Sujet Précédent Sujet Suivant

Infecté sur msn

Fermé
sergio17 - 8 avril 2008 à 20:46
 sergio17 - 11 avril 2008 à 20:03
Bonjour,
j'ai ouvert un lien sur msn vebnant d'un ami qui s'est avéré etre un virus
attention a msn
voici mon hitjackthisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:43:41, on 08/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\a-squared free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -masquer
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kaspersky Anti-Virus 5.5 for Check Point™ FireWall-1® (kav4cpf1) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Check Point FireWall\Kav4cpf1.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
A voir également:

2 réponses

Réponse 1 / 2
theyellow29 Messages postés 538 Date d'inscription vendredi 17 août 2007 Statut Membre Dernière intervention 16 août 2009 51
8 avril 2008 à 20:49
salut

essai SDFix

https://www.malekal.com/slenfbot-still-an-other-irc-bot/
0
sergio17
8 avril 2008 à 21:03
merci

j'ai donc telechargé sdfix
je me suis remis sur firefox
comment savoir si ke suis toujours infecté?
0
sergio17
8 avril 2008 à 21:15
apparement ca refonctionne bien
je te remercie
0
Réponse 2 / 2
theyellow29 Messages postés 538 Date d'inscription vendredi 17 août 2007 Statut Membre Dernière intervention 16 août 2009 51
8 avril 2008 à 21:11
si ta bien tout suivi le tuto
renvois un log
0
sergio17
8 avril 2008 à 22:32
oui,je viens de voir qu'il faut le faire en mode sans échec
je le fais et j'envoie un log
merci
0
sergio17
8 avril 2008 à 23:06
voici le resultat :

[b]SDFix: Version 1.167 [/b]
Run by Administrateur on 08/04/2008 at 22:49

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\%%%.exe - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1351.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 22:56:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"C:\WINDOWS\system32\esent.dll"
"CategoryMessageFile"=str(2):"C:\WINDOWS\system32\esent.dll"

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 2


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\HomePlayer1.5.4\\HomePlayer.exe"="C:\\Program Files\\HomePlayer1.5.4\\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adslTV"
"C:\\Program Files\\FreeEasyZap\\FreeEasyZap.exe"="C:\\Program Files\\FreeEasyZap\\FreeEasyZap.exe:*:Enabled:FreeEasyZap"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\adslTV\\vlc.exe"="C:\\Program Files\\adslTV\\vlc.exe:*:Enabled:VLC media player"
"C:\\WINDOWS\\system32\\%%%.exe"="C:\\WINDOWS\\system32\\%%%.exe:*:Enabled:Flash Media"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 27 Jun 2005 616,448 A.SHR --- "C:\Program Files\Replay Converter\cygwin1.dll"
Wed 22 Jun 2005 45,568 A.SHR --- "C:\Program Files\Replay Converter\cygz.dll"
Tue 10 Dec 2002 102,437 A..HR --- "C:\Program Files\Replay Converter\drv13260.dll"
Tue 10 Dec 2002 176,165 A..HR --- "C:\Program Files\Replay Converter\drv23260.dll"
Tue 10 Dec 2002 208,935 A..HR --- "C:\Program Files\Replay Converter\drv33260.dll"
Tue 10 Dec 2002 217,127 A..HR --- "C:\Program Files\Replay Converter\drv43260.dll"
Sun 9 Jun 2002 40,448 A..HR --- "C:\Program Files\Replay Converter\dspr3260.dll"
Sun 4 Nov 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\ivvideo.dll"
Tue 10 Apr 2001 225,280 A..HR --- "C:\Program Files\Replay Converter\qtmlClient.dll"
Fri 20 Feb 2004 232,960 A..HR --- "C:\Program Files\Replay Converter\raac.dll"
Sun 9 Jun 2002 525,824 A..HR --- "C:\Program Files\Replay Converter\rnco3260.dll"
Tue 10 Dec 2002 245,805 A..HR --- "C:\Program Files\Replay Converter\rnlt3260.dll"
Tue 10 Dec 2002 45,093 A..HR --- "C:\Program Files\Replay Converter\rv103260.dll"
Tue 10 Dec 2002 98,341 A..HR --- "C:\Program Files\Replay Converter\rv203260.dll"
Tue 10 Dec 2002 94,247 A..HR --- "C:\Program Files\Replay Converter\rv303260.dll"
Tue 10 Dec 2002 90,151 A..HR --- "C:\Program Files\Replay Converter\rv403260.dll"
Sun 9 Jun 2002 49,152 A..HR --- "C:\Program Files\Replay Converter\tokr3260.dll"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Fri 9 Mar 2007 27,648 A.SH. --- "C:\WINDOWS\system32\AVSredirect.dll"
Mon 26 Mar 2007 5 A.SH. --- "C:\WINDOWS\system32\eacdbda5_s.dll"
Mon 26 Mar 2007 5 A.SH. --- "C:\WINDOWS\system32\eacdbda5_d.dll"
Wed 9 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\DRMv1.bak"
Wed 9 May 2007 0 A.SH. --- "C:\Documents and Settings\All Users.WINDOWS\DRM\Cache\Indiv01.tmp"

[b]Finished![/b]

merci
0
sergio17
9 avril 2008 à 16:12
bonjour
je viens d'ouvrir mon pc
j'ai toujours un probleme pour aller sur internet
il fait un bip puis se bloque

merci
0
sergio17
10 avril 2008 à 18:28
finalement,pour ceux contaminés par"elle pas mal ta tof"

j'avais sur mon bureau un spybot résident qui bloquait firefox

j'ai désinstallé spybot(faire aussi une recherche pour bien tout éliminer)
maintenant,ca refonctionne

j'ai fait un scann combofix:
ComboFix 08-04-09.9 - Propriétaire 2008-04-10 16:47:55.1 - NTFSx86
Endroit: C:\Documents and Settings\Propriétaire.SERGE.001\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Propriétaire.SERGE.001\real.txt

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-10 to 2008-04-10 ))))))))))))))))))))))))))))))))))))
.

2008-04-09 18:02 . 2008-04-09 18:02 <REP> d-------- C:\backups
2008-04-09 18:01 . 2008-04-09 18:01 <REP> d-------- C:\backupreg
2008-04-08 22:47 . 2008-04-08 22:47 <REP> d-------- C:\WINDOWS\ERUNT
2008-04-08 20:43 . 2008-04-08 20:43 <REP> d-------- C:\Program Files\Trend Micro
2008-04-08 15:26 . 2008-04-08 15:26 244 --ah----- C:\sqmnoopt02.sqm
2008-04-08 15:26 . 2008-04-08 15:26 232 --ah----- C:\sqmdata02.sqm
2008-04-06 20:30 . 2008-03-29 19:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-06 20:30 . 2008-03-29 19:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-03-10 18:34 . 2008-03-10 18:35 <REP> d-------- C:\Program Files\HomePlayer1.5.4
2008-03-10 18:32 . 2008-03-10 18:33 <REP> d-------- C:\Program Files\Freeplayer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-09 19:08 --------- d-----w C:\Program Files\eMule
2008-04-09 19:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-04-09 18:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-07 20:19 --------- d-----w C:\Program Files\adslTV
2008-04-02 15:32 --------- d-----w C:\Documents and Settings\Propriétaire.SERGE.001\Application Data\OpenOffice.org2
2008-03-29 17:45 1,146,232 ----a-w C:\WINDOWS\system32\aswBoot.exe
2008-03-29 17:35 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-29 17:29 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-29 17:27 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-29 17:26 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-29 17:23 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2008-03-23 17:47 --------- d-----w C:\Program Files\Google
2008-03-22 21:50 --------- d-----w C:\Program Files\Java
2008-03-22 11:30 --------- d-----w C:\Program Files\FreeEasyZap
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-16 14:09 --------- d-----w C:\Documents and Settings\Propriétaire.SERGE.001\Application Data\dvdcss
2008-03-10 10:06 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-03-10 10:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-03-09 15:10 --------- d-----w C:\Documents and Settings\Propriétaire.SERGE.001\Application Data\MSN6
2008-03-09 15:06 --------- d-----w C:\Program Files\Free.fr
2008-03-09 05:50 --------- d-----w C:\Program Files\Easyscreen Screen Capture Trial
2008-03-09 05:49 --------- d-----w C:\Program Files\HomePlayer1.5.3.1
2008-03-05 18:12 --------- d-----w C:\Documents and Settings\Propriétaire.SERGE.001\Application Data\escreen
2008-03-01 12:58 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-27 13:25 --------- d-----w C:\Program Files\Windows Live
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-12 18:05 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-26 12:00 253,952 ------w C:\WINDOWS\Setup1.exe
2008-01-26 11:59 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-10-10 15:55 2,293,712 -c--a-w C:\Program Files\FLV PlayerFCSetup.exe
2007-10-10 15:52 411,248 -c--a-w C:\Program Files\FLV PlayerRCSetup.exe
2007-10-10 15:52 3,655,488 -c--a-w C:\Program Files\FLV PlayerRCATSetup.exe
2004-03-11 16:35 26,621 -c--a-w C:\Program Files\sp698vbo.inf
2004-03-11 16:35 10,010,624 -c--a-w C:\Program Files\VS6sp6B2.cab
2004-03-11 16:35 1,835,758 -c--a-w C:\Program Files\VS6sp6B3.cab
2004-03-11 16:34 9,011,712 -c--a-w C:\Program Files\VS6sp6B1.cab
2004-03-11 16:32 57,880 -c--a-w C:\Program Files\sp698vbo.stf
2004-03-11 16:32 1,714 -c--a-w C:\Program Files\setupsp6.lst
2004-03-11 14:23 112,128 -c--a-w C:\Program Files\sp698vbo.dll
2004-03-11 13:01 989,512 -c--a-w C:\Program Files\vbrun60.cab
2004-03-10 20:39 60,699 -c--a-w C:\Program Files\msstdfmt.cab
2004-03-10 20:39 37,721 -c--a-w C:\Program Files\MSBind.CAB
2004-03-09 15:45 397,072 -c--a-w C:\Program Files\mswless.ocx
2004-03-09 15:45 107,008 -c--a-w C:\Program Files\msscript.ocx
2004-02-23 19:35 3,027,068 -c--a-w C:\Program Files\msvbvm60.dbg
2004-02-19 17:11 2,579 -c--a-w C:\Program Files\eula.txt
2004-01-30 02:01 6,990 -c--a-w C:\Program Files\readme.htm
2003-01-14 13:58 487,481 -c--a-w C:\Program Files\jscript.dll
2003-01-14 13:58 438,330 -c--a-w C:\Program Files\vbscript.dll
2002-05-08 06:14 4,248 -c--a-w C:\Program Files\toc.htm
2001-09-16 18:44 33,085 -c--a-w C:\Documents and Settings\langue\maj.bat
2001-03-30 10:54 149 -c--a-w C:\Program Files\setup.ini
2000-07-15 13:43 84 -c--a-w C:\Program Files\setup.tdf
2000-07-15 13:10 26,896 -c--a-w C:\Program Files\dispex.dll
2000-06-13 11:47 2,718 -c--a-w C:\Program Files\redist.txt
2000-06-13 09:33 2,482 -c--a-w C:\Program Files\mswless.dep
2000-06-13 09:29 74,931 -c--a-w C:\Program Files\setupsp6.exe
2000-06-13 09:29 381,440 -c--a-w C:\Program Files\acmsetup.exe
2000-06-13 09:29 32,256 -c--a-w C:\Program Files\selfreg.dll
2000-06-13 09:29 286,720 -c--a-w C:\Program Files\mssetup.dll
2000-06-13 09:29 19,542 -c--a-w C:\Program Files\acmsetup.hlp
2000-05-31 14:39 62,411 -c--a-w C:\Program Files\MSDERUN.CAB
2000-05-31 14:39 22,815 -c--a-w C:\Program Files\mscdrun.cab
2000-05-23 12:43 86,666 -c--a-w C:\Program Files\MSMask32.CAB
2000-05-23 12:43 86,616 -c--a-w C:\Program Files\Msrdc20.cab
2000-05-23 12:43 47,533 -c--a-w C:\Program Files\PicClp32.CAB
2000-05-23 12:43 447,654 -c--a-w C:\Program Files\MSChrt20.CAB
2000-05-23 12:43 428,304 -c--a-w C:\Program Files\Oleaut.cab
2000-05-23 12:43 239,354 -c--a-w C:\Program Files\comctl32.cab
2000-05-23 12:43 204,656 -c--a-w C:\Program Files\MSHFlxGd.CAB
2000-05-23 12:43 114,278 -c--a-w C:\Program Files\MSDatLst.CAB
2000-04-12 12:00 485,280 -c--a-w C:\Program Files\oleaut32.dbg
2000-03-22 09:27 188,416 -c--a-w C:\Documents and Settings\langue\dict.exe
2007-03-09 07:12 27,648 --sha-w C:\WINDOWS\system32\AVSredirect.dll
2007-03-26 19:10 5 --sha-w C:\WINDOWS\system32\eacdbda5_d.dll
2007-03-26 18:35 5 --sha-w C:\WINDOWS\system32\eacdbda5_s.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-26 20:29 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-04-08 19:12 185896]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-03-06 17:01 393728]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 15:43 1836544]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2001-04-12 03:43 841728]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 16:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 04:22 267048]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 21:33 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\HomePlayer1.5.4\\HomePlayer.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\FreeEasyZap\\FreeEasyZap.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\adslTV\\vlc.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-23 18:47]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 22:28]
S2 kav4cpf1;Kaspersky Anti-Virus 5.5 for Check Point™ FireWall-1®;"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus for Check Point FireWall\Kav4cpf1.exe" []

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-02 21:38:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-03-07 20:52:11 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
"2008-04-10 13:49:25 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-04-10 12:57:32 C:\WINDOWS\Tasks\User_Feed_Synchronization-{17A0A84E-A413-4C42-8584-F31E0C8C8591}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-04-10 14:30:22 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-10 16:51:14
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-10 16:52:08
ComboFix-quarantined-files.txt 2008-04-10 14:51:54
Pre-Run: 13,706,727,424 octets libres
Post-Run: 13,693,145,088 octets libres
.
2008-04-09 18:42:09 --- E O F ---

merci a Theyellow 29
0
sergio17
11 avril 2008 à 20:03
bonjour
avast m'a prevenu d'une infection avec un rootkit
j'ai refait sdfix

MSNFix 1.701

C:\Documents and Settings\Propri‚taire.SERGE.001\Bureau\MSNFix
Fix exécuté le 11/04/2008 - 19:51:34,39 By Propri‚taire
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\%%%.exe
... C:\WINDOWS\system32\%%%.exe
... C:\??????.exe
... C:\WINDOWS\system32\real.txt

************************ Recherche les dossiers présents

... \TEMP\




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\%.exe
.. OK ... C:\WINDOWS\system32\%%%.exe
.. OK ... C:\WINDOWS\system32\%%%.exe
.. OK ... C:\WINDOWS\system32\%%%.exe
.. OK ... C:\WINDOWS\system32\%%%.exe
.. OK ... C:\??????.exe
.. OK ... C:\WINDOWS\system32\real.txt


************************ Suppression des dossiers

.. OK ... \TEMP\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\DOCUME~1\PROPRI~1.001\LOCALS~1\Temp\gmer.zip] 4613F4A7D9BA3759ED1FE467E86E2D87
[C:\AdbeRdr80_fr_FR.exe] 7DF8FF41F02A66EA0948114F9EAB2966
[C:\psa30se_fr_fr.exe] 0F0212C3DA107D8151A56E05B8B89C56
[C:\vbrun60sp6.exe] 899185DAA1572EC47DDAEFA1B9766136

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\PROPRI~1.001\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 11042008_19561590.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

merci d'avance pour interpreter ce rapport
0

Discussions similaires

symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Peut on retrouver des conversations MSN?
Moi51 -
benzar -

36 réponses
impossible de me connecter a msn hotmail
Regis -
marino_u -

4 réponses
page d'accueil MSN plus en francais
bea -
mabrouk2 -

67 réponses
C'est quoi MSN ?
jeanp -
smoky57140 -

20 réponses