Antivirus 2009Résolu/Fermé

Question

Bonjour,
Voila dès que j'allume mon ordi j'ai plein de fenetre qui s'affiche me disant que tel ou tel fichier a infecté mon ordi mais je sais que ca vient de antivirus 2009 qui est apparu je ne sais comment et impossible de m'en débarasser
j'aurais besoin d'aide svp et dans la barre en bas a droite ya deux croix blanche dans un rond rouge and me disant que y'a une attack et des sigle "attention" bref voila aidez moiii

g!rly · Answer

Salut margaux, 

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe     

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

+

Télécharge HijackThis ici : 

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif 

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Post le rapport généré ici stp...

@+

miick · Answer

anleve ton programme telecharge antivir et hijackthis et ca devrai etre bon

g!rly · Answer

miick , ça devrait être bon ? LOL

miick · Answer

ok

g!rly · Answer

merci

miick · Answer

jten proe

hollywoodemia · Answer

voila le rapport de combo fix ComboFix 08-10-06.08 - Carine 2008-10-07 18:25:47.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.301 [GMT 2:00] Lancé depuis: C:\Users\Carine\Downloads\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Users\Carine\AppData\Roaming\Adobe\crc.dat C:\Users\Carine\AppData\Roaming\Adobe\Player.exe C:\Windows\system32\1.ico ----- BITS: Il y a peut-être des sites infectés ----- hxxp://78.157.143.163 . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-07 au 2008-10-07 )))))))))))))))))))))))))))))))))))) . 2008-10-05 16:29 . 2008-10-05 16:29 d-------- C:\Users\Carine\AppData\Roaming\Media Player Classic 2008-10-05 16:27 . 2008-10-05 16:27 d-------- C:\Users\All Users\Real 2008-10-04 03:48 . 2008-10-04 03:48 d-------- C:\Windows\Sun 2008-10-04 02:32 . 2008-10-03 01:40 25,088 --a------ C:\Windows\System32\YURB2C7.exe 2008-10-04 02:32 . 2008-10-03 01:40 25,088 --a------ C:\Windows\System32\YURAA00.exe 2008-10-04 02:32 . 2008-10-03 01:40 24,064 --a------ C:\Windows\System32\YURBFC1.exe 2008-10-04 02:32 . 2008-10-03 01:40 24,064 --a------ C:\Windows\System32\YURB8EE.exe 2008-10-01 13:36 . 2008-10-05 20:05 d-------- C:\Users\Carine\AppData\Roaming\uTorrent 2008-09-25 16:49 . 2008-09-25 17:59 d-------- C:\Users\Carine\Tracing 2008-09-25 16:47 . 2008-09-25 16:47 d-------- C:\Program Files\Microsoft Office Outlook Connector 2008-09-25 16:46 . 2008-09-25 19:44 d----c--- C:\Windows\System32\DRVSTORE 2008-09-25 16:44 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll 2008-09-25 16:41 . 2008-06-26 05:20 712,704 --a------ C:\Windows\System32\WindowsCodecs.dll 2008-09-25 16:41 . 2008-06-26 05:20 347,648 --a------ C:\Windows\System32\WindowsCodecsExt.dll 2008-09-25 16:37 . 2008-09-25 16:37 d-------- C:\Program Files\Microsoft 2008-09-25 16:24 . 2008-09-25 16:24 d-------- C:\Program Files\Common Files\Windows Live 2008-09-25 02:01 . 2008-10-04 20:55 d-------- C:\Users\Carine\AppData\Roaming\SnapTeam 2008-09-25 02:01 . 2008-09-25 02:01 d-------- C:\Program Files\Snap 2008-09-18 22:14 . 2008-09-18 22:14 d-------- C:\Users\Carine\AppData\Roaming\iLike 2008-09-16 12:47 . 2008-09-16 12:49 d-------- C:\Program Files\DAEMON Tools Toolbar 2008-09-16 12:47 . 2008-09-16 12:49 d-------- C:\Program Files\DAEMON Tools Lite 2008-09-16 12:41 . 2008-09-16 12:41 d-------- C:\Users\Carine\AppData\Roaming\DAEMON Tools 2008-09-16 12:41 . 2008-09-16 12:41 717,296 --a------ C:\Windows\System32\drivers\sptd.sys 2008-09-16 12:31 . 2008-09-16 12:31 d-------- C:\Program Files\HP 2008-09-13 14:23 . 2008-07-31 01:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-13 14:23 . 2008-07-31 05:34 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-09-13 14:23 . 2008-06-26 05:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-13 14:23 . 2008-07-31 05:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-05 16:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-10-04 01:12 --------- d-----w C:\Program Files\PhotoFiltre Studio 2008-10-04 00:40 --------- d-----w C:\Program Files\iTunes 2008-09-30 20:09 --------- d-----w C:\Program Files\Norton Internet Security 2008-09-25 18:04 --------- d-----w C:\Program Files\Windows Live 2008-09-25 17:52 --------- d-----w C:\ProgramData\WLInstaller 2008-09-03 09:18 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-08-28 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-28 19:03 --------- d-----w C:\Program Files\Philips 2008-08-21 13:43 --------- d-----w C:\Program Files\Common Files\Vbox 2008-08-21 13:43 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-14 05:32 --------- d-----w C:\Program Files\Windows Mail 2008-08-13 13:35 --------- d-----w C:\ProgramData\Symantec 2008-08-13 01:58 234,418 ----a-w C:\Windows\EasyGifAnimator_Toolbar_Uninstaller_6378.exe 2008-08-13 01:58 --------- d-----w C:\Program Files\Easy Gif Animator Extension 2008-08-11 10:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-07 23:00 --------- d-----w C:\ProgramData\Apple Computer 2008-08-07 23:00 --------- d-----w C:\Program Files\iPod 2008-08-07 22:55 --------- d-----w C:\Program Files\QuickTime 2008-08-07 22:02 --------- d-----w C:\Program Files\Apple Software Update 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-09 01:23 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-28 1232896] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "\YURAA00.exe"="C:\Windows\system32\YURAA00.exe" [2008-10-03 25088] "\YURB2C7.exe"="C:\Windows\system32\YURB2C7.exe" [2008-10-03 25088] "\YURBFC1.exe"="C:\Windows\system32\YURBFC1.exe" [2008-10-03 24064] "\YURB8EE.exe"="C:\Windows\system32\YURB8EE.exe" [2008-10-03 24064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "BigDogPath"="C:\Windows\VM_STI.EXE" [2004-06-09 40960] "\YURAA00.exe"="C:\Windows\system32\YURAA00.exe" [2008-10-03 25088] "\YURB2C7.exe"="C:\Windows\system32\YURB2C7.exe" [2008-10-03 25088] "\YURBFC1.exe"="C:\Windows\system32\YURBFC1.exe" [2008-10-03 24064] "\YURB8EE.exe"="C:\Windows\system32\YURB8EE.exe" [2008-10-03 24064] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-24 C:\Windows\RtHDVCpl.exe] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ TrayMin210.exe.lnk - C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe [2008-08-28 278528] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Carine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Eurobarre.lnk] path=C:\Users\Carine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eurobarre.lnk backup=C:\Windows\pss\Eurobarre.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] --a------ 2007-02-15 18:39 151552 C:\Acer\AcerTour\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] --a------ 2008-02-20 16:33 963072 C:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] --a------ 2004-06-09 15:37 40960 C:\Windows\VM_STI.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2006-11-21 22:33 107112 c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 17:02 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino] --a------ 2007-04-13 04:46 49152 C:\Windows\Domino.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] --a------ 2007-04-12 17:42 457728 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2007-02-01 01:40 151552 C:\Windows\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2007-03-21 13:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2007-02-01 01:40 131072 C:\Windows\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-02-07 16:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2007-05-23 00:37 850704 C:\PROGRA~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] --a------ 2006-11-21 22:30 22696 c:\Program Files\Norton Internet Security\osCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2007-02-01 01:40 126976 C:\Windows\System32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shadow] --a------ 2007-03-26 17:34 499712 C:\Program Files\NewTech Infosystems\NTI Shadow\Shadow.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] --a------ 2006-11-05 22:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211] --a------ 2007-04-13 04:46 57344 C:\Windows\ZSSnp211.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{94B17500-C124-47C0-9CEC-E4344BD5AE3B}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{9BAA3E88-B59D-4AA2-897A-45D9EBDF56E9}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{A4E2ABA4-8A76-4D30-984D-72DA5F848D70}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{5092ECF4-A82E-4B7F-819C-C73B82E195C1}"= UDP:990:LocalSubnet:LocalSubnet|IF={7E0691DF-5B55-4BA6-954F-0AD7A6ADD5FB}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001 "{06F97C82-D30F-4D30-B7C4-945B53AC5C6D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{8AAC731E-E2A7-4516-8A26-8E246B899C5B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{22ED95F7-981A-495B-9031-0EE377581B35}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{E4BFEE22-6584-4D1F-BCA9-732B700876CE}"= UDP:D:\uTorrent.exe:µTorrent (TCP-In) "{F87A0282-FA5B-4D52-AF99-69AD5D07050A}"= TCP:D:\uTorrent.exe:µTorrent (UDP-In) "{8344AE11-F701-4CB9-83AD-6FB0265F0D90}"= UDP:D:\uTorrent.exe:µTorrent (TCP-In) "{AAEBA214-AC43-41DD-9D77-47C734BF03DF}"= TCP:D:\uTorrent.exe:µTorrent (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu "C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption "C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080523.001\IDSvix86.sys [2008-02-14 261680] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 16:51 13560] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 37936] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-09 179712] S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6398eeee-4d55-11dd-999a-fe71a9cd4430}] \shell\AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2008-10-03 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Carine.job - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 22:30] 2008-10-05 C:\Windows\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08] . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{36FD46E0-1376-44FB-92CD-075178683EE7} - (no file) HKCU-Run-\YURE0AD.exe - C:\Windows\system32\YURE0AD.exe HKCU-Run-\YUR42F8.exe - C:\Windows\system32\YUR42F8.exe HKCU-Run-\YURA505.exe - C:\Windows\system32\YURA505.exe HKCU-Run-\YURDDEF.exe - C:\Windows\system32\YURDDEF.exe HKCU-Run-\YURDDF0.exe - C:\Windows\system32\YURDDF0.exe HKCU-Run-\YUREDE.exe - C:\Windows\system32\YUREDE.exe HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Users\Carine\AppData\Roaming\Mozilla\Firefox\Profiles\1q8278dy.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.myspace.com/ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll FF -: plugin - C:\Users\Carine\AppData\Roaming\Mozilla\Firefox\Profiles\1q8278dy.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll FF -: plugin - D:\Real Alternative\browser\plugins\nppl3260.dll FF -: plugin - D:\Real Alternative\browser\plugins\nprpjplug.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-07 18:31:02 Windows 6.0.6000 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-10-07 18:32:36 ComboFix-quarantined-files.txt 2008-10-07 16:32:29 Avant-CF: 5 835 694 080 octets libres Après-CF: 6,469,959,680 octets libres 260 --- E O F --- 2008-09-14 01:04:04

hollywoodemia · Answer

et voila la rapport de hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:19, on 07/10/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\VM_STI.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\coucou\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKLM\..\Run: [\YURAA00.exe] C:\Windows\system32\YURAA00.exe
O4 - HKLM\..\Run: [\YURB2C7.exe] C:\Windows\system32\YURB2C7.exe
O4 - HKLM\..\Run: [\YURBFC1.exe] C:\Windows\system32\YURBFC1.exe
O4 - HKLM\..\Run: [\YURB8EE.exe] C:\Windows\system32\YURB8EE.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [\YURAA00.exe] C:\Windows\system32\YURAA00.exe
O4 - HKCU\..\Run: [\YURB2C7.exe] C:\Windows\system32\YURB2C7.exe
O4 - HKCU\..\Run: [\YURBFC1.exe] C:\Windows\system32\YURBFC1.exe
O4 - HKCU\..\Run: [\YURB8EE.exe] C:\Windows\system32\YURB8EE.exe
O4 - Global Startup: TrayMin210.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

hollywoodemia · Answer

c'est margaux la hein je m'étais pas identifié au début

g!rly · Answer

...

g!rly · Answer

pfff mes messages ne passent pas...

g!rly · Answer

bon margaux, je vais t´envoyer ma réponse en message privé...

g!rly · Answer

Ça y est j´ai posté le message privé à ton intention :)
Continue a poster ici si tu le peux...
@+

hollywoodemia · Answer

voila le rapport combofix ComboFix 08-10-06.08 - Carine 2008-10-07 20:11:33.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.345 [GMT 2:00] Lancé depuis: C:\Users\Carine\Downloads\ComboFix.exe Commutateurs utilisés :: C:\Users\Carine\Desktop\CFScript.txt FILE :: C:\Windows\System32\YURAA00.exe C:\Windows\system32\YURB2C7.exe C:\Windows\System32\YURB8EE.exe C:\Windows\System32\YURBFC1.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\System32\YURAA00.exe C:\Windows\system32\YURB2C7.exe C:\Windows\System32\YURB8EE.exe C:\Windows\System32\YURBFC1.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-07 au 2008-10-07 )))))))))))))))))))))))))))))))))))) . 2008-10-07 18:38 . 2008-10-07 18:41 d-------- C:\coucou 2008-10-05 16:29 . 2008-10-05 16:29 d-------- C:\Users\Carine\AppData\Roaming\Media Player Classic 2008-10-05 16:27 . 2008-10-05 16:27 d-------- C:\Users\All Users\Real 2008-10-04 03:48 . 2008-10-04 03:48 d-------- C:\Windows\Sun 2008-10-01 13:36 . 2008-10-05 20:05 d-------- C:\Users\Carine\AppData\Roaming\uTorrent 2008-09-25 16:49 . 2008-09-25 17:59 d-------- C:\Users\Carine\Tracing 2008-09-25 16:47 . 2008-09-25 16:47 d-------- C:\Program Files\Microsoft Office Outlook Connector 2008-09-25 16:46 . 2008-09-25 19:44 d----c--- C:\Windows\System32\DRVSTORE 2008-09-25 16:44 . 2006-11-29 13:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll 2008-09-25 16:41 . 2008-06-26 05:20 712,704 --a------ C:\Windows\System32\WindowsCodecs.dll 2008-09-25 16:41 . 2008-06-26 05:20 347,648 --a------ C:\Windows\System32\WindowsCodecsExt.dll 2008-09-25 16:37 . 2008-09-25 16:37 d-------- C:\Program Files\Microsoft 2008-09-25 16:24 . 2008-09-25 16:24 d-------- C:\Program Files\Common Files\Windows Live 2008-09-25 02:01 . 2008-10-04 20:55 d-------- C:\Users\Carine\AppData\Roaming\SnapTeam 2008-09-25 02:01 . 2008-09-25 02:01 d-------- C:\Program Files\Snap 2008-09-18 22:14 . 2008-09-18 22:14 d-------- C:\Users\Carine\AppData\Roaming\iLike 2008-09-16 12:47 . 2008-09-16 12:49 d-------- C:\Program Files\DAEMON Tools Toolbar 2008-09-16 12:47 . 2008-09-16 12:49 d-------- C:\Program Files\DAEMON Tools Lite 2008-09-16 12:41 . 2008-09-16 12:41 d-------- C:\Users\Carine\AppData\Roaming\DAEMON Tools 2008-09-16 12:41 . 2008-09-16 12:41 717,296 --a------ C:\Windows\System32\drivers\sptd.sys 2008-09-16 12:31 . 2008-09-16 12:31 d-------- C:\Program Files\HP 2008-09-13 14:23 . 2008-07-31 01:47 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-13 14:23 . 2008-07-31 05:34 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-09-13 14:23 . 2008-06-26 05:22 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-13 14:23 . 2008-07-31 05:34 28,160 --a------ C:\Windows\System32\Apphlpdm.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-05 16:00 --------- d-----w C:\Program Files\Norton Security Scan 2008-10-04 01:12 --------- d-----w C:\Program Files\PhotoFiltre Studio 2008-10-04 00:40 --------- d-----w C:\Program Files\iTunes 2008-09-30 20:09 --------- d-----w C:\Program Files\Norton Internet Security 2008-09-25 18:04 --------- d-----w C:\Program Files\Windows Live 2008-09-25 17:52 --------- d-----w C:\ProgramData\WLInstaller 2008-09-03 09:18 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-08-28 19:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-28 19:03 --------- d-----w C:\Program Files\Philips 2008-08-21 13:43 --------- d-----w C:\Program Files\Common Files\Vbox 2008-08-21 13:43 --------- d-----w C:\Program Files\Common Files\Adobe 2008-08-14 05:32 --------- d-----w C:\Program Files\Windows Mail 2008-08-13 13:35 --------- d-----w C:\ProgramData\Symantec 2008-08-13 01:58 234,418 ----a-w C:\Windows\EasyGifAnimator_Toolbar_Uninstaller_6378.exe 2008-08-13 01:58 --------- d-----w C:\Program Files\Easy Gif Animator Extension 2008-08-11 10:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-08-07 23:00 --------- d-----w C:\ProgramData\Apple Computer 2008-08-07 23:00 --------- d-----w C:\Program Files\iPod 2008-08-07 22:55 --------- d-----w C:\Program Files\QuickTime 2008-08-07 22:02 --------- d-----w C:\Program Files\Apple Software Update 2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-15 23:48 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-09 01:23 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-10-07_18.31.59.93 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-07 16:09:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-10-07 17:15:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-10-07 16:09:01 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-10-07 17:15:48 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-10-07 16:09:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-10-07 17:15:48 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-28 1232896] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728] "updateMgr"="c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104] "Windows Mobile-based device management"="C:\Windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "BigDogPath"="C:\Windows\VM_STI.EXE" [2004-06-09 40960] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-24 C:\Windows\RtHDVCpl.exe] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ TrayMin210.exe.lnk - C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe [2008-08-28 278528] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=eNetHook.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\Windows\pss\WinZip Quick Pick.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Carine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Eurobarre.lnk] path=C:\Users\Carine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Eurobarre.lnk backup=C:\Windows\pss\Eurobarre.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder] --a------ 2007-02-15 18:39 151552 C:\Acer\AcerTour\Reminder.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] --a------ 2008-07-22 20:42 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] --a------ 2008-02-20 16:33 963072 C:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath] --a------ 2004-06-09 15:37 40960 C:\Windows\VM_STI.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2006-11-21 22:33 107112 c:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-07-24 17:02 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino] --a------ 2007-04-13 04:46 49152 C:\Windows\Domino.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader] --a------ 2007-04-12 17:42 457728 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2007-02-01 01:40 151552 C:\Windows\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] --a------ 2007-03-21 13:00 174872 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2007-02-01 01:40 131072 C:\Windows\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --a------ 2007-02-07 16:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager] --a------ 2007-05-23 00:37 850704 C:\PROGRA~1\LAUNCH~1\LManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck] --a------ 2006-11-21 22:30 22696 c:\Program Files\Norton Internet Security\osCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2007-02-01 01:40 126976 C:\Windows\System32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shadow] --a------ 2007-03-26 17:34 499712 C:\Program Files\NewTech Infosystems\NTI Shadow\Shadow.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 04:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp] --a------ 2006-11-05 22:48 57344 C:\Acer\WR_PopUp\WarReg_PopUp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211] --a------ 2007-04-13 04:46 57344 C:\Windows\ZSSnp211.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{94B17500-C124-47C0-9CEC-E4344BD5AE3B}"= C:\Program Files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{9BAA3E88-B59D-4AA2-897A-45D9EBDF56E9}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{A4E2ABA4-8A76-4D30-984D-72DA5F848D70}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{5092ECF4-A82E-4B7F-819C-C73B82E195C1}"= UDP:990:LocalSubnet:LocalSubnet|IF={7E0691DF-5B55-4BA6-954F-0AD7A6ADD5FB}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001 "{06F97C82-D30F-4D30-B7C4-945B53AC5C6D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{8AAC731E-E2A7-4516-8A26-8E246B899C5B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{22ED95F7-981A-495B-9031-0EE377581B35}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{E4BFEE22-6584-4D1F-BCA9-732B700876CE}"= UDP:D:\uTorrent.exe:µTorrent (TCP-In) "{F87A0282-FA5B-4D52-AF99-69AD5D07050A}"= TCP:D:\uTorrent.exe:µTorrent (UDP-In) "{8344AE11-F701-4CB9-83AD-6FB0265F0D90}"= UDP:D:\uTorrent.exe:µTorrent (TCP-In) "{AAEBA214-AC43-41DD-9D77-47C734BF03DF}"= TCP:D:\uTorrent.exe:µTorrent (UDP-In) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu "C:\Acer\Empowering Technology\eDataSecurity\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption "C:\Acer\Empowering Technology\eDataSecurity\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080523.001\IDSvix86.sys [2008-02-14 261680] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0/u00.fcl [2006-11-02 16:51 13560] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-02-26 29183504] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-10-30 37936] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-02-09 179712] S3 wampapache;wampapache;c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe [2008-01-18 24635] S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe wampmysqld [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6398eeee-4d55-11dd-999a-fe71a9cd4430}] \shell\AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2008-10-03 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Carine.job - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2006-11-21 22:30] 2008-10-05 C:\Windows\Tasks\Norton Security Scan.job - C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 04:08] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-\YURAA00.exe - C:\Windows\system32\YURAA00.exe HKCU-Run-\YURB2C7.exe - C:\Windows\system32\YURB2C7.exe HKCU-Run-\YURBFC1.exe - C:\Windows\system32\YURBFC1.exe HKCU-Run-\YURB8EE.exe - C:\Windows\system32\YURB8EE.exe HKLM-Run-\YURAA00.exe - C:\Windows\system32\YURAA00.exe HKLM-Run-\YURB2C7.exe - C:\Windows\system32\YURB2C7.exe HKLM-Run-\YURBFC1.exe - C:\Windows\system32\YURBFC1.exe HKLM-Run-\YURB8EE.exe - C:\Windows\system32\YURB8EE.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-07 20:15:21 Windows 6.0.6000 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-10-07 20:17:12 ComboFix-quarantined-files.txt 2008-10-07 18:16:52 ComboFix2.txt 2008-10-07 16:32:38 Avant-CF: 7 280 590 848 octets libres Après-CF: 7,248,031,744 octets libres 258 --- E O F --- 2008-09-14 01:04:04

hollywoodemia · Answer

et le rapport hijakthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:49, on 07/10/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\VM_STI.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\coucou\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: TrayMin210.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

g!rly · Answer

margaux, 

bien joué

maintenant : un peu plus long...

Fais un scan avec cet antispyware :

Telecharge malwarebytes + tutoriel :

-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".

Puis click sur "rechercher".

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

@+

hollywoodemia · Answer

voila le rapport

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1240
Windows 6.0.6000 

08/10/2008 13:27:33
mbam-log-2008-10-08 (13-27-33).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 171593
Temps écoulé: 1 hour(s), 17 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\MicroAV (Rogue.MicroAntivirus) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Users\Carine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\Carine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smart Antivirus 2009\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
C:\Users\Carine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Antivirus-2009.lnk (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.

g!rly · Answer

Salut margaux, 

comment va ton pc maintenant ? 

tu dois être débarrassé de l´antivirus 2009 ? non :)

post un dernier rapport hijack this stp

@+

hollywoodemia · Answer

voila le rapport 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:13:13, on 09/10/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\VM_STI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Carine\Program Files\DNA\btdna.exe
C:\Program Files\Philips\Philips SPC210NC Webcam\TrayMin210.exe
C:\Users\Carine\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Carine\AppData\Local\Temp\Temp1_HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.1\EasyGifAnimator_Toolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Philips SPC210NC Webcam
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Carine\Program Files\DNA\btdna.exe"
O4 - Global Startup: TrayMin210.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix: 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

g!rly · Answer

Salut margaux, 

a l´aide de hijack this coche et fix :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

puis

ta version de acrobat reader n´est pas a jour, tu veux la derniere verion en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou oublie completement acrobat reader et instales foxit plus léger a la place:

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

comment va ton pc ?

@+

hollywoodemia · Answer

il va super bien haha merci :D

j'ai installé la nouvelle version de adobe !

g!rly · Answer

Super, 

Je met le topik en resolu alors ?!

Passe ceci pour supprimer les outils utilisés :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 

Bye`

g!rly`

Antivirus 2009

22 réponses

Discussions similaires

Newsletters