Sujet Précédent Sujet Suivant

Message "virus alert" à coté de l'horlog

Fermé
onjuku - 20 oct. 2008 à 23:55
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 - 22 oct. 2008 à 09:33
Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:53: VIRUS ALERT!, on 20/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Documents and Settings\ski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\ski\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\ski\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.g-mind.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.g-mind.com;10.*;*.g-mind;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: {67d9de2b-3c5f-ff28-54e4-43d61ba1c683} - {386c1ab1-6d34-4e45-82ff-f5c3b2ed9d76} - C:\WINDOWS\system32\yqpuza.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Trickler] "c:\program files\divx\divx pro codec\gain_trickler_3202.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\ski\Bureau\yodm-3d-crystalxp.net-fr-1250\Yodm3D.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [] C:\Documents and Settings\ski\Application Data\Adobe\Player.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\ski\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.adobe.com/
O15 - Trusted Zone: https://www.alinea.com/
O15 - Trusted Zone: http://www.ford.f
O15 - Trusted Zone: https://www.ford.fr/
O15 - Trusted Zone: http://www.fordeumicrosites.com
O15 - Trusted Zone: http://*.itsm7rtm
O15 - Trusted Zone: http://*.supporter
O15 - Trusted Zone: http://*.wsban-sde-test
O15 - Trusted IP range: http://172.30.65.234
O15 - Trusted IP range: http://192.168.1.51
O16 - DPF: {380BBEC2-4CAE-4ECE-8AFF-36CDE7916386} (Surgient URA Local Proxy Client (v2)) - http://bmc.demoservers.com/URA/URA/lib/LocalProxyActiveX.cab
O16 - DPF: {4EDCB26C-D24C-4E72-AF07-B576699AC0DE} (Microsoft RDP Client Control (redist)) - http://bmc.demoservers.com/URA/URA/lib/srdp.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D5ED8C3-53A8-463A-B59B-C31EC27FE0A8} (Project1.NAMLaunchProgram) - http://wmagict/magic/NAMLaunchProgram.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://ajax.clichy.supporter.corp:1024/VirtualServer/activex/VMRCActiveXClient.cab
O16 - DPF: {83D4208C-61B0-4425-993F-8E36F51E6CC8} (MGCSpellCheck.MSpellCheck) - http://wmagicp/magic/wspell.cab
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - http://magic/SCRmagic/Reports/activeXViewer/activexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D32E6B79-8EFE-441B-BBE3-E7CEB9F4E990} (MGCSpellCheckAll.MDictionaryAll) - http://wmagicp/magic/wspellall.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/inquiero/mod/setup/ntractivex118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = supporter.corp
O17 - HKLM\Software\..\Telephony: DomainName = supporter.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = supporter.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = supporter.corp
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = supporter.corp
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL sksulj.dll yqpuza.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
A voir également:

11 réponses

Réponse 1 / 11
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
21 oct. 2008 à 12:02
Salut !!

on continue...

▶ Télécharge Combofix de sUBs

(c est le numéro 5 en bas de la page)

▶ et enregistre le sur le Bureau.


▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)


Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


ensuite envois le rapport et refais un nouveau rapport hijackthis stp
1
Réponse 2 / 11
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
21 oct. 2008 à 22:54
ok maintenant refais un nouveau rapport hijackthis stp
1
Réponse 3 / 11
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
22 oct. 2008 à 09:33
Salut !!

▶ Copie le texte en gras ci-dessous :

File::
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr0.dat
c:\documents and settings\all users\application data\microsoft\network\downloader\qmgr1.dat
c:\documents and settings\ski\application data\adobe\player.exe
c:\program files\divx\divx pro codec\gain_trickler_3202.exe
C:\Program Files\Dealio


Folder::
C:\QUARANTINE

Registry::



▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt.

▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

▶ Cela va relancer Combofix,

▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

▶ Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

▶ S'il n'y a pas de rédémarrage, poste quand même les rapports.

Et ensuite dis moi si tu as encore des problèmes
1
Réponse 4 / 11
onjuku
21 oct. 2008 à 00:08
SmitFraudFix v2.365

Rapport fait à 0:08:40,48, 21/10/2008
Executé à partir de C:\Documents and Settings\ski\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Documents and Settings\ski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\ski\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\ski\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dwwin.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ski


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ski\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ski\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL sksulj.dll yqpuza.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 3945ABG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.40.241
DNS Server Search Order: 212.27.40.240

HKLM\SYSTEM\CCS\Services\Tcpip\..\{77638E67-3EB7-4F6B-8D59-2299163E0251}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{77638E67-3EB7-4F6B-8D59-2299163E0251}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{77638E67-3EB7-4F6B-8D59-2299163E0251}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{77638E67-3EB7-4F6B-8D59-2299163E0251}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
onjuku
21 oct. 2008 à 00:32
SmitFraudFix v2.365

Rapport fait à 0:22:20,90, 21/10/2008
Executé à partir de C:\Documents and Settings\ski\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{77638E67-3EB7-4F6B-8D59-2299163E0251}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\..\{77638E67-3EB7-4F6B-8D59-2299163E0251}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\..\{77638E67-3EB7-4F6B-8D59-2299163E0251}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\..\{77638E67-3EB7-4F6B-8D59-2299163E0251}: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.40.241 212.27.40.240


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 6 / 11
onjuku
21 oct. 2008 à 07:34
Malwarebytes' Anti-Malware 1.29
Database version: 1298
Windows 5.1.2600 Service Pack 2

21/10/2008 07:36:06
mbam-log-2008-10-21 (07-36-06).txt

Scan type: Full Scan (C:\|)
Objects scanned: 121982
Time elapsed: 1 hour(s), 2 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\ski\Application Data\Adobe\Player.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
C:\Documents and Settings\ski\Local Settings\Temp\sft_ver1.1454.0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
0
Réponse 7 / 11
onjuku
21 oct. 2008 à 07:41
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:45:07, on 21/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Documents and Settings\ski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\ski\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\ski\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.g-mind.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.g-mind.com;10.*;*.g-mind;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: {67d9de2b-3c5f-ff28-54e4-43d61ba1c683} - {386c1ab1-6d34-4e45-82ff-f5c3b2ed9d76} - C:\WINDOWS\system32\yqpuza.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Trickler] "c:\program files\divx\divx pro codec\gain_trickler_3202.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Yodm3D] C:\Documents and Settings\ski\Bureau\yodm-3d-crystalxp.net-fr-1250\Yodm3D.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\ski\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.adobe.com/
O15 - Trusted Zone: https://www.alinea.com/
O15 - Trusted Zone: http://www.ford.f
O15 - Trusted Zone: https://www.ford.fr/
O15 - Trusted Zone: http://www.fordeumicrosites.com
O15 - Trusted Zone: http://*.itsm7rtm
O15 - Trusted Zone: http://*.supporter
O15 - Trusted Zone: http://*.wsban-sde-test
O15 - Trusted IP range: http://172.30.65.234
O15 - Trusted IP range: http://192.168.1.51
O16 - DPF: {380BBEC2-4CAE-4ECE-8AFF-36CDE7916386} (Surgient URA Local Proxy Client (v2)) - http://bmc.demoservers.com/URA/URA/lib/LocalProxyActiveX.cab
O16 - DPF: {4EDCB26C-D24C-4E72-AF07-B576699AC0DE} (Microsoft RDP Client Control (redist)) - http://bmc.demoservers.com/URA/URA/lib/srdp.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D5ED8C3-53A8-463A-B59B-C31EC27FE0A8} (Project1.NAMLaunchProgram) - http://wmagict/magic/NAMLaunchProgram.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://ajax.clichy.supporter.corp:1024/VirtualServer/activex/VMRCActiveXClient.cab
O16 - DPF: {83D4208C-61B0-4425-993F-8E36F51E6CC8} (MGCSpellCheck.MSpellCheck) - http://wmagicp/magic/wspell.cab
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - http://magic/SCRmagic/Reports/activeXViewer/activexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D32E6B79-8EFE-441B-BBE3-E7CEB9F4E990} (MGCSpellCheckAll.MDictionaryAll) - http://wmagicp/magic/wspellall.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/inquiero/mod/setup/ntractivex118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = supporter.corp
O17 - HKLM\Software\..\Telephony: DomainName = supporter.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = supporter.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = supporter.corp
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = supporter.corp
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL sksulj.dll yqpuza.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
0
Réponse 8 / 11
onjuku
21 oct. 2008 à 20:10
ComboFix 08-10-19.04 - SKI 2008-10-21 19:37:14.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1441 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\ski\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\ski\Bureau\WinXP_FR_PRO_BF.EXE
* Un nouveau point de restauration a été créé
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\buci\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\ski\Application Data\Adobe\crc.dat
C:\Documents and Settings\ski\Application Data\Adobe\Player.exe.bak
C:\WINDOWS\epgb.exe
C:\WINDOWS\system32\jlnlvnmr.dll
C:\WINDOWS\system32\ptsyhdfg.dll
C:\WINDOWS\system32\wbpyswkc.ini
C:\WINDOWS\system32\yqpuza.dll
C:\WINDOWS\temp\perflib_perfdata_1cc.dat

----- BITS: Il y a peut-être des sites infectés -----

hxxp://78.157.143.198
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_VMWARE_NAT_SERVICE
-------\Service_VMware NAT Service


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))
.

2008-10-21 01:01 . 2008-10-21 01:01 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-10-21 00:09 . 2008-10-21 00:24 1,256 --a------ C:\Windows\system32\tmp.reg
2008-10-20 23:52 . 2008-10-20 23:52 <REP> d-------- C:\Program Files\Trend Micro
2008-10-20 20:50 . 2008-10-20 20:50 <REP> d-------- C:\Documents and Settings\ski\Application Data\Malwarebytes
2008-10-20 20:29 . 2008-10-20 20:29 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\TmpRecentIcons
2008-10-20 20:19 . 2008-10-20 20:19 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 20:18 . 2008-10-20 20:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-20 20:17 . 2008-10-20 20:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware1
2008-10-20 20:17 . 2008-10-20 20:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-20 20:17 . 2008-10-16 20:25 38,496 --a------ C:\Windows\system32\drivers\mbamswissarmy.sys
2008-10-20 20:17 . 2008-10-16 20:25 15,504 --a------ C:\Windows\system32\drivers\mbam.sys
2008-10-20 20:03 . 2008-10-21 19:37 <REP> d-------- C:\QUARANTINE
2008-10-20 19:54 . 2008-10-20 19:54 <REP> d-------- C:\temp
2008-10-20 19:54 . 2008-10-20 19:44 27,975,928 --a------ C:\temp\setup_7.0.0.242_20.10.2008_20-09.exe
2008-10-19 19:02 . 2008-10-19 19:02 <REP> d-------- C:\Program Files\uTorrent
2008-10-19 19:01 . 2008-10-19 22:41 <REP> d-------- C:\Documents and Settings\ski\Application Data\uTorrent
2008-10-18 10:43 . 2008-10-18 10:43 <REP> d-------- C:\Documents and Settings\ski\Application Data\dvdcss
2008-10-15 07:17 . 2008-08-28 12:04 333,056 --------- C:\Windows\system32\dllcache\srv.sys
2008-10-11 19:57 . 2008-10-11 20:25 <REP> d-------- C:\Documents and Settings\ski\dwhelper
2008-10-03 19:49 . 2008-10-03 19:49 <REP> d-------- C:\Program Files\Movavi Video Converter 6
2008-10-03 19:49 . 2008-10-03 19:49 65 --a------ C:\Windows\IniFile1.ini
2008-10-03 19:30 . 2008-10-03 19:30 7,501,964 --a------ C:\output.avi
2008-10-03 19:29 . 2008-10-03 19:39 <REP> d-------- C:\Program Files\MPEGTOAVI
2008-10-03 08:25 . 2008-10-03 19:41 <REP> d-------- C:\Program Files\Gabest
2008-10-03 08:25 . 2008-10-03 19:39 <REP> d-------- C:\Program Files\DivX
2008-09-21 07:49 . 2008-09-21 07:55 200 --a------ C:\Windows\yesmessenger.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 17:43 --------- d-----w C:\Documents and Settings\LocalService\Application Data\VMware
2008-10-21 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\VMware
2008-10-20 17:21 --------- d-----w C:\Program Files\Lavasoft
2008-10-20 17:21 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-10-20 17:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-19 20:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-19 20:19 --------- d-----w C:\Program Files\CyberLink
2008-10-17 17:28 --------- d-----w C:\Documents and Settings\ski\Application Data\GrabIt
2008-10-07 07:29 --------- d-----w C:\Program Files\test
2008-10-04 13:37 --------- d-----w C:\Documents and Settings\ski\Application Data\U3
2008-09-30 06:28 --------- d-----w C:\Program Files\GrabIt
2008-09-30 06:22 --------- d-----w C:\Program Files\Giganews Accelerator
2008-09-30 06:21 --------- d-----w C:\Program Files\Dealio
2008-09-27 16:49 --------- d-----w C:\Program Files\eMule
2008-09-13 09:36 --------- d-----w C:\Program Files\iTunes
2008-09-13 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 09:35 --------- d-----w C:\Program Files\iPod
2008-09-13 09:33 --------- d-----w C:\Program Files\Bonjour
2008-09-13 09:32 --------- d-----w C:\Program Files\QuickTime
2008-09-13 09:32 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2007-08-09 14:05 49 ----a-w C:\Documents and Settings\ski\ftp.bat
2003-03-05 12:54 233,472 ----a-w C:\Documents and Settings\ski\vncviewer.exe
2007-01-16 11:10 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012007011620070117\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 3297280]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"Google Update"="C:\Documents and Settings\ski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-07-02 133104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]

C:\Documents and Settings\ski\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - C:\Documents and Settings\ski\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-09-19 143360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= bearshare.exe
"2"= edonkey.exe
"4"= kazaa.exe
"5"= limewire.exe
"6"= napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"vidc.dvsd"= pdvcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1416788250-2014671962-1232828436-4854\Scripts\Logon\[u]0/u\[u]0/u]
"Script"=map4.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1416788250-2014671962-1232828436-4854\Scripts\Logon\1\[u]0/u]
"Script"=map3.bat

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1416788250-2014671962-1232828436-4854\Scripts\Logon\2\[u]0/u]
"Script"=map2.bat

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"7420:TCP"= 7420:TCP:ppLive
"6084:UDP"= 6084:UDP:ppLive
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 34880]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 29056]
R2 vmserverdWin32;VMware Registration Service;C:\Program Files\VMware\VMware Server\vmserverdWin32.exe [2007-09-06 1650781]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-08-15 29744]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5879b9ec-4d9b-11dd-923b-005056c00001}]
\Shell\AutoRun\command - E:\MIKO_RHF_2008.html

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{824bdec8-a62c-11db-900f-0019d22cf159}]
\Shell\AutoRun\command - F:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b520c7d8-e9d8-11db-9083-005056c00008}]
\Shell\AutoRun\command - I:\setupSNK.exe

*Newly Created Service* - ENTDRV51
.
Contenu du dossier 'Tâches planifiées'

2008-10-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-18 C:\WINDOWS\Tasks\Copie de ftp.job
- C:\Sauvegardes []

2008-10-21 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\ski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-07-02 20:53]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{386c1ab1-6d34-4e45-82ff-f5c3b2ed9d76} - C:\WINDOWS\system32\yqpuza.dll
HKCU-Run-Yodm3D - C:\Documents and Settings\ski\Bureau\yodm-3d-crystalxp.net-fr-1250\Yodm3D.exe
HKLM-Run-Trickler - c:\program files\divx\divx pro codec\gain_trickler_3202.exe
Notify-WgaLogon - (no file)


.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\ski\Application Data\Mozilla\Firefox\Profiles\gpag5y5n.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
FF -: plugin - C:\Documents and Settings\ski\Local Settings\Application Data\Google\Update\1.2.131.25\npGoogleOneClick6.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 20:00:13
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\o2flash.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\Windows\system32\vmnetdhcp.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\ski\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
.
**************************************************************************
.
Heure de fin: 2008-10-21 20:04:40 - La machine a redémarré [SKI]
ComboFix-quarantined-files.txt 2008-10-21 18:04:36

Avant-CF: 13,203,578,880 octets libres
Après-CF: 13,633,794,048 octets libres

206 --- E O F --- 2008-10-16 05:24:46
0
Réponse 9 / 11
onjuku
22 oct. 2008 à 07:29
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:33, on 2008-10-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\o2flash.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VMware\VMware Server\vmware-authd.exe
C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Documents and Settings\ski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\ski\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\ski\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.g-mind.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.g-mind.com;10.*;*.g-mind;<local>;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\ski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\ski\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.adobe.com/
O15 - Trusted Zone: https://www.alinea.com/
O15 - Trusted Zone: http://www.ford.f
O15 - Trusted Zone: https://www.ford.fr/
O15 - Trusted Zone: http://www.fordeumicrosites.com
O15 - Trusted Zone: http://*.itsm7rtm
O15 - Trusted Zone: http://*.supporter
O15 - Trusted Zone: http://*.wsban-sde-test
O15 - Trusted IP range: http://172.30.65.234
O15 - Trusted IP range: http://192.168.1.51
O16 - DPF: {380BBEC2-4CAE-4ECE-8AFF-36CDE7916386} (Surgient URA Local Proxy Client (v2)) - http://bmc.demoservers.com/URA/URA/lib/LocalProxyActiveX.cab
O16 - DPF: {4EDCB26C-D24C-4E72-AF07-B576699AC0DE} (Microsoft RDP Client Control (redist)) - http://bmc.demoservers.com/URA/URA/lib/srdp.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5D5ED8C3-53A8-463A-B59B-C31EC27FE0A8} (Project1.NAMLaunchProgram) - http://wmagict/magic/NAMLaunchProgram.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://ajax.clichy.supporter.corp:1024/VirtualServer/activex/VMRCActiveXClient.cab
O16 - DPF: {83D4208C-61B0-4425-993F-8E36F51E6CC8} (MGCSpellCheck.MSpellCheck) - http://wmagicp/magic/wspell.cab
O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - http://magic/SCRmagic/Reports/activeXViewer/activexviewer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O16 - DPF: {D32E6B79-8EFE-441B-BBE3-E7CEB9F4E990} (MGCSpellCheckAll.MDictionaryAll) - http://wmagicp/magic/wspellall.cab
O16 - DPF: {E6ACF817-0A85-4EBE-9F0A-096C6488CFEA} (NTR ActiveX 1.1.8) - https://eu.ntrsupport.com/inquiero/mod/setup/ntractivex118_24.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = supporter.corp
O17 - HKLM\Software\..\Telephony: DomainName = supporter.corp
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = supporter.corp
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = supporter.corp
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = supporter.corp
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware Registration Service (vmserverdWin32) - VMware, Inc. - C:\Program Files\VMware\VMware Server\vmserverdWin32.exe
0
Réponse 10 / 11
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
20 oct. 2008 à 23:59
Salut !!

commence par faire ceci stp :

Option 1 - Recherche :


▶ télécharge smitfraudfix et enregistre le sur le bureau

(c est le numéro 2 en bas de la page) :

▶ Ensuite double clique sur smitfraudfix puis exécuter

▶ Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

▶ copier/coller le rapport dans la réponse.


Un tutoriel sonore et animé est à ta disposition sur le site.



(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool".
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains,
cet utilitaire pourrait arrêter des logiciels de sécurité.)
-1
Réponse 11 / 11
geoffrey5 Messages postés 13732 Date d'inscription dimanche 20 mai 2007 Statut Contributeur sécurité Dernière intervention 21 mai 2010 10
21 oct. 2008 à 00:10
ok maintenant :

Option 2 - Nettoyage :


redémarre le PC mode sans échec

▶ Double cliquer sur smitfraudfix

▶ Sélectionner 2 pour supprimer les fichiers responsables de l'infection.

▶ A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

Le fix déterminera si le fichier wininet.dll est infecté. A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

▶ Enregistre le rapport sur ton bureau


▶ Redémarrer en mode normal et poster le rapport.


ensuite :


▶ Télécharge malwarebytes

▶ Voici mon tuto pour bien l installer et bien l utiliser :

https://www.androidworld.fr/

aide toi bien du tuto pour supprimer correctement ce qu il aura trouvé


Après l analyse, redémarre le pc et poste le rapport !!

Et refais un nouveau rapport hijackthis stp
-1

Discussions similaires

qu'est-ce que diff message ?
zebulonmarie -
mumu -

18 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
je viens de recevoir une alerte aux virus sur mon iphone
Hugoboss23 -
zoulou33 -

6 réponses