Sujet Précédent Sujet Suivant

Je n'y connais rien, j'ai un Virus, HELP

Nico-M -  
PL59 Messages postés 634 Statut Membre -
Bonjour,
voilà, j'ai un virus sur mon ordinateur : à la place de ma page d'accueil (habituellement google), j'ai une page en chinois ( http://www.zhaodao123.com/?h ). Beaucoup de pubs en chinois s'affichent, parfois des messages, dans PROGRAMME FILES un dossier "Yiqilai" est apparu. J'ai essayé pas mal de trucs, CCleaner, j'ai installé Hijackthis, j'y suis allé à tatons, en me référençant à de précédents sujets de conversation sur ce forum. Mais rien !
A voir également:

14 réponses

Réponse 1 / 14
Utilisateur anonyme
 
Bonjour, une infection asiatique c'est rare mais ca existe !

- Télécharge HiJackThis de Merijn sur ton bureau.

- Double-clic sur HijackThis

- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note

- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis -
1
Réponse 2 / 14
Utilisateur anonyme
 
Bonjour,

-Virustotal, et analyse moi ce fichier--> c:\program files\divx\divx pro codec\gain_trickler_3202.exe

-Lien--> https://www.virustotal.com/gui/

-Poste le rapport

***************************

-Désactive les logiciels de protection (Antivirus, Antispywares) puis :

-Télécharge Combofix sUBs : combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

-Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.

-Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

-Copie/colle un nouveau rapport HiJackThis avec.

1
Réponse 3 / 14
nico-m
 
Merci, voilà le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:15:04, on 28/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\windows.ext
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\System.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=6&key=SEARCH
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\PushWare\cpush.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Microsoft MSJava 32 - {43F7497C-7687-4DEA-A057-F21BD81BC896} - C:\WINDOWS\system32\msjava32.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: JVMBrowser Class - {686488AF-13D5-9DDF-4FEF-9FB88698CFC1} - D:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2097.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "D:\Documents and Settings\nicolas\Mes documents\Ma musique\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PopUp Destroy] C:\Program Files\PopUp Destroy\Popup-Destroy.exe
O4 - HKLM\..\Run: [Trickler] "c:\program files\divx\divx pro codec\gain_trickler_3202.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HBService32] System.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Traduction-online - {4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8} - C:\Program Files\Traduction-online\install.dll (file missing)
O9 - Extra 'Tools' menuitem: Traduction-online - {4F75DC45-5A92-4352-BEC4-4C32FB7DF2A8} - C:\Program Files\Traduction-online\install.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FF621AA-5118-4972-8859-49FF068D0DE4}: NameServer = 86.64.145.142 84.103.237.142
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FF621AA-5118-4972-8859-49FF068D0DE4}: NameServer = 86.64.145.142 84.103.237.142
O17 - HKLM\System\CS2\Services\Tcpip\..\{0FF621AA-5118-4972-8859-49FF068D0DE4}: NameServer = 86.64.145.140 84.103.237.140
O20 - AppInit_DLLs: 92.dll,HBmhly.dll,HBJXSJ.dll,HBTL.dll,HBWD.dll,HBWOW.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 4 / 14
nicom
 
avant de passer à combofix, je ne trouve pas "gain_trickler" dans divx (d'ailleurs je ne trouve pas de dossier "divx pro codec", juste un dossier "divx codec"). En faisant, démarrer-rechercher et en cherchant gain trickler, ils me mettent tout ce qu'il y a dans le dossier "divx codec" (environ 5 fichiers)
??? lequel dois-je analyser
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
Utilisateur anonyme
 
Slt,

Passe combofix on verra apres.

Ce sont des fichiers caches a mon avis .
0
Réponse 6 / 14
nicom
 
non, j'ai fais une recherche en cochant "montrer les fichiers cachés".
Ca ne fait rien, j'execute combofix
0
Réponse 7 / 14
nicom
 
rapport combofix :

ComboFix 08-10-29.07 - nicolas 2008-10-29 20:02:47.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.159 [GMT 1:00]
Lancé depuis: D:\Documents and Settings\TEMP\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Fichiers communs\PushWare
C:\Program Files\Fichiers communs\PushWare\cpush.dll
C:\Program Files\Fichiers communs\PushWare\Uninst.exe
C:\Program Files\Yiqilai
C:\Program Files\Yiqilai\foobar\foo_ui_columns.dll
C:\Program Files\Yiqilai\foobar\foo_ui_yqllyrics.dll
C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll
C:\Program Files\Yiqilai\realplayer\real_vis_yqllyrics.rpv
C:\Program Files\Yiqilai\tools\GetMusic.exe
C:\Program Files\Yiqilai\tools\Music.dll
C:\Program Files\Yiqilai\tools\YiqilaiLyrics.exe
C:\Program Files\Yiqilai\Uninstall.exe
C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll
C:\Program Files\Yiqilai\winamp\vis_yqllyrics.dll
C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.dll
C:\WINDOWS\system32\12B02216.dll
C:\WINDOWS\system32\3.ext
C:\WINDOWS\system32\3D144530.dll
C:\WINDOWS\system32\9fd8db.sys
C:\WINDOWS\system32\CABA599D.cfg
C:\WINDOWS\system32\CABA599D.dll
C:\WINDOWS\system32\D7C79813.dll
C:\WINDOWS\system32\E3367679.cfg
C:\WINDOWS\system32\E3367679.dll
C:\WINDOWS\system32\E4814792.dll
C:\WINDOWS\system32\sslsocket.dll
C:\WINDOWS\system32\windows.txt
C:\WINDOWS\system32\YQL_Lyrics_Common.dll
C:\WINDOWS\Tasks\[u]0/ux01xx8p.exe
D:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys
D:\Documents and Settings\All Users\Application Data\microsoft\office\system
D:\Documents and Settings\All Users\Application Data\microsoft\office\userdata
D:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\_keepfile
D:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\BC93mN8Td2.dll
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\47AC~1
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\47AC~1\Æô¶¯Ò»ÆðÀ´ÒôÀÖÖúÊÖ.lnk
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\47AC~1\жÔØÒ»ÆðÀ´ÒôÀÖÖúÊÖ.lnk
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\47AC~1\Ò»ÆðÀ´ÒôÀÖÏÂÔØÆ÷.lnk
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\47AC~1\Ò»ÆðÀ´ÒôÀÖÖúÊÖ°ïÖú.url
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\_inimac
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\__fdkfjfjgjitijk
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_inifid
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_inifiletime3
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_inimac
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\1002
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\2007
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3000
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3003
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3004
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3013
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3015
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3016
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3018
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3019
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3020
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3027
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3033
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3036
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3052
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3054
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3056
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3058
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3066
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3098
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_kdacoptfg
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_loaderfiletime2
.
---- Previous Run -------
.
C:\Program Files\Fichiers communs\PushWare
C:\Program Files\Fichiers communs\PushWare\cpush0.dll
C:\Program Files\Fichiers communs\PushWare\Uninst.exe
C:\Program Files\Yiqilai
C:\Program Files\Yiqilai\foobar\foo_ui_columns.dll
C:\Program Files\Yiqilai\foobar\foo_ui_yqllyrics.dll
C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll
C:\Program Files\Yiqilai\realplayer\real_vis_yqllyrics.rpv
C:\Program Files\Yiqilai\tools\GetMusic.exe
C:\Program Files\Yiqilai\tools\Music.dll
C:\Program Files\Yiqilai\tools\YiqilaiLyrics.exe
C:\Program Files\Yiqilai\Uninstall.exe
C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll
C:\Program Files\Yiqilai\winamp\vis_yqllyrics.dll
C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.dll
C:\WINDOWS\system32\122B901E.cfg
C:\WINDOWS\system32\122B901E.dll
C:\WINDOWS\system32\12B02216.cfg
C:\WINDOWS\system32\43ACDCC5.cfg
C:\WINDOWS\system32\43ACDCC5.dll
C:\WINDOWS\system32\D7C79813.cfg
C:\WINDOWS\system32\DE02F764.cfg
C:\WINDOWS\system32\DE02F764.dll
C:\WINDOWS\system32\drivers\HBKernel32.sys
C:\WINDOWS\system32\E4814792.cfg
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\gdipro.dll
C:\WINDOWS\system32\HBJXSJ.dll
C:\WINDOWS\system32\HBmhly.dll
C:\WINDOWS\system32\HBTL.dll
C:\WINDOWS\system32\HBWD.dll
C:\WINDOWS\system32\HBWOW.dll
C:\WINDOWS\system32\sslsocket.dll
C:\windows\system32\system.exe
C:\WINDOWS\system32\windows.txt
C:\WINDOWS\system32\YQL_Lyrics_Common.dll
D:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys

[color=blue]Une copie infectée de C:\WINDOWS\system32\spoolsv.exe a été trouvée et désinfectée
Copie restaurée à partir de - /COLOR

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_9FD8DB
-------\Legacy_WMPOBJ
-------\Service_9fd8db
-------\Service_Apcdli
-------\Service_HBKernel32
-------\Service_wmpobj

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.

2008-10-29 20:08 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\TEMP\Voisinage réseau
2008-10-29 20:08 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\TEMP\Voisinage d'impression
2008-10-29 20:08 . 2005-12-06 21:48 <REP> d--h----- D:\Documents and Settings\TEMP\Modèles
2008-10-29 20:08 . 2008-10-29 20:09 <REP> dr------- D:\Documents and Settings\TEMP\Mes documents
2008-10-29 20:08 . 2005-12-06 21:48 <REP> dr------- D:\Documents and Settings\TEMP\Menu Démarrer
2008-10-29 20:08 . 2005-12-06 13:53 <REP> dr------- D:\Documents and Settings\TEMP\Favoris
2008-10-29 20:08 . 2005-12-05 11:11 <REP> dr------- D:\Documents and Settings\TEMP\Bureau
2008-10-29 20:08 . 2005-12-06 21:48 <REP> d-------- D:\Documents and Settings\TEMP\Application Data\You've Got Pictures Screensaver
2008-10-29 20:08 . 2005-12-05 11:03 <REP> d-------- D:\Documents and Settings\TEMP\Application Data\Symantec
2008-10-29 20:08 . 2008-10-29 20:08 <REP> d-------- D:\Documents and Settings\TEMP
2008-10-27 10:23 . 2008-10-27 10:23 <REP> d-------- C:\Program Files\Trend Micro
2008-10-27 10:23 . 2008-10-27 10:23 <REP> d-------- C:\Program Files\CCleaner
2008-10-26 17:48 . 2008-10-26 17:48 188 --ahs---- C:\WINDOWS\system32\3D144530.cfg
2008-10-25 17:12 . 2008-10-29 18:46 <REP> d-------- C:\Program Files\eMule
2008-10-25 13:05 . 2008-10-25 13:05 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 13:05 . 2008-10-25 13:05 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 13:05 . 2008-10-22 15:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-25 13:05 . 2008-10-22 15:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-25 11:57 . 2008-10-25 11:57 <REP> d-------- C:\Program Files\Common Files
2008-10-09 17:56 . 2008-10-09 17:56 <REP> dr------- C:\Favoris
2008-10-05 18:45 . 2008-10-05 18:45 <REP> d--h----- C:\WINDOWS\PIF
2008-09-29 22:06 . 2008-09-29 23:42 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 19:08 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-25 11:38 --------- d-----w C:\Program Files\Shareaza
2008-10-21 16:00 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-10-16 11:49 --------- d-----w C:\Program Files\Médiathèque
2008-09-22 12:17 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL
2008-09-22 12:17 --------- d-----w C:\Program Files\AOL 9.0
2008-09-14 10:59 120 ----a-w C:\drmHeader.bin
2008-09-08 15:50 --------- d-----w C:\Program Files\Illustrate
2006-08-06 16:43 531 -c-ha-w C:\Program Files\hpothb07.tif
2006-08-06 16:43 321 -c-ha-w C:\Program Files\hpothb07.dat
2000-02-03 22:00 116,224 -csh--w C:\WINDOWS\system32\UnzDll.dll
2000-02-03 22:00 130,560 -csh--w C:\WINDOWS\system32\ZipDll.dll
.

------- Sigcheck -------

2008-04-14 03:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe
2004-08-05 14:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe

2008-04-14 03:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ws2_32.dll
2004-08-05 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll

2008-04-14 03:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\winlogon.exe
2004-08-05 14:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\winlogon.exe

2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ndis.sys
2004-08-05 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-05 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ip6fw.sys
2004-08-05 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-14 03:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\services.exe
2004-08-05 14:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\services.exe

2008-04-14 03:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\lsass.exe
2004-08-05 14:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\lsass.exe

2008-04-14 03:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe
2004-08-05 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe

2008-04-14 03:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe
2004-08-05 14:00 25088 d6d65ea32b190401b57edb6706f29669 C:\WINDOWS\system32\userinit.exe

2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\termsrv.dll
2004-08-05 14:00 297984 7d521b8cf926459e270d18c559323815 C:\WINDOWS\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-09-07 58488]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-05 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
"Shell"="C:\WINDOWS\system32\shell32.dll" [2006-12-19 8509952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\AOL 9.0\\aol.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
S3 14d78ca4-7dc5-441e-99ab-22f6f9f03f8a;14d78ca4-7dc5-441e-99ab-22f6f9f03f8a;E:\Player\cds300.dll [ ]
S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2002-09-28 32000]
.
Contenu du dossier 'Tâches planifiées'

2008-10-29 C:\WINDOWS\Tasks\Configurer mon PC.job
- C:\Apps\SMP\PCSETUP.EXE [2005-05-11 09:03]

2006-03-20 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1135078065.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]

2005-12-19 C:\WINDOWS\Tasks\HDReg.job
- c:\Apps\HDReg\HDRegRem.exe [2003-07-15 10:14]

2008-10-29 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-24 11:22]

2008-10-29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{65B40FF7-023D-4C92-A95A-01BD616D107E}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-BOOT - C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe
HKLM-Run-DAEMON Tools-1033 - C:\Program Files\D-Tools\daemon.exe
HKLM-Run-iTunesHelper - D:\Documents and Settings\nicolas\Mes documents\Ma musique\iTunes\iTunesHelper.exe
HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
HKLM-Run-PopUp Destroy - C:\Program Files\PopUp Destroy\Popup-Destroy.exe
HKLM-Run-Trickler - c:\program files\divx\divx pro codec\gain_trickler_3202.exe
ShellExecuteHooks-{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2} - 3D144530.dll

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = file://C:\APPS\IE\offline\fr.htm

- C:\WINDOWS\Downloaded Program Files\ImageShackToolbar.osd

- hxxp://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 20:08:53
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\msiexec.exe
C:\APPS\ABOARD\AOSD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
.
**************************************************************************
.
Heure de fin: 2008-10-29 20:11:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-29 19:11:30

Avant-CF: 53 735 424 octets libres
Après-CF: 7,356,416 octets libres

303 --- E O F --- 2008-10-27 08:02:38
0
Réponse 8 / 14
nicom
 
rapport combofix :

ComboFix 08-10-29.07 - nicolas 2008-10-29 20:02:47.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.159 [GMT 1:00]
Lancé depuis: D:\Documents and Settings\TEMP\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Fichiers communs\PushWare
C:\Program Files\Fichiers communs\PushWare\cpush.dll
C:\Program Files\Fichiers communs\PushWare\Uninst.exe
C:\Program Files\Yiqilai
C:\Program Files\Yiqilai\foobar\foo_ui_columns.dll
C:\Program Files\Yiqilai\foobar\foo_ui_yqllyrics.dll
C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll
C:\Program Files\Yiqilai\realplayer\real_vis_yqllyrics.rpv
C:\Program Files\Yiqilai\tools\GetMusic.exe
C:\Program Files\Yiqilai\tools\Music.dll
C:\Program Files\Yiqilai\tools\YiqilaiLyrics.exe
C:\Program Files\Yiqilai\Uninstall.exe
C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll
C:\Program Files\Yiqilai\winamp\vis_yqllyrics.dll
C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.dll
C:\WINDOWS\system32\12B02216.dll
C:\WINDOWS\system32\3.ext
C:\WINDOWS\system32\3D144530.dll
C:\WINDOWS\system32\9fd8db.sys
C:\WINDOWS\system32\CABA599D.cfg
C:\WINDOWS\system32\CABA599D.dll
C:\WINDOWS\system32\D7C79813.dll
C:\WINDOWS\system32\E3367679.cfg
C:\WINDOWS\system32\E3367679.dll
C:\WINDOWS\system32\E4814792.dll
C:\WINDOWS\system32\sslsocket.dll
C:\WINDOWS\system32\windows.txt
C:\WINDOWS\system32\YQL_Lyrics_Common.dll
C:\WINDOWS\Tasks\[u]0/ux01xx8p.exe
D:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys
D:\Documents and Settings\All Users\Application Data\microsoft\office\system
D:\Documents and Settings\All Users\Application Data\microsoft\office\userdata
D:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\_keepfile
D:\Documents and Settings\All Users\Application Data\microsoft\office\userdata\BC93mN8Td2.dll
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\47AC~1
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\47AC~1\Æô¶¯Ò»ÆðÀ´ÒôÀÖÖúÊÖ.lnk
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\47AC~1\жÔØÒ»ÆðÀ´ÒôÀÖÖúÊÖ.lnk
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\47AC~1\Ò»ÆðÀ´ÒôÀÖÏÂÔØÆ÷.lnk
D:\Documents and Settings\All Users\Menu Démarrer\Programmes\47AC~1\Ò»ÆðÀ´ÒôÀÖÖúÊÖ°ïÖú.url
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\_inimac
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\__fdkfjfjgjitijk
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_inifid
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_inifiletime3
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_inimac
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\1002
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\2007
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3000
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3003
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3004
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3013
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3015
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3016
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3018
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3019
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3020
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3027
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3033
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3036
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3052
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3054
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3056
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3058
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3066
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_KC\3098
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_kdacoptfg
D:\Documents and Settings\TEMP\Local Settings\Temporary Internet Files\_loaderfiletime2
.
---- Previous Run -------
.
C:\Program Files\Fichiers communs\PushWare
C:\Program Files\Fichiers communs\PushWare\cpush0.dll
C:\Program Files\Fichiers communs\PushWare\Uninst.exe
C:\Program Files\Yiqilai
C:\Program Files\Yiqilai\foobar\foo_ui_columns.dll
C:\Program Files\Yiqilai\foobar\foo_ui_yqllyrics.dll
C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll
C:\Program Files\Yiqilai\realplayer\real_vis_yqllyrics.rpv
C:\Program Files\Yiqilai\tools\GetMusic.exe
C:\Program Files\Yiqilai\tools\Music.dll
C:\Program Files\Yiqilai\tools\YiqilaiLyrics.exe
C:\Program Files\Yiqilai\Uninstall.exe
C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll
C:\Program Files\Yiqilai\winamp\vis_yqllyrics.dll
C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.dll
C:\WINDOWS\system32\122B901E.cfg
C:\WINDOWS\system32\122B901E.dll
C:\WINDOWS\system32\12B02216.cfg
C:\WINDOWS\system32\43ACDCC5.cfg
C:\WINDOWS\system32\43ACDCC5.dll
C:\WINDOWS\system32\D7C79813.cfg
C:\WINDOWS\system32\DE02F764.cfg
C:\WINDOWS\system32\DE02F764.dll
C:\WINDOWS\system32\drivers\HBKernel32.sys
C:\WINDOWS\system32\E4814792.cfg
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\gdipro.dll
C:\WINDOWS\system32\HBJXSJ.dll
C:\WINDOWS\system32\HBmhly.dll
C:\WINDOWS\system32\HBTL.dll
C:\WINDOWS\system32\HBWD.dll
C:\WINDOWS\system32\HBWOW.dll
C:\WINDOWS\system32\sslsocket.dll
C:\windows\system32\system.exe
C:\WINDOWS\system32\windows.txt
C:\WINDOWS\system32\YQL_Lyrics_Common.dll
D:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys

[color=blue]Une copie infectée de C:\WINDOWS\system32\spoolsv.exe a été trouvée et désinfectée
Copie restaurée à partir de - /COLOR

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_9FD8DB
-------\Legacy_WMPOBJ
-------\Service_9fd8db
-------\Service_Apcdli
-------\Service_HBKernel32
-------\Service_wmpobj

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.

2008-10-29 20:08 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\TEMP\Voisinage réseau
2008-10-29 20:08 . 2004-08-16 18:55 <REP> d--h----- D:\Documents and Settings\TEMP\Voisinage d'impression
2008-10-29 20:08 . 2005-12-06 21:48 <REP> d--h----- D:\Documents and Settings\TEMP\Modèles
2008-10-29 20:08 . 2008-10-29 20:09 <REP> dr------- D:\Documents and Settings\TEMP\Mes documents
2008-10-29 20:08 . 2005-12-06 21:48 <REP> dr------- D:\Documents and Settings\TEMP\Menu Démarrer
2008-10-29 20:08 . 2005-12-06 13:53 <REP> dr------- D:\Documents and Settings\TEMP\Favoris
2008-10-29 20:08 . 2005-12-05 11:11 <REP> dr------- D:\Documents and Settings\TEMP\Bureau
2008-10-29 20:08 . 2005-12-06 21:48 <REP> d-------- D:\Documents and Settings\TEMP\Application Data\You've Got Pictures Screensaver
2008-10-29 20:08 . 2005-12-05 11:03 <REP> d-------- D:\Documents and Settings\TEMP\Application Data\Symantec
2008-10-29 20:08 . 2008-10-29 20:08 <REP> d-------- D:\Documents and Settings\TEMP
2008-10-27 10:23 . 2008-10-27 10:23 <REP> d-------- C:\Program Files\Trend Micro
2008-10-27 10:23 . 2008-10-27 10:23 <REP> d-------- C:\Program Files\CCleaner
2008-10-26 17:48 . 2008-10-26 17:48 188 --ahs---- C:\WINDOWS\system32\3D144530.cfg
2008-10-25 17:12 . 2008-10-29 18:46 <REP> d-------- C:\Program Files\eMule
2008-10-25 13:05 . 2008-10-25 13:05 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 13:05 . 2008-10-25 13:05 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 13:05 . 2008-10-22 15:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-25 13:05 . 2008-10-22 15:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-25 11:57 . 2008-10-25 11:57 <REP> d-------- C:\Program Files\Common Files
2008-10-09 17:56 . 2008-10-09 17:56 <REP> dr------- C:\Favoris
2008-10-05 18:45 . 2008-10-05 18:45 <REP> d--h----- C:\WINDOWS\PIF
2008-09-29 22:06 . 2008-09-29 23:42 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 19:08 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-10-25 11:38 --------- d-----w C:\Program Files\Shareaza
2008-10-21 16:00 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-10-16 11:49 --------- d-----w C:\Program Files\Médiathèque
2008-09-22 12:17 --------- d-----w D:\Documents and Settings\All Users\Application Data\AOL
2008-09-22 12:17 --------- d-----w C:\Program Files\AOL 9.0
2008-09-14 10:59 120 ----a-w C:\drmHeader.bin
2008-09-08 15:50 --------- d-----w C:\Program Files\Illustrate
2006-08-06 16:43 531 -c-ha-w C:\Program Files\hpothb07.tif
2006-08-06 16:43 321 -c-ha-w C:\Program Files\hpothb07.dat
2000-02-03 22:00 116,224 -csh--w C:\WINDOWS\system32\UnzDll.dll
2000-02-03 22:00 130,560 -csh--w C:\WINDOWS\system32\ZipDll.dll
.

------- Sigcheck -------

2008-04-14 03:34 14336 e4bdf223cd75478bf44567b4d5c2634d C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\svchost.exe
2004-08-05 14:00 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe

2008-04-14 03:33 82432 fb836f9e62d82904c983ad21296a5d9c C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ws2_32.dll
2004-08-05 14:00 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll

2008-04-14 03:34 512000 dd73d6b9f6b4cb630cf35b438b540174 C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\winlogon.exe
2004-08-05 14:00 506368 d2de785aeab0bb8ca4c14a8a199dbe4e C:\WINDOWS\system32\winlogon.exe

2008-04-13 20:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ndis.sys
2004-08-05 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-05 14:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 19:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ip6fw.sys
2004-08-05 14:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-14 03:34 109056 54cb50058851d95e56ec70d09f70857f C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\services.exe
2004-08-05 14:00 108544 732e0b1abaace15d80ec19056b0a2af9 C:\WINDOWS\system32\services.exe

2008-04-14 03:34 13312 91e6024d6d4dcdecdb36c43ecf9bbecb C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\lsass.exe
2004-08-05 14:00 13312 9f3744a5c6f49291a7a685040a013399 C:\WINDOWS\system32\lsass.exe

2008-04-14 03:33 15360 59dc5bb82e4c8e0b3eadcfdbc44ba6e4 C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\ctfmon.exe
2004-08-05 14:00 15360 5584247b568c2e53934873f4b655fe6a C:\WINDOWS\system32\ctfmon.exe

2008-04-14 03:34 26624 e74ddb12188c2ff57a78624dbf7332fc C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\userinit.exe
2004-08-05 14:00 25088 d6d65ea32b190401b57edb6706f29669 C:\WINDOWS\system32\userinit.exe

2008-04-14 03:33 297984 710bc85a8c22626ee094439e3ea0d38c C:\WINDOWS\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\termsrv.dll
2004-08-05 14:00 297984 7d521b8cf926459e270d18c559323815 C:\WINDOWS\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2004-09-07 58488]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 127118]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-12-05 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
"Shell"="C:\WINDOWS\system32\shell32.dll" [2006-12-19 8509952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\AOL 9.0\\aol.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\APPS\\skype\\phone\\Skype.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

R3 PALLADIA;Palladia 300/400 Usb Adsl Modem;C:\WINDOWS\system32\DRIVERS\usbiad.sys [2004-07-14 31547]
S3 14d78ca4-7dc5-441e-99ab-22f6f9f03f8a;14d78ca4-7dc5-441e-99ab-22f6f9f03f8a;E:\Player\cds300.dll [ ]
S3 PIXMCV;JVC Communication PIX-MCV Driver;C:\WINDOWS\system32\Drivers\pixmcvc.sys [2002-09-28 32000]
.
Contenu du dossier 'Tâches planifiées'

2008-10-29 C:\WINDOWS\Tasks\Configurer mon PC.job
- C:\Apps\SMP\PCSETUP.EXE [2005-05-11 09:03]

2006-03-20 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1135078065.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52]

2005-12-19 C:\WINDOWS\Tasks\HDReg.job
- c:\Apps\HDReg\HDRegRem.exe [2003-07-15 10:14]

2008-10-29 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2004-08-24 11:22]

2008-10-29 C:\WINDOWS\Tasks\User_Feed_Synchronization-{65B40FF7-023D-4C92-A95A-01BD616D107E}.job
- C:\WINDOWS\system32\msfeedssync.exe [2006-10-17 11:58]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-BOOT - C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe
HKLM-Run-DAEMON Tools-1033 - C:\Program Files\D-Tools\daemon.exe
HKLM-Run-iTunesHelper - D:\Documents and Settings\nicolas\Mes documents\Ma musique\iTunes\iTunesHelper.exe
HKLM-Run-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
HKLM-Run-PopUp Destroy - C:\Program Files\PopUp Destroy\Popup-Destroy.exe
HKLM-Run-Trickler - c:\program files\divx\divx pro codec\gain_trickler_3202.exe
ShellExecuteHooks-{3D144530-43DA-47CC-B7C7-A3A9F3B9A6B2} - 3D144530.dll

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = file://C:\APPS\IE\offline\fr.htm

- C:\WINDOWS\Downloaded Program Files\ImageShackToolbar.osd

- hxxp://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 20:08:53
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="C:\Apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=C:\Apps\Inventime\mysql\my.ini MysqlInventime"
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\msiexec.exe
C:\APPS\ABOARD\AOSD.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
.
**************************************************************************
.
Heure de fin: 2008-10-29 20:11:33 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-29 19:11:30

Avant-CF: 53 735 424 octets libres
Après-CF: 7,356,416 octets libres

303 --- E O F --- 2008-10-27 08:02:38
0
Réponse 9 / 14
nicom
 
nouveau rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13, on 2008-10-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\APPS\IE\offline\fr.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - http://toolbar.imageshack.us/toolbar/ImageShackToolbar.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FF621AA-5118-4972-8859-49FF068D0DE4}: NameServer = 86.64.145.143 84.103.237.143
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FF621AA-5118-4972-8859-49FF068D0DE4}: NameServer = 86.64.145.143 84.103.237.143
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
0
Réponse 10 / 14
Utilisateur anonyme
 
As-tu MalwareBytes AntiMalwares ?

0
Réponse 11 / 14
nicom
 
j'ai ce logiciel, je l'avais installé quand j'essayais de supprimer mon virus à l'aveuglette.
Néanmoins, après les manip' que vous m'avez demandé de faire, les pages chinoises en question n'apparaissent plus ! plus de trace du dossier yiquilai dans programfiles. Mais bon, peut-être faut-il encore faire d'autres choses pour qu'il soit définitivement supprimé ? Ou si c'est bon, alors merci beaucoup !
0
Réponse 12 / 14
Utilisateur anonyme
 
Peut-tu faire un scan complet en mode sans echec avec Malwaresbytes et me poster le rapport stp.
0
Réponse 13 / 14
Nico-m
 
voilà :

Malwarebytes' Anti-Malware 1.30
Database version: 1306
Windows 5.1.2600 Service Pack 2

30/10/2008 12:00:35
mbam-log-2008-10-30 (12-00-16).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 128635
Time elapsed: 2 hour(s), 36 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\newdcocomediapop.popcoco (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\newdcocomediapop.popcoco.1 (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\newsadpopup.bilogc (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\newsadpopup.bilogc.1 (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\newsadspopup.bjlogc (Trojan.Clicker) -> No action taken.
HKEY_CLASSES_ROOT\newsadspopup.bjlogc.1 (Trojan.Clicker) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Program Files\Yiqilai\foobar\foo_ui_columns.dll.vir (Adware.Agent) -> No action taken.
0
Réponse 14 / 14
PL59 Messages postés 634 Statut Membre 21
 
Salut démarrer en mode sans échec en appuyant sur F8 au démarrage du PC à l'écran d'accueille choisi ton compte fais oui. ensuite lance ton antivirus scanner votre disque(s) dur(s) si des virus sont détectés supprimer les ensuite lancer votre logiciel anti espions Spybot si vous ne l'avez pas télécharger le dans la section téléchargement installer le faite les mises à jours puis vacciner le système ensuite faite une vérification et si des erreurs sont détecter faites le bouton corriger les problèmes. ensuite lance Ccleaner pour nettoyer les fichiers inutiles et la base de registre. Quand cela et fait désactiver la restauration du système car les virus pourrais toujours être présent. Redémarrer normalement XP puis allez à l'adresse https://www.01net.com/telecharger/
pour le télécharger puis installer le et exécuter le si des malwares on été trouvés supprimé les ensuite refaite un coup de ccleaner fichiers et registre ensuite réactiver la restauration du système et crée un point de restauration
et remettez votre page d'accueil par défaut.

Cordialement PL59
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
Erreur 0x800700E1
Didiervd -
Viktimz -

11 réponses