09:48 2,883,584 --ah----- C:\Documents and Settings\$sdadon\ntuser.dat
      2008-04-15 16:18 . 2008-04-22 14:52 1,024 --ah----- C:\Documents and Settings\$sdadon\ntuser.dat.LOG
      2008-04-15 16:17 . 2008-04-15 16:19 <DIR> d-------- C:\Documents and Settings\$sdadon
      2008-03-26 11:40 . 2008-03-26 11:40 <DIR> d-------- C:\Program Files\Common Files\xing shared

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-22 09:47 --------- d-----w C:\Program Files\Google
      2008-04-22 09:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-04-22 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-04-21 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-03-26 09:40 --------- d-----w C:\Program Files\Common Files\Real
      2008-03-04 11:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-04 11:34 --------- d-----w C:\Program Files\Java Web Start
      2008-03-04 11:34 --------- d-----w C:\Program Files\Java
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-25 04:50 139320]
      "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 09:00 94208]
      "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]
      "SetRefresh"="C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 18:01 525824]
      "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 11:35 94208]
      "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 11:32 77824]
      "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 11:36 114688]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
      "2864cec8"="C:\WINDOWS\system32\yidldlit.dll" [ ]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "RunNarrator"="Narrator.exe" [2006-10-04 10:48 53760 C:\WINDOWS\system32\narrator.exe]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "Intellimenus"= 1 (0x1)
      "NoInstrumentation"= 1 (0x1)
      "DisablePersonalDirChange"= 1 (0x1)
      "ForceStartMenuLogOff"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mtxNotify]
      mtxNotify.dll 2007-10-23 21:16 49152 C:\WINDOWS\system32\mtxNotify.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\chgt_pass_adm.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1659004503-630328440-1417001333-1702\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1659004503-630328440-1417001333-1702\Scripts\Logon\[u]0[/u]\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-2352\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\euisadc003\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-4086\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-4086\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-4086\Scripts\Logon\1\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6542\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6542\Scripts\Logon\[u]0[/u]\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\2\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\2\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8127\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\2\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\2\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8564\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8564\Scripts\Logon\[u]0[/u]\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\2\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\2\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8702\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\euisadc004\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8702\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=antidog.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\2\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\3\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\3\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8799\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\euisadc004\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8799\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=antidog.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\2\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\3\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\3\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\2\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\2\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "5400:TCP"= 5400:TCP:Criston Precision Agent
      "1610:TCP"= 1610:TCP:Criston Precision Agent

      S3 APSINV;APSINV;C:\WINDOWS\system32\DRIVERS\APSINV.SYS [2001-08-18 05:12]

      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-22 14:56:01
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Criston Precision Agent]
      "ImagePath"="C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Criston Precision Agent]
      "ImagePath"="C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe"
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\Program Files\Criston Precision\Client\bin\mtxagent.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\wdfmgr.exe
      C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
      .
      **************************************************************************
      .
      Completion time: 2008-04-22 14:58:48 - machine was rebooted [jlagier]
      ComboFix-quarantined-files.txt 2008-04-22 12:58:44

      Pre-Run: 8,090,058,752 bytes free
      Post-Run: 8,030,441,472 bytes free

      241 --- E O F --- 2008-04-02 08:16:50
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse ce fichier sur virus total et si infécté tu le vire avec otmovit: https://www.virustotal.com/gui/

    C:\WINDOWS\system32\vhijisdt.dll

    ____________

    recolle un hijackhtis et dis tes soucis actuels
    0
    1. pichouboy Messages postés 13 Statut Membre
       
      Merci. Avant de le supprimer, j'aimerais te montrer le résultat (voir ci-dessous). Penses-tu que ça vaille le coup de supprimer ?




      Fichier vhijisdt.dll reçu le 2008.04.22 18:01:29 (CET)
      Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
      Résultat: 3/32 (9.38%)


      Antivirus Version Dernière mise à jour Résultat
      AhnLab-V3 2008.4.22.0 2008.04.22 -
      AntiVir 7.8.0.8 2008.04.22 TR/Trash.Gen
      Authentium 4.93.8 2008.04.22 -
      Avast 4.8.1169.0 2008.04.21 -
      AVG 7.5.0.516 2008.04.21 -
      BitDefender 7.2 2008.04.22 Adware.Virtumonde.GIO
      CAT-QuickHeal 9.50 2008.04.22 -
      ClamAV 0.92.1 2008.04.22 -
      DrWeb 4.44.0.09170 2008.04.22 -
      eSafe 7.0.15.0 2008.04.21 -
      eTrust-Vet 31.3.5723 2008.04.22 -
      Ewido 4.0 2008.04.22 -
      F-Prot 4.4.2.54 2008.04.21 -
      F-Secure 6.70.13260.0 2008.04.22 -
      FileAdvisor 1 2008.04.22 -
      Fortinet 3.14.0.0 2008.04.22 -
      Ikarus T3.1.1.26 2008.04.22 -
      Kaspersky 7.0.0.125 2008.04.22 -
      McAfee 5278 2008.04.21 -
      Microsoft 1.3408 2008.04.22 -
      NOD32v2 3046 2008.04.22 -
      Norman 5.80.02 2008.04.21 -
      Panda 9.0.0.4 2008.04.21 -
      Prevx1 V2 2008.04.22 -
      Rising 20.41.12.00 2008.04.22 -
      Sophos 4.28.0 2008.04.22 -
      Sunbelt 3.0.1056.0 2008.04.17 -
      Symantec 10 2008.04.22 -
      TheHacker 6.2.92.286 2008.04.21 -
      VBA32 3.12.6.4 2008.04.16 -
      VirusBuster 4.3.26:9 2008.04.21 -
      Webwasher-Gateway 6.6.2 2008.04.22 Trojan.Trash.Gen
      Information additionnelle
      File size: 53312 bytes
      MD5...: 60fba1fd224ee11d65d9e382ec4f0cba
      SHA1..: 9e162abcb03c064de853749fad395f2ee0aae581
      SHA256: f928282511971bd6f153e7b662ac96fc9da79bc1d5730af434b01d8ca5c22564
      SHA512: 1dab5295238dad01908a320a4ae12666f0254b4f1e2cccf2d9215144188a8bbd
      577af8a09453c7a7221f28d984b458dfe5afe22c63bd477a8c58f7b5fcd21e94
      PEiD..: -
      PEInfo: -
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui vire le!
    0
    1. pichouboy Messages postés 13 Statut Membre
       
      J'ai effacé. Merc bcp bcp bcp. Plus de problème semble-t-il...

      Voici la log HiJackThis :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:19, on 2008-04-22
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Criston Precision\Client\bin\MtxAgent.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
      C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
      C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
      C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://intranet/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://intranet/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://intranet/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Eurosport
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
      O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [2864cec8] rundll32.exe "C:\WINDOWS\system32\yidldlit.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=HTTP://intranet/
      O15 - Trusted Zone: https://cyberdocs.eurosport-tv.com/
      O15 - Trusted Zone: *.eurosport-tv.com
      O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
      O16 - DPF: {0EED7206-1661-11D7-84A3-00606744831D} (XStandard) - http://madcow.sti.eurosport.tv/3rd/xstandard/XStandard.cab
      O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1) - http://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
      O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
      O17 - HKLM\Software\..\Telephony: DomainName = headoffice.eurosport.tv
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B658048A-F45C-4E64-8355-1C0B8C4EC016}: NameServer = 10.196.144.1,10.196.144.2
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
      O20 - Winlogon Notify: mtxNotify - C:\WINDOWS\SYSTEM32\mtxNotify.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Criston Precision Agent - Criston Software S.A. - C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fix cette ligne

    O4 - HKLM\..\Run: [2864cec8] rundll32.exe "C:\WINDOWS\system32\yidldlit.dll",b

    _________________

    Fais un clic droit sur ce lien : (IL-MAFIOSO)
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
    0
    1. pichouboy Messages postés 13 Statut Membre
       
      Voici :

      Search Navipromo version 3.5.4 commencé le 2008-04-22 à 18:31:43.60

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Postez ce rapport sur le forum pour le faire analyser !!!
      !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

      Outil exécuté depuis C:\Program Files\navilog1
      Session actuelle : "jlagier"

      Mise à jour le 15.04.2008 à 18h00 par IL-MAFIOSO


      Microsoft Windows XP [Version 5.1.2600]
      Internet Explorer : 7.0.5730.11
      Système de fichiers : NTFS

      Executé en mode normal

      *** Recherche Programmes installés ***




      *** Recherche dossiers dans "C:\WINDOWS" ***



      *** Recherche dossiers dans "C:\Program Files" ***



      *** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\APPLIC~1" ***




      *** Recherche dossiers dans "C:\Documents and Settings\jlagier\applic~1" ***



      *** Recherche dossiers dans "C:\Documents and Settings\jlagier\locals~1\applic~1" ***



      *** Recherche dossiers dans "C:\Documents and Settings\jlagier\startm~1\programs" ***


      *** Recherche dossiers dans "C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs" ***


      *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
      pour + d'infos : http://www.gmer.net

      Aucun Fichier trouvé



      *** Recherche avec GenericNaviSearch ***
      !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A vérifier impérativement avant toute suppression manuelle !!!

      * Recherche dans "C:\WINDOWS\system32" *

      * Recherche dans "C:\Documents and Settings\jlagier\locals~1\applic~1" *

      * Recherche dans "C:\DOCUME~1\$sdadon\locals~1\applic~1" *

      * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

      * Recherche dans "C:\DOCUME~1\fcollado\locals~1\applic~1" *

      * Recherche dans "C:\DOCUME~1\livefoot\locals~1\applic~1" *



      *** Recherche fichiers ***




      *** Recherche clés spécifiques dans le Registre ***


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche nouveaux fichiers Instant Access :


      2)Recherche Heuristique :

      * Dans "C:\WINDOWS\system32" :


      * Dans "C:\Documents and Settings\jlagier\locals~1\applic~1" :


      * Dans "C:\DOCUME~1\$sdadon\locals~1\applic~1" :


      * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :


      * Dans "C:\DOCUME~1\fcollado\locals~1\applic~1" :


      * Dans "C:\DOCUME~1\livefoot\locals~1\applic~1" :


      3)Recherche Certificats :

      Certificat Egroup absent !
      Certificat Electronic-Group absent !
      Certificat OOO-Favorit absent !
      Certificat Sunny-Day-Design-Ltd absent !

      4)Recherche fichiers connus :



      *** Analyse terminée le 2008-04-22 à 18:34:01.03 ***
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok desinstalle navilog via ton panneau de configuration

    encore des pubs? des soucis?

    recolle un hijackhtis
    0
    1. pichouboy Messages postés 13 Statut Membre
       
      A priori ça va. Merci.

      Voici la log HiJackThis :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:08, on 2008-04-22
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Criston Precision\Client\bin\MtxAgent.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
      C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
      C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
      C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://intranet/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://intranet/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HTTP://intranet/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Eurosport
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
      O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [2864cec8] rundll32.exe "C:\WINDOWS\system32\yidldlit.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=HTTP://intranet/
      O15 - Trusted Zone: https://cyberdocs.eurosport-tv.com/
      O15 - Trusted Zone: *.eurosport-tv.com
      O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
      O16 - DPF: {0EED7206-1661-11D7-84A3-00606744831D} (XStandard) - http://madcow.sti.eurosport.tv/3rd/xstandard/XStandard.cab
      O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1) - http://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
      O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
      O17 - HKLM\Software\..\Telephony: DomainName = headoffice.eurosport.tv
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B658048A-F45C-4E64-8355-1C0B8C4EC016}: NameServer = 10.196.144.1,10.196.144.2
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
      O20 - Winlogon Notify: mtxNotify - C:\WINDOWS\SYSTEM32\mtxNotify.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Criston Precision Agent - Criston Software S.A. - C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\system32\yidldlit.dll

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "2864cec8"=-

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Remets aussi un rapport Hijackthis

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
    0
    1. pichouboy Messages postés 13 Statut Membre
       
      Voici les 2 log :


      ComboFix 08-04-20.5 - jlagier 2008-04-22 19:34:31.2 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.531 [GMT 2:00]
      Running from: C:\Documents and Settings\jlagier\Desktop\ComboFix.exe
      Command switches used :: C:\Documents and Settings\jlagier\Desktop\CFscript.txt
      * Created a new restore point
      * Resident AV is active


      [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

      FILE ::
      C:\WINDOWS\system32\yidldlit.dll
      .

      ((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
      .

      2008-04-22 19:35 . 2008-04-22 19:35 53,248 --a------ C:\temp\catchme.dll
      2008-04-22 14:55 . 2008-04-22 14:55 2,048 --a----t- C:\temp\sqlite_rBlo1BOyfOTPIfa
      2008-04-22 14:55 . 2008-04-22 14:55 2,048 --a----t- C:\temp\sqlite_0bgPiFJkBbZ8slQ
      2008-04-22 12:43 . 2008-04-22 12:43 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
      2008-04-22 12:43 . 2008-04-22 12:43 <DIR> d-------- C:\Documents and Settings\jlagier\Application Data\Malwarebytes
      2008-04-22 12:43 . 2008-04-22 12:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
      2008-04-22 12:12 . 2004-11-18 15:37 <DIR> d---s---- C:\Documents and Settings\fcollado\UserData
      2008-04-22 12:12 . 2005-11-07 12:41 <DIR> d-------- C:\Documents and Settings\fcollado\Application Data\AdobeUM
      2008-04-22 12:12 . 2008-04-22 12:25 <DIR> d-------- C:\Documents and Settings\fcollado
      2008-04-22 12:12 . 2008-04-22 14:52 1,024 --ah----- C:\Documents and Settings\fcollado\ntuser.dat.LOG
      2008-04-22 10:11 . 2008-04-22 10:11 <DIR> d-------- C:\Program Files\Trend Micro
      2008-04-21 19:39 . 2008-04-21 19:38 691,545 --a------ C:\WINDOWS\unins000.exe
      2008-04-21 19:39 . 2008-04-21 19:39 2,548 --a------ C:\WINDOWS\unins000.dat
      2008-04-21 18:53 . 2008-04-22 12:30 109,724 --a------ C:\WINDOWS\BM2b57fd54.xml
      2008-04-21 18:48 . 2008-04-21 18:57 <DIR> d-------- C:\Program Files\AntiSpywareMaster
      2008-04-21 18:45 . 2008-04-21 18:48 <DIR> d-------- C:\WINDOWS\system32\xcsDd01
      2008-04-21 12:13 . 2008-04-21 12:26 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
      2008-04-21 12:12 . 2008-04-21 12:27 <DIR> d-------- C:\Program Files\Windows Live
      2008-04-21 12:12 . 2008-04-21 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-04-15 16:20 . 2008-04-15 16:20 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Google
      2008-04-15 16:18 . 2004-11-18 15:37 <DIR> d---s---- C:\Documents and Settings\$sdadon\UserData
      2008-04-15 16:18 . 2004-11-18 12:01 <DIR> d--h----- C:\Documents and Settings\$sdadon\Templates
      2008-04-15 16:18 . 2004-11-18 03:45 <DIR> dr------- C:\Documents and Settings\$sdadon\Start Menu
      2008-04-15 16:18 . 2004-11-18 12:35 <DIR> dr-h----- C:\Documents and Settings\$sdadon\SendTo
      2008-04-15 16:18 . 2008-04-15 16:19 <DIR> dr-h----- C:\Documents and Settings\$sdadon\Recent
      2008-04-15 16:18 . 2004-11-18 03:45 <DIR> d--h----- C:\Documents and Settings\$sdadon\PrintHood
      2008-04-15 16:18 . 2004-11-19 11:50 <DIR> d--h----- C:\Documents and Settings\$sdadon\NetHood
      2008-04-15 16:18 . 2008-04-22 19:35 <DIR> d--h----- C:\Documents and Settings\$sdadon\Local Settings
      2008-04-15 16:18 . 2008-04-15 16:19 <DIR> dr------- C:\Documents and Settings\$sdadon\Favorites
      2008-04-15 16:18 . 2005-10-20 15:27 <DIR> d-------- C:\Documents and Settings\$sdadon\Desktop
      2008-04-15 16:18 . 2008-04-16 11:04 <DIR> d--hs---- C:\Documents and Settings\$sdadon\Cookies
      2008-04-15 16:18 . 2004-11-22 13:12 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Sun
      2008-04-15 16:18 . 2005-05-18 15:28 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Real
      2008-04-15 16:18 . 2005-10-20 15:06 <DIR> d---s---- C:\Documents and Settings\$sdadon\Application Data\Microsoft
      2008-04-15 16:18 . 2004-11-22 13:31 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Macromedia
      2008-04-15 16:18 . 2004-11-18 12:35 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Identities
      2008-04-15 16:18 . 2005-11-07 12:41 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\AdobeUM
      2008-04-15 16:18 . 2008-04-15 16:20 <DIR> d-------- C:\Documents and Settings\$sdadon\Application Data\Adobe
      2008-04-15 16:18 . 2008-04-15 16:20 <DIR> dr-h----- C:\Documents and Settings\$sdadon\Application Data
      2008-04-15 16:18 . 2008-04-22 09:48 2,883,584 --ah----- C:\Documents and Settings\$sdadon\ntuser.dat
      2008-04-15 16:18 . 2008-04-22 14:52 1,024 --ah----- C:\Documents and Settings\$sdadon\ntuser.dat.LOG
      2008-04-15 16:17 . 2008-04-15 16:19 <DIR> d-------- C:\Documents and Settings\$sdadon
      2008-03-26 11:40 . 2008-03-26 11:40 <DIR> d-------- C:\Program Files\Common Files\xing shared

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-04-22 17:07 --------- d-----w C:\Program Files\Navilog1
      2008-04-22 09:47 --------- d-----w C:\Program Files\Google
      2008-04-22 09:46 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-04-22 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-04-21 17:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
      2008-04-21 16:59 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
      2008-03-26 09:40 --------- d-----w C:\Program Files\Common Files\Real
      2008-03-26 09:38 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
      2008-03-26 09:38 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
      2008-03-04 11:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-03-04 11:34 --------- d-----w C:\Program Files\Java Web Start
      2008-03-04 11:34 --------- d-----w C:\Program Files\Java
      .

      ((((((((((((((((((((((((((((( snapshot@2008-04-22_14.58.26.59 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-04-22 11:39:17 72,268 ----a-w C:\WINDOWS\system32\perfc009.dat
      + 2008-04-22 12:58:52 72,268 ----a-w C:\WINDOWS\system32\perfc009.dat
      - 2008-04-22 11:39:17 444,836 ----a-w C:\WINDOWS\system32\perfh009.dat
      + 2008-04-22 12:58:52 444,836 ----a-w C:\WINDOWS\system32\perfh009.dat
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-25 04:50 139320]
      "ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 09:00 94208]
      "Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 10:48 147514]
      "SetRefresh"="C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 18:01 525824]
      "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 11:35 94208]
      "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 11:32 77824]
      "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 11:36 114688]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "RunNarrator"="Narrator.exe" [2006-10-04 10:48 53760 C:\WINDOWS\system32\narrator.exe]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "Intellimenus"= 1 (0x1)
      "NoInstrumentation"= 1 (0x1)
      "DisablePersonalDirChange"= 1 (0x1)
      "ForceStartMenuLogOff"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mtxNotify]
      mtxNotify.dll 2007-10-23 21:16 49152 C:\WINDOWS\system32\mtxNotify.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Startup\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\chgt_pass_adm.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1659004503-630328440-1417001333-1702\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1659004503-630328440-1417001333-1702\Scripts\Logon\[u]0[/u]\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-2352\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\euisadc003\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-4086\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-4086\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-4086\Scripts\Logon\1\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6542\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6542\Scripts\Logon\[u]0[/u]\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\2\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-6949\Scripts\Logon\2\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8127\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\2\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8218\Scripts\Logon\2\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8564\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8564\Scripts\Logon\[u]0[/u]\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\2\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8568\Scripts\Logon\2\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8702\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\euisadc004\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8702\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=antidog.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\2\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\3\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8734\Scripts\Logon\3\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8799\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\euisadc004\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-8799\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=antidog.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\2\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\3\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9586\Scripts\Logon\3\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\[u]0[/u]\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Printer_Followme.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\1\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SYSVOL\headoffice.eurosport.tv\scripts\Home_DIR_create_dir.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\2\[u]0[/u]]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\Add-Language_fr-Ie6.vbs

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1960408961-2052111302-682003330-9699\Scripts\Logon\2\1]
      "Script"=\\headoffice.eurosport.tv\SysVol\headoffice.eurosport.tv\scripts\OTUC_Toolbar.vbs

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "5400:TCP"= 5400:TCP:Criston Precision Agent
      "1610:TCP"= 1610:TCP:Criston Precision Agent

      S3 APSINV;APSINV;C:\WINDOWS\system32\DRIVERS\APSINV.SYS [2001-08-18 05:12]

      .
      **************************************************************************

      catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-04-22 19:35:50
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Criston Precision Agent]
      "ImagePath"="C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe"

      [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Criston Precision Agent]
      "ImagePath"="C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe"
      .
      Completion time: 2008-04-22 19:37:06
      ComboFix-quarantined-files.txt 2008-04-22 17:36:53
      ComboFix2.txt 2008-04-22 12:58:50

      Pre-Run: 7,971,618,816 bytes free
      Post-Run: 7,962,959,872 bytes free

      220 --- E O F --- 2008-04-02 08:16:50




















      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:37, on 2008-04-22
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Criston Precision\Client\bin\MtxAgent.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
      C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
      C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\notepad.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = HTTP://intranet/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://intranet/
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
      O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\COMPAQ\SetRefresh\\SetRefresh.exe
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=HTTP://intranet/
      O15 - Trusted Zone: https://cyberdocs.eurosport-tv.com/
      O15 - Trusted Zone: *.eurosport-tv.com
      O16 - DPF: {05C1004E-2596-48E5-8E26-39362985EEB9} (MMCPlayer Class) - http://p3p.sogou.com/MMCShell.cab
      O16 - DPF: {0EED7206-1661-11D7-84A3-00606744831D} (XStandard) - http://madcow.sti.eurosport.tv/3rd/xstandard/XStandard.cab
      O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Environnement d'exécution Java 1.4.1) - http://javadl-esd.sun.com/update/1.4.1/jinstall-1_4_1-windows-i586.cab
      O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
      O17 - HKLM\Software\..\Telephony: DomainName = headoffice.eurosport.tv
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B658048A-F45C-4E64-8355-1C0B8C4EC016}: NameServer = 10.196.144.1,10.196.144.2
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = headoffice.eurosport.tv
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = headoffice.eurosport.tv,agencies.eurosport.tv,eurosport.tv,tf1.fr
      O20 - Winlogon Notify: mtxNotify - C:\WINDOWS\SYSTEM32\mtxNotify.dll
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: Criston Precision Agent - Criston Software S.A. - C:/Program Files/Criston Precision/Client\bin\MtxAgent.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      0
  8. pichouboy Messages postés 13 Statut Membre
     
    Problème résolu.
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    bonne soirée!
    0