Se connecter / S'enregistrer
Votre question

Suis-je infecter ?

Tags :
  • Firefox
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Mars 2008 19:49:46

Bonjour, je depuis quelque temps mon ordinateur plante sur firefox quand je navigue plus de 15 d'heures, et je dois l'éteindre a l'arrache. Après je réinstalle firefox et sa remarche normalement a peu près 2-3 jours avant de recommencer. Je me suis donc demander si cela venait pas d'un trojan ou adware qui bypassait par le biais de firefox.
Je vous joins donc ce rapport Hijackthis et Combofix pour voir si je suis réellement infecter. Merci


Combofixe


ComboFix 08-03-05.3 - Johan 2008-03-06 19:00:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.443 [GMT 1:00]
Endroit: C:\Documents and Settings\Johan\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-06 to 2008-03-06 ))))))))))))))))))))))))))))))))))))
.

2008-03-06 17:54 . 2008-03-06 17:55 <REP> d-------- C:\Program Files\iTunes
2008-03-06 17:54 . 2008-03-06 18:50 <REP> d-------- C:\Program Files\iPod
2008-03-06 17:52 . 2008-03-06 17:53 <REP> d-------- C:\Program Files\QuickTime
2008-03-06 17:52 . 2008-03-06 17:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-06 17:50 . 2008-03-06 17:50 <REP> d-------- C:\Program Files\Fichiers communs\Apple
2008-03-06 17:50 . 2008-02-18 11:16 30,464 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2008-03-06 13:12 . 2008-03-06 13:12 <REP> d-------- C:\Program Files\Lavasoft
2008-03-06 13:07 . 2008-03-06 13:07 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-04 11:50 . 2008-03-04 11:50 <REP> d-------- C:\Program Files\AviSynth 2.5
2008-03-01 12:44 . 2008-03-06 18:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-01 12:44 . 2008-03-06 18:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-26 20:14 . 2008-02-26 20:12 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-26 20:12 . 2008-03-05 15:44 <REP> d-------- C:\Documents and Settings\Johan\.housecall6.6
2008-02-23 19:01 . 2008-02-29 19:29 <REP> d-------- C:\Program Files\WinRAR2
2008-02-23 16:49 . 2007-12-27 17:33 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-02-23 16:49 . 2007-12-27 17:33 <REP> d-------- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-02-23 16:49 . 2007-12-29 22:40 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2008-02-23 16:49 . 2007-12-27 17:33 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-02-23 16:49 . 2007-12-29 22:40 <REP> d-------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-02-23 16:49 . 2007-12-27 17:33 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
2008-02-23 16:49 . 2007-12-27 17:33 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-02-22 21:24 . 2008-02-22 21:24 136 --a------ C:\WINDOWS\Winchat.ini
2008-02-22 09:44 . 2008-02-22 14:11 <REP> d-------- C:\Program Files\Teleport Pro
2008-02-20 20:53 . 2008-02-20 20:53 <REP> d-------- C:\Program Files\COMODO
2008-02-20 20:53 . 2008-02-20 20:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-02-20 20:53 . 2008-02-20 20:53 79,096 --a------ C:\WINDOWS\system32\drivers\cmdGuard.sys
2008-02-20 20:53 . 2008-02-20 20:53 23,672 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-02-20 12:20 . 2008-02-20 12:20 7,168 --a------ C:\WINDOWS\system32\Pbpr01sw.dll
2008-02-20 12:20 . 2008-02-20 12:20 30 --a------ C:\WINDOWS\SWPRODPB.INI
2008-02-20 10:19 . 2008-02-20 20:53 <REP> d-------- C:\Documents and Settings\Johan\Application Data\Comodo
2008-02-20 10:19 . 2008-02-20 20:53 139,008 --a------ C:\WINDOWS\system32\guard32.dll
2008-02-19 23:30 . 2008-02-29 19:29 801 --a------ C:\WINDOWS\w32dasm8.ini
2008-02-19 22:00 . 2008-02-19 22:00 <REP> d-------- C:\Documents and Settings\Johan\Application Data\Template
2008-02-19 19:33 . 2008-02-19 19:33 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-19 12:51 . 2008-03-05 12:11 <REP> d-------- C:\Documents and Settings\Johan\dwhelper
2008-02-19 11:33 . 2008-03-04 19:44 251 --a------ C:\WINDOWS\BissHM.ini
2008-02-19 11:24 . 2008-02-19 11:24 <REP> d-------- C:\Program Files\Bluetack
2008-02-19 11:22 . 2008-02-19 11:22 <REP> d-------- C:\WINDOWS\Downloaded Installations
2008-02-19 11:05 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-02-19 11:05 . 2004-08-19 16:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-02-19 11:05 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-02-19 11:05 . 2004-08-19 16:00 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-02-19 11:05 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-19 11:05 . 2001-08-23 17:04 12,288 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-18 18:37 . 2008-02-24 11:24 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-02-18 18:34 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-02-18 18:29 . 2008-02-18 18:29 <REP> d-------- C:\WINDOWS\system32\URTTEMP
2008-02-18 11:12 . 2008-03-01 23:03 <REP> d-------- C:\Program Files\Incomplete
2008-02-16 12:09 . 2008-02-16 12:09 <REP> d---s---- C:\WINDOWS\Historique
2008-02-16 12:09 . 2008-03-04 12:26 <REP> d---s---- C:\WINDOWS\Cookies
2008-02-15 16:14 . 2008-02-15 16:14 <REP> d-------- C:\Program Files\Gta Save
2008-02-15 11:41 . 2008-02-19 11:20 <REP> d-------- C:\Program Files\Arovax Shield
2008-02-15 00:28 . 2008-02-15 00:28 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-02-14 15:00 . 2008-02-14 20:40 <REP> d-------- C:\Documents and Settings\Johan\Application Data\ma-config.com
2008-02-14 10:24 . 2007-09-26 18:32 66,048 --a------ C:\WINDOWS\ieResetIcons.exe
2008-02-14 10:24 . 2008-02-14 10:24 230 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-13 17:37 . 2008-02-13 17:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Arovax
2008-02-13 15:30 . 2008-03-06 13:17 250 --a------ C:\WINDOWS\gmer.ini
2008-02-13 10:42 . 2008-02-13 10:41 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-13 10:42 . 2008-02-13 10:42 3,448 --a------ C:\WINDOWS\unins000.dat
2008-02-09 22:03 . 2004-08-19 16:09 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-02-09 22:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-02-09 22:03 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-02-09 22:03 . 2001-08-23 17:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-02-09 11:11 . 2008-02-09 11:11 <REP> d-------- C:\Program Files\JoWood
2008-02-09 11:10 . 2008-02-09 11:10 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 17:40 --------- d-----w C:\Program Files\eMule
2008-03-06 17:36 --------- d-----w C:\Program Files\Spyware Terminator
2008-03-06 17:36 --------- d-----w C:\Documents and Settings\Johan\Application Data\Spyware Terminator
2008-03-06 16:55 --------- d-----w C:\Documents and Settings\Johan\Application Data\Apple Computer
2008-03-06 16:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-06 16:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-06 12:28 --------- d-----w C:\Program Files\Spyware Doctor
2008-03-06 12:17 --------- d-----w C:\Program Files\WinClamAVShield
2008-03-05 13:25 --------- d-----w C:\Documents and Settings\Johan\Application Data\Classes de site
2008-03-04 17:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-04 10:49 --------- d-----w C:\Program Files\FairUse Wizard 2
2008-03-01 22:00 --------- d-----w C:\Program Files\LimeWire
2008-03-01 21:55 --------- d-----w C:\Documents and Settings\Johan\Application Data\LimeWire
2008-02-23 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 16:01 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-16 17:59 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-02-16 11:16 --------- d-----w C:\Program Files\LiveKillCleanMessenger
2008-02-14 13:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-13 23:28 --------- d-----w C:\Program Files\Fichiers communs\Nero
2008-02-13 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-13 11:28 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-09 15:16 --------- d-----w C:\Program Files\XoftSpySE
2008-02-04 19:42 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-02-04 19:42 --------- d--h--r C:\Documents and Settings\Johan\Application Data\SecuROM
2008-02-02 16:07 --------- d-----w C:\Program Files\Ulead Systems
2008-02-02 15:27 --------- d-----w C:\Program Files\PhotoFiltre
2008-01-31 17:26 --------- d-----w C:\Program Files\Visicom Media
2008-01-31 17:26 --------- d-----w C:\Documents and Settings\Johan\Application Data\vmntoolbar
2008-01-27 19:36 --------- d-----w C:\Documents and Settings\Johan\Application Data\dvdcss
2008-01-24 11:56 --------- d-----w C:\Documents and Settings\Johan\Application Data\OpenOffice.org2
2008-01-24 06:30 --------- d-----w C:\Program Files\Rockstar Games
2008-01-23 15:58 --------- d-----w C:\Program Files\EA Sports
2008-01-21 19:24 --------- d-----w C:\Program Files\Fichiers communs\PC Tools
2008-01-21 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Tools
2008-01-21 07:35 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Talkback
2008-01-19 19:33 --------- d-----w C:\Documents and Settings\Johan\Application Data\Live-Prod
2008-01-14 07:02 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Talkback
2008-01-14 06:16 --------- d-----w C:\Documents and Settings\Johan\Application Data\NetAppel
2008-01-13 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-13 17:18 --------- d-----w C:\Documents and Settings\Johan\Application Data\Lavasoft
2008-01-12 21:32 --------- d-----w C:\Program Files\Ubi Soft
2008-01-11 20:37 --------- d-----w C:\Program Files\PowerQuest
2008-01-11 18:32 --------- d-----w C:\Program Files\directx
2008-01-11 17:29 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-11 17:18 --------- d-----w C:\Program Files\epson
2008-01-11 17:02 --------- d-----w C:\Program Files\Ahead
2008-01-11 17:00 --------- d-----w C:\Documents and Settings\Johan\Application Data\NeroVision
2008-01-11 16:54 --------- d-----w C:\Program Files\Microsoft Encarta
2008-01-11 16:53 --------- d-----w C:\Program Files\Microsoft Picture It! 7
2008-01-11 16:48 --------- d-----w C:\Program Files\Microsoft AutoRoute
2008-01-11 16:47 --------- d-----w C:\Program Files\Microsoft Money
2008-01-11 16:45 --------- d-----w C:\Program Files\Microsoft Works
2008-01-11 16:39 --------- d-----w C:\Program Files\Microsoft Works Suite 2003
2008-01-10 18:54 --------- d-----w C:\Program Files\Free Audio Pack
2008-01-09 19:22 --------- d-----w C:\Documents and Settings\Johan\Application Data\Ulead Systems
2008-01-09 15:54 --------- d-----w C:\Program Files\Crawler
2008-01-09 15:47 --------- d-----w C:\Program Files\CCleaner
2008-01-08 17:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-01-08 17:40 --------- d-----w C:\Program Files\Logitech
2008-01-08 17:40 --------- d-----w C:\Program Files\Fichiers communs\logishrd
2008-01-06 18:14 --------- d-----w C:\Program Files\Activision
2007-12-27 16:41 558,142 ----a-w C:\WINDOWS\java\Packages\STR9N5BX.ZIP
2007-12-27 16:40 155,995 ----a-w C:\WINDOWS\java\Packages\01JDBFV9.ZIP
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"Arovax Shield"="C:\Program Files\Arovax Shield\ArovaxShield.exe" [2007-04-26 12:18 1214576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-02 13:37 249896]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-02-20 20:53 1481984]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]



Hijackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:49, on 2008-03-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Arovax Shield\ArovaxShield.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\eRightSoft\SUPER\SUPER.exe
C:\Program Files\eRightSoft\SUPER\ffmpeg.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Arovax Shield] C:\Program Files\Arovax Shield\ArovaxShield.exe -tray
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PsExec (PSEXESVC) - Unknown owner - C:\WINDOWS\PSEXESVC.EXE (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4075 bytes

Autres pages sur : infecter

a b 8 Sécurité
6 Mars 2008 21:27:24

Bonjour,

Je ne pense pas à un virus.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS