Votre question

invasion de fichier porno/analyse hijackthis

Tags :
  • analyse
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Octobre 2007 10:29:40

bonjour
je suis envahie par des fichiers porno depuis plusieurs jours. j'ai fait une analyse hijackthis comme vous le recommandez. pouvez-vous résoudre mon probleme, car j'ai des enfants et je suis obligé de leur interdire l'ordi.
merci d'avance

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10:12:08, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Fichiers communs\AOL\1182268129\ee\AOLSoftware.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\AOL\1182268129\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Documents and Settings\Nathalie\Local Settings\Temporary Internet Files\Content.IE5\U7ELON6Z\HiJackThis_v2[1].exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.selexium.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1182268129\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [pviever] "C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c9ad20a0f49144f5ade483ea1bd877c9
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c9ad20a0f49144f5ade483ea1bd877c9
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.selexium.fr
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/zuma/oberongamesl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{89E3622A-ABFF-43A6-9F9A-B5B899C679D6}: NameServer = 205.188.146.145
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 10233 bytes

Autres pages sur : invasion fichier porno analyse hijackthis

3 Octobre 2007 10:53:31

Bonjour


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
3 Octobre 2007 12:26:52

ComboFix 07-10-03.7 - Nathalie 2007-10-03 11:47:28.1 - NTFSx86
Microsoft Windows XP dition familiale 5.1.2600.2.1252.1.1036.18.132 [GMT 2:00]
Running from: C:\Documents and Settings\Nathalie\Mes documents\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Gay-Lesbian-Photo
C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe
C:\Program Files\Gay-Lesbian-Photo\uin.txt

.
((((((((((((((((((((((((((((( Fichiers créés 2007-09-03 to 2007-10-03 ))))))))))))))))))))))))))))))))))))
.

2007-10-03 11:37 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-03 10:06 <REP> d-------- C:\Documents and Settings\Nathalie\Application Data\Talkback
2007-10-02 21:35 <REP> d-------- C:\Program Files\Lavasoft
2007-10-02 21:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-02 21:34 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-10-01 19:28 <REP> d---s---- C:\WINDOWS\system32\%SystemDrive%
2007-10-01 19:28 <REP> d-------- C:\WINDOWS\WLTB Custom Button Feeds
2007-10-01 19:27 <REP> d-------- C:\WINDOWS\Google Toolbar
2007-09-30 10:27 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-09-30 10:13 <REP> d-------- C:\Program Files\Norton Security Scan
2007-09-21 12:53 <REP> d-------- C:\Program Files\PhotoFiltre
2007-09-16 23:31 <REP> d-------- C:\Program Files\ReflexiveArcade
2007-09-13 19:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-10 18:01 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2007-09-10 18:01 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2007-09-06 19:28 384,512 --------- C:\WINDOWS\system32\MFCO40.DLL
2007-09-06 19:28 27,648 --a------ C:\WINDOWS\Photo Express 2 SE.scr
2007-09-06 19:27 <REP> d-------- C:\Program Files\Ulead Systems
2007-09-05 20:01 <REP> d-------- C:\Documents and Settings\Nathalie\Application Data\Help

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-03 09:23 --------- d-------- C:\Documents and Settings\Nathalie\Application Data\SolidDocuments
2007-10-02 17:27 --------- d-------- C:\Program Files\Google
2007-10-01 20:15 --------- d-------- C:\Program Files\Fichiers communs\Real
2007-10-01 20:15 --------- d-------- C:\Documents and Settings\Nathalie\Application Data\Real
2007-10-01 20:13 --------- d-------- C:\Program Files\Fichiers communs\aolshare
2007-10-01 20:13 --------- d-------- C:\Program Files\eMule
2007-10-01 20:13 --------- d-------- C:\Program Files\AOL 9.0
2007-10-01 19:34 --------- d-------- C:\Documents and Settings\All Users\Application Data\Google
2007-10-01 19:29 --------- d-------- C:\Program Files\QuickTime
2007-10-01 19:28 --------- d-------- C:\Program Files\AOL Pictures
2007-10-01 19:26 --------- d-------- C:\Program Files\Gamenext
2007-09-30 15:59 --------- d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-09-27 06:05 --------- d-------- C:\Documents and Settings\Nathalie\Application Data\AdobeUM
2007-09-21 13:00 20019 --a------ C:\Program Files\unfreez.zip
2007-09-21 12:50 1882020 --a------ C:\Program Files\PhotoFiltre.zip
2007-08-29 23:33 --------- d-------- C:\Program Files\SolidDocuments
2007-08-29 23:33 --------- d-------- C:\Program Files\Fichiers communs\SolidDocuments
2007-08-29 23:30 16925776 --a------ C:\Program Files\solidconverterpdf.exe
2007-08-18 20:47 --------- d-------- C:\Documents and Settings\Nathalie\Application Data\PlayFirst
2007-08-12 15:52 --------- d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-08-12 14:56 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-08-10 20:18 --------- d-------- C:\Program Files\VideoLAN
2007-08-10 20:18 --------- d-------- C:\Documents and Settings\Nathalie\Application Data\vlc
2007-08-09 10:48 --------- d-------- C:\Documents and Settings\Nathalie\Application Data\Google
2007-08-06 22:55 --------- d-------- C:\Program Files\Windows Live Toolbar
2007-08-06 22:55 --------- d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-08-06 22:54 --------- d-------- C:\Program Files\MSN Messenger
2007-08-04 11:09 --------- d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-08-03 10:22 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-03 10:22 --------- d-------- C:\Program Files\Micro Application
2007-08-03 10:22 --------- d-------- C:\Program Files\Fichiers communs\InstallShield
2007-08-03 09:27 --------- d-------- C:\Documents and Settings\Nathalie\Application Data\SlySoft
2007-08-03 09:26 --------- d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-08-03 09:20 --------- d-------- C:\Program Files\SlySoft
2007-07-31 21:29 15732984 --a------ C:\Program Files\Google_Earth_BZXE.exe
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-28 14:42 774144 --a------ C:\Program Files\RngInterstitial.dll
2007-07-20 13:32 93128 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2007-06-21 17:22 3458079 --a------ C:\Program Files\FileZilla_2_2_32_setup.exe
2007-06-20 19:49 27100264 --a------ C:\Program Files\PowerPointViewer.exe
2007-06-19 17:46 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe
1999-06-30 15:06 151552 -ra------ C:\WINDOWS\inf\Agfa\Message.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05]
"HostManager"="C:\Program Files\Fichiers communs\AOL\1182268129\ee\AOLSoftware.exe" [2006-11-17 15:16]
"AOLDialer"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 12:01]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-08-20 01:11]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-06-20 09:10]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"PE2CKFNT SE"="C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe" [1998-07-03 12:51]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-07-31 15:43]

R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys
R2 spcflt;spcflt;C:\WINDOWS\system32\DRIVERS\spcflt.sys
R2 spcstb;spcstb;C:\WINDOWS\system32\DRIVERS\spcstb.sys

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-09-28 18:00:38 C:\WINDOWS\Tasks\Norton AntiVirus - Analyser mon ordinateur.job"
"2007-09-30 08:14:13 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-10-03 07:28:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
"2007-10-03 10:03:10 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-03 12:04:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-03 12:15:10
C:\ComboFix-quarantined-files.txt ... 2007-10-03 12:14
.
--- E O F ---
Contenus similaires
3 Octobre 2007 12:32:05

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:31:19, on 03/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Fichiers communs\AOL\1182268129\ee\AOLSoftware.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Fichiers communs\AOL\1182268129\ee\aolsoftware.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Fichiers communs\Aol\aoltpspd.exe
C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Nathalie\Local Settings\Temporary Internet Files\Content.IE5\UUJ2727H\HiJackThis_v2[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.selexium.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1182268129\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?c9ad20a0f49144f5ade483ea1bd877c9
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?c9ad20a0f49144f5ade483ea1bd877c9
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.selexium.fr
O16 - DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} (AOL Pictures Uploader Class) - http://o.aolcdn.com/pictures/ap/Resources/2.0.8.98/cab/...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game08.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.fr/online/online2/zuma/oberongamesl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{89E3622A-ABFF-43A6-9F9A-B5B899C679D6}: NameServer = 205.188.146.145
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 10082 bytes
3 Octobre 2007 16:57:46

Bien

Relance un scan HijackThis et coche les lignes ci-dessous :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)

Ferme toutes les fenêtres Windows, Internet explorer, Outlook,sauf le logiciel Hijackthis et clique sur « Fix checked »


Fais une analyse antivirus en ligne sur Kaspersky
http://webscanner.kaspersky.fr/
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse.
Colle son rapport ici.

Aide toi de ce lien.
http://www.infos-du-net.com/forum/267224-11-scan-ligne-...
3 Octobre 2007 22:45:18

ca fait deux fois que je lance kaspersky. le scan reste bloqué à 30% sur le fichier c:\WINDOWS\system32\oobe\msobshel.htm

ca fait plus d'une heure maintenant que ca ne fait plus rien. est ce normal
4 Octobre 2007 16:52:06

Scan details
High danger level (0)

Medium danger level (0)

Low danger level (34)
Cookie/Sextrac... Tracking Cookie Latent Show + Info
D:\Documents and Settings...famille@sextracker[2].txt
Cookie/Casalem... Tracking Cookie Latent Show + Info
D:\Documents and Settings...amille@casalemedia[1].txt
Cookie/Doublec... Tracking Cookie Latent Show + Info
D:\Documents and Settings...amille@doubleclick[2].txt
C:\Documents and Settings...thalie@doubleclick[1].txt
Cookie/Bluestr... Tracking Cookie Latent Show + Info
C:\Documents and Settings...athalie@bluestreak[2].txt
Cookie/Comclic... Tracking Cookie Latent Show + Info
D:\Documents and Settings...@fl01.ct2.comclick[2].txt
Application/Ni... Tracking Application Latent Show + Info
C:\WINDOWS\NirCmd.exe
C:\Documents and Settings...\ComboFix.exe[nircmd.exe]
C:\Documents and Settings...omboFix.exe[nircmd.cfexe]
Cookie/fe.lea.... Tracking Cookie Latent Show + Info
D:\Documents and Settings...mille@fe.lea.lycos[1].txt
Cookie/Sextrac... Tracking Cookie Latent Show + Info
D:\Documents and Settings...ounter2.sextracker[1].txt
Cookie/RealMed... Tracking Cookie Latent Show + Info
D:\Documents and Settings...mille@247realmedia[1].txt
Cookie/Atlas D... Tracking Cookie Latent Show + Info
C:\Documents and Settings...ies\nathalie@atdmt[2].txt
D:\Documents and Settings...kies\famille@atdmt[2].txt
Cookie/FastCli... Tracking Cookie Latent Show + Info
D:\Documents and Settings...\famille@fastclick[1].txt
Adware/MediaAd... Adware Latent Show + Info
D:\Program Files\MeMe\TR.dll
Cookie/Adverti... Tracking Cookie Latent Show + Info
D:\Documents and Settings...amille@advertising[1].txt
Cookie/Tribalf... Tracking Cookie Latent Show + Info
D:\Documents and Settings...mille@tribalfusion[1].txt
Cookie/2o7 Tracking Cookie Latent Show + Info
D:\Documents and Settings...ookies\famille@2o7[2].txt
Cookie/Ccbill Tracking Cookie Latent Show + Info
D:\Documents and Settings...ies\famille@ccbill[2].txt
Cookie/Tradedo... Tracking Cookie Latent Show + Info
C:\Documents and Settings...halie@tradedoubler[2].txt
D:\Documents and Settings...mille@tradedoubler[1].txt
Cookie/Questio... Tracking Cookie Latent Show + Info
D:\Documents and Settings...lle@questionmarket[2].txt
Cookie/Overtur... Tracking Cookie Latent Show + Info
D:\Documents and Settings...s\famille@overture[1].txt
Cookie/Weboram... Tracking Cookie Latent Show + Info
C:\Documents and Settings...\nathalie@weborama[2].txt
D:\Documents and Settings...s\famille@weborama[2].txt
Adware/WhenUSe... Adware Latent Show + Info
D:\Program Files\MyPlayCi...jong\MeMediaSetupInst.exe
Cookie/Zedo Tracking Cookie Latent Show + Info
D:\Documents and Settings...okies\famille@zedo[1].txt
Cookie/Serving... Tracking Cookie Latent Show + Info
D:\Documents and Settings...amille@serving-sys[1].txt
Cookie/YieldMa... Tracking Cookie Latent Show + Info
D:\Documents and Settings...le@ad.yieldmanager[2].txt
Cookie/RealMed... Tracking Cookie Latent Show + Info
D:\Documents and Settings...\famille@realmedia[2].txt
Generic Malwar... Virus Latent Show + Info
D:\Program Files\MeMe\MeMe.exe
Cookie/Adtech Tracking Cookie Latent Show + Info
D:\Documents and Settings...ies\famille@adtech[2].txt
Cookie/Smartad... Tracking Cookie Latent Show + Info
C:\Documents and Settings...alie@smartadserver[2].txt
Cookie/Server.... Tracking Cookie Latent Show + Info
D:\Documents and Settings...ver.iad.liveperson[2].txt
Cookie/Mediapl... Tracking Cookie Latent Show + Info
D:\Documents and Settings...\famille@mediaplex[1].txt
Cookie/Sextrac... Tracking Cookie Latent Show + Info
D:\Documents and Settings...unter15.sextracker[1].txt
Cookie/Serving... Tracking Cookie Latent Show + Info
D:\Documents and Settings...lle@bs.serving-sys[1].txt
Cookie/Webtren... Tracking Cookie Latent Show + Info
D:\Documents and Settings...atse.webtrendslive[1].txt
Cookie/Xiti Tracking Cookie Latent Show + Info
4 Octobre 2007 21:25:23

Bonjour

Supprime
Combofix
D:\Program Files\MeMe
D:\Program Files\MyPlayCi...jong


Télécharge CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le.
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner

Clique sur Options, Avancé et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Ne touche pas aux autres réglages.

Lance le nettoyage.


As tu encore des dysfocntionnements ?
5 Octobre 2007 09:15:25

merci
je n'ai plus de soucis avec les fichiers porno
mon ordi rame encore un peu mais c'est nettement mieux.
merci de ton aide
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS