un clic malheureux sur MSN - Sécurité - Virus
Ceci répond-il à votre question ? Oui | Non
Se connecter | Inscription
 

Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : un clic malheureux sur MSN
 
cachotier
Profil : IDNaute
Plus d'informations
n°285911
01-03-2008 à 18:28:29

Un fichier ouvert sur msn qui m arrive par le biais d'une conversation et qui se met a vouloir m attribuer des mail sortant avec lequels je n'ai bien sur rien a voir. Resultat, par moment ddes cascade d'alerte symentec qui me bloc l emission de ces mail qui viennent de je ne sais ou, et qui contribus a pour la vie des autres qui sont en contacts avec moi.
Merci bcp de jeter un pt coup d'oeil a mon rapport hijackthis. bon courage.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22:35, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\jvghwf.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Spn2006] C:\WINDOWS\system32\sp.exe
O4 - HKLM\..\Run: [jvghwf] C:\WINDOWS\system32\jvghwf.exe
O4 - HKLM\..\Run: [y] C:\WINDOWS\system32\y.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 0762637421
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1 [...] 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Print Spooler Service (lesp0ayyaa4eo1e) - Unknown owner - C:\WINDOWS\system32\jvghwf.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Fichiers communs\PCSuite\Services\ServiceLayer.exe
O23 - Service: Client de gestion Symantec (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 7363 bytes

Liens

Angeldark
Profil : Helper
Plus d'informations
n°285921
01-03-2008 à 18:39:02

Bonjour,

Désactive tes protections résidentes (antivirus, Spybot...) !

  • Télécharge Combofix (sUBs) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
cachotier
Profil : IDNaute
Plus d'informations
n°285930
01-03-2008 à 18:54:36

ComboFix 08-03-01.3 - Michel 2008-03-01 18:48:05.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.425 [GMT 1:00]
Endroit: C:\Documents and Settings\Michel\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\x64
C:\WINDOWS\system32\y.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))))))
.

2008-02-29 11:31 . 2008-02-29 11:31 192,512 -ra------ C:\WINDOWS\system32\jvghwf.exe
2008-02-29 11:31 . 2008-02-29 11:31 192,512 -ra------ C:\WINDOWS\system32\crkrchmvz.exe
2008-02-29 11:26 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-02-29 11:26 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-02-29 11:26 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-02-29 11:26 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-02-29 11:26 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-02-29 11:26 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-02-29 11:26 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-02-29 11:26 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-02-29 11:19 . 2008-02-29 11:19 <REP> d-------- C:\Ead
2008-02-29 11:19 . 2007-05-08 17:37 753,664 --a------ C:\WINDOWS\system32\sp.exe
2008-02-29 11:19 . 2007-04-25 09:02 41,472 --a------ C:\WINDOWS\system32\hkky.dll
2008-02-29 11:19 . 2007-04-25 09:02 16,896 --a------ C:\WINDOWS\system32\winhkwnd.dll
2008-02-28 09:25 . 2008-02-28 09:28 <REP> d--hs---- C:\Documents and Settings\28022008\txt
2008-02-28 09:25 . 2008-02-28 09:57 <REP> d--hs---- C:\Documents and Settings\28022008\image
2008-02-27 19:23 . 2008-02-27 19:31 <REP> d--hs---- C:\Documents and Settings\27022008\txt
2008-02-27 19:23 . 2008-02-27 21:28 <REP> d--hs---- C:\Documents and Settings\27022008\image
2008-02-27 18:33 . 2008-02-27 18:33 <REP> d-------- C:\Program Files\KSS
2008-02-25 18:02 . 2008-02-25 21:15 <REP> d-------- C:\WINDOWS\system32\Ntf32f
2008-02-25 18:02 . 2008-02-25 21:16 <REP> d-------- C:\WINDOWS\system32\Mwpinf
2008-02-25 18:02 . 2006-01-16 02:58 258 --a------ C:\WINDOWS\system32\Msesys32.ep
2008-02-25 17:45 . 2008-02-25 17:48 <REP> d-------- C:\Documents and Settings\Michel\Application Data\Tor
2008-02-23 17:47 . 2008-03-01 18:48 80,622 --a------ C:\Documents and Settings\Michel\pxorobrg.exe
2008-02-20 19:14 . 2008-02-20 19:14 <REP> d--h----- C:\WINDOWS\PIF
2008-02-10 17:39 . 2008-02-28 11:58 <REP> d-------- C:\Documents and Settings\Michel\Application Data\vlc
2008-02-10 08:33 . 2008-02-10 08:33 <REP> d-------- C:\Program Files\Trend Micro
2008-02-10 00:42 . 2008-02-10 00:42 244 --ah----- C:\sqmnoopt00.sqm
2008-02-10 00:42 . 2008-02-10 00:42 232 --ah----- C:\sqmdata00.sqm
2008-02-09 21:11 . 2007-06-13 14:22 1,122,030 --a------ C:\WINDOWS\ujzhnql.exe
2008-02-02 11:18 . 2008-02-02 11:18 <REP> d-------- C:\Program Files\Fichiers communs\xing shared

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 17:31 --------- d-----w C:\Program Files\eMule
2008-02-28 16:03 --------- d-----w C:\Documents and Settings\Michel\Application Data\CyberLink
2008-02-26 19:50 --------- d-----w C:\Program Files\Google
2008-02-12 18:11 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-02 10:18 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-01-31 17:37 --------- d-----w C:\Program Files\Java
2008-01-30 10:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-27 14:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-01-24 17:21 --------- d-----w C:\Program Files\GenoPro
2008-01-21 10:58 --------- d-----w C:\Program Files\Athan
2008-01-21 10:57 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-20 18:02 --------- d-----w C:\Program Files\ANI
2008-01-20 18:01 --------- d-----w C:\Documents and Settings\Michel\Application Data\InstallShield
2008-01-20 17:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 17:21 --------- d-----w C:\Program Files\Ensemble clavier et souris sans fil Labtec
2008-01-20 08:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth
2008-01-20 06:31 --------- d-----w C:\Program Files\SmartSound Software
2008-01-20 06:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2008-01-20 06:30 --------- d-----w C:\Program Files\DivX
2008-01-20 06:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio
2008-01-20 06:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-01-20 06:20 --------- d-----w C:\Program Files\DIFX
2008-01-20 06:20 --------- d-----w C:\Documents and Settings\Michel\Application Data\PC Suite
2008-01-20 06:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-01-20 06:19 --------- d-----w C:\Program Files\Nokia
2008-01-20 06:19 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-01-20 06:19 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-01-20 06:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
2008-01-19 22:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-01-19 18:40 --------- d-----w C:\Documents and Settings\Michel\Application Data\Roxio
2008-01-19 18:39 --------- d-----w C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Roxio
2008-01-19 18:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Roxio
2008-01-19 18:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-19 18:31 --------- d-----w C:\Program Files\Realtek
2008-01-19 18:25 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-01-19 18:24 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-01-19 18:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sonic
2008-01-19 18:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-01-19 18:23 --------- d-----w C:\Program Files\Roxio
2008-01-19 18:17 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-01-19 18:17 --------- d-----w C:\Documents and Settings\Michel\Application Data\Hewlett-Packard
2008-01-19 18:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Cyberlink
2008-01-19 18:04 --------- d-----w C:\Program Files\CyberLink
2008-01-19 18:02 --------- d-----w C:\Program Files\Digital Photo Navigator 1.5
2008-01-19 17:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-01-19 17:51 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-19 17:51 60,808 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-19 17:51 136,496 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-19 17:51 10,652 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-19 17:51 --------- d-----w C:\Program Files\Symantec
2008-01-19 16:46 --------- d-----w C:\Program Files\Dell
2008-01-15 20:19 --------- d-----w C:\Program Files\Salaat Time
2008-01-15 19:38 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-15 09:30 --------- d-----w C:\Program Files\IVT Corporation
2008-01-15 09:24 --------- d-----w C:\Program Files\Pinnacle
2008-01-15 09:14 --------- d-----w C:\Documents and Settings\michel machet\Application Data\PC Suite
2008-01-15 08:50 --------- d-----w C:\Program Files\D-Link
2008-01-14 22:09 --------- d-----w C:\Program Files\CCleaner
2008-01-14 21:33 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-14 21:24 --------- d-----w C:\Program Files\e-Carte Bleue
2008-01-14 21:17 --------- d-----w C:\Program Files\VideoLAN
2008-01-14 20:53 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-14 20:51 --------- d-----w C:\Program Files\Windows Live
2008-01-14 20:50 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-14 20:43 --------- d-----w C:\Documents and Settings\michel machet\Application Data\MSNInstaller
2008-01-14 20:11 --------- d-----w C:\Program Files\Real
2008-01-14 20:10 --------- d-----w C:\Program Files\Windows Media Components
2008-01-14 20:10 --------- d-----w C:\Program Files\Logitech
2008-01-14 20:10 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-01-14 20:09 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-14 20:06 --------- d-----w C:\Documents and Settings\michel machet\Application Data\Hewlett-Packard
2008-01-14 20:05 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-14 20:02 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-01-09 21:00 --------- d-----w C:\Documents and Settings\test\Application Data\Roxio
2008-01-09 21:00 --------- d-----w C:\Documents and Settings\michel machet\Application Data\Roxio
2008-01-09 21:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Roxio
2008-01-09 21:00 --------- d-----w C:\Documents and Settings\Administrateur.CACHOTIER\Application Data\Roxio
2008-01-09 20:57 --------- d-----w C:\Program Files\Fichiers communs\supportsoft
2008-01-09 20:57 --------- d-----w C:\Program Files\Dell Support Center
2008-01-09 20:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-09 20:50 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
2008-01-09 20:49 --------- d-----w C:\Program Files\Microsoft Works
2008-01-09 20:49 --------- d-----w C:\Program Files\Intel
2008-01-09 20:49 --------- d-----w C:\Documents and Settings\test\Application Data\InstallShield
2008-01-09 20:49 --------- d-----w C:\Documents and Settings\michel machet\Application Data\InstallShield
2008-01-09 20:49 --------- d-----w C:\Documents and Settings\Administrateur.CACHOTIER\Application Data\InstallShield
2008-01-09 20:45 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-01-09 20:44 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

------- Sigcheck -------

bef875af223dbe57f16b4519e3bb74da C:\WINDOWS\explorer.exe
----a-w 1,122,030 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 1,037,312 2007-06-13 13:10:53 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,036,288 2004-08-05 12:00:00 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c--a-w 1,122,030 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-08-06 03:08 115560]
"Spn2006"="C:\WINDOWS\system32\sp.exe" [2007-05-08 17:37 753664]
"jvghwf"="C:\WINDOWS\system32\jvghwf.exe" [2008-02-29 11:31 192512]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-02 11:18 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Activer l'ensemble clavier et souris sans fil Labtec.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Activer l'ensemble clavier et souris sans fil Labtec.lnk
backup=C:\WINDOWS\pss\Activer l'ensemble clavier et souris sans fil Labtec.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2007-01-19 11:49 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
--a------ 2007-09-06 20:25 1003520 C:\Program Files\Athan\Athan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link D-Link Wireless N DWA-140]
--a------ 2007-03-14 18:29 1388544 C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-CLEO]
--a------ 2006-02-07 10:07 200704 C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
--------- 2006-11-22 21:10 151552 C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-07-16 20:45 162584 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-07-16 20:45 142104 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-10-03 12:35 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 12:37 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-07-16 20:45 138008 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-11 00:26 406016 C:\WINDOWS\system32\\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-11-05 12:22 221184 C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-02 11:18 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP]
C:\Program Files\CHRYOPROD\Spy-IT\spy-it.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\DOCUME~1\\Michel\\LOCALS~1\\Temp\\dllhost.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2004-10-11 15:28]
R1 MUsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\MUsbFltr.sys [2005-12-21 21:32]
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2005-12-21 21:31]
R3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
S2 lesp0ayyaa4eo1e;Print Spooler Service;C:\WINDOWS\system32\jvghwf.exe [2008-02-29 11:31]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 12:35]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 18:51:01
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-01 18:52:55
ComboFix-quarantined-files.txt 2008-03-01 17:52:50
.
2008-02-13 08:09:30 --- E O F ---

cachotier
Profil : IDNaute
Plus d'informations
n°285943
01-03-2008 à 19:50:37

angeldark
merci de me tenir au courrant, peut etre es tu tres occupé, ce que je peux comprendre. dois je patienter ou peut etre relancer un sujet???
merci

Angeldark
Profil : Helper
Plus d'informations
n°285949
01-03-2008 à 20:47:06

On ne up qu'après un jour. La procédure arrive :)


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
cachotier
Profil : IDNaute
Plus d'informations
n°285950
01-03-2008 à 20:51:46

ok merci bcp

Angeldark
Profil : Helper
Plus d'informations
n°285951
01-03-2008 à 20:51:52

Re,

Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\jvghwf.exe
C:\WINDOWS\system32\crkrchmvz.exe
C:\WINDOWS\system32\hkky.dll
C:\WINDOWS\system32\winhkwnd.dll

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jvghwf"=-



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.


---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF
cachotier
Profil : IDNaute
Plus d'informations
n°285955
01-03-2008 à 21:09:32

je te signale quand meme que malgré que j ai eteint symentec avant de produire le rapport de combo l anti virus me met un pt message dans une fenetre ou il m invite a faire suivant et qui concerne combofix justement et que j ai ferlé la fenetre san donner suite.
voici le rapport
ComboFix 08-03-01.3 - Michel 2008-03-01 21:01:15.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.600 [GMT 1:00]
Endroit: C:\Documents and Settings\Michel\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michel\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

FILE ::
C:\WINDOWS\system32\crkrchmvz.exe
C:\WINDOWS\system32\hkky.dll
C:\WINDOWS\system32\jvghwf.exe
C:\WINDOWS\system32\winhkwnd.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\crkrchmvz.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-01 to 2008-03-01 ))))))))))))))))))))))))))))))))))))
.

2008-03-01 20:39 . 2008-03-01 20:39 80,622 --a------ C:\Documents and Settings\Michel\pxorobrg.exe
2008-02-29 11:26 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-02-29 11:26 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-02-29 11:26 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-02-29 11:26 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-02-29 11:26 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-02-29 11:26 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-02-29 11:26 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-02-29 11:26 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-02-28 09:25 . 2008-02-28 09:28 <REP> d--hs---- C:\Documents and Settings\28022008\txt
2008-02-28 09:25 . 2008-02-28 09:57 <REP> d--hs---- C:\Documents and Settings\28022008\image
2008-02-27 19:23 . 2008-02-27 19:31 <REP> d--hs---- C:\Documents and Settings\27022008\txt
2008-02-27 19:23 . 2008-02-27 21:28 <REP> d--hs---- C:\Documents and Settings\27022008\image
2008-02-27 18:33 . 2008-02-27 18:33 <REP> d-------- C:\Program Files\KSS
2008-02-25 18:02 . 2008-02-25 21:15 <REP> d-------- C:\WINDOWS\system32\Ntf32f
2008-02-25 18:02 . 2008-02-25 21:16 <REP> d-------- C:\WINDOWS\system32\Mwpinf
2008-02-25 18:02 . 2006-01-16 02:58 258 --a------ C:\WINDOWS\system32\Msesys32.ep
2008-02-25 17:45 . 2008-02-25 17:48 <REP> d-------- C:\Documents and Settings\Michel\Application Data\Tor
2008-02-20 19:14 . 2008-02-20 19:14 <REP> d--h----- C:\WINDOWS\PIF
2008-02-10 17:39 . 2008-02-28 11:58 <REP> d-------- C:\Documents and Settings\Michel\Application Data\vlc
2008-02-10 08:33 . 2008-02-10 08:33 <REP> d-------- C:\Program Files\Trend Micro
2008-02-10 00:42 . 2008-02-10 00:42 244 --ah----- C:\sqmnoopt00.sqm
2008-02-10 00:42 . 2008-02-10 00:42 232 --ah----- C:\sqmdata00.sqm
2008-02-09 21:11 . 2007-06-13 14:22 1,122,030 --a------ C:\WINDOWS\ujzhnql.exe
2008-02-02 11:18 . 2008-02-02 11:18 <REP> d-------- C:\Program Files\Fichiers communs\xing shared

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 17:31 --------- d-----w C:\Program Files\eMule
2008-02-28 16:03 --------- d-----w C:\Documents and Settings\Michel\Application Data\CyberLink
2008-02-26 19:50 --------- d-----w C:\Program Files\Google
2008-02-12 18:11 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-02 10:18 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-01-31 17:37 --------- d-----w C:\Program Files\Java
2008-01-30 10:05 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-27 14:01 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-01-24 17:21 --------- d-----w C:\Program Files\GenoPro
2008-01-21 10:58 --------- d-----w C:\Program Files\Athan
2008-01-21 10:57 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-01-20 18:02 --------- d-----w C:\Program Files\ANI
2008-01-20 18:01 --------- d-----w C:\Documents and Settings\Michel\Application Data\InstallShield
2008-01-20 17:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-20 17:21 --------- d-----w C:\Program Files\Ensemble clavier et souris sans fil Labtec
2008-01-20 08:35 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Bluetooth
2008-01-20 06:31 --------- d-----w C:\Program Files\SmartSound Software
2008-01-20 06:31 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SmartSound Software Inc
2008-01-20 06:30 --------- d-----w C:\Program Files\DivX
2008-01-20 06:28 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle Studio
2008-01-20 06:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Pinnacle
2008-01-20 06:20 --------- d-----w C:\Program Files\DIFX
2008-01-20 06:20 --------- d-----w C:\Documents and Settings\Michel\Application Data\PC Suite
2008-01-20 06:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\PC Suite
2008-01-20 06:19 --------- d-----w C:\Program Files\Nokia
2008-01-20 06:19 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-01-20 06:19 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-01-20 06:19 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Downloaded Installations
2008-01-19 22:47 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\WLInstaller
2008-01-19 18:40 --------- d-----w C:\Documents and Settings\Michel\Application Data\Roxio
2008-01-19 18:39 --------- d-----w C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Roxio
2008-01-19 18:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Roxio
2008-01-19 18:31 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-01-19 18:31 --------- d-----w C:\Program Files\Realtek
2008-01-19 18:25 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-01-19 18:24 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-01-19 18:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Sonic
2008-01-19 18:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\InstallShield
2008-01-19 18:23 --------- d-----w C:\Program Files\Roxio
2008-01-19 18:17 82,380 ----a-w C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-01-19 18:17 --------- d-----w C:\Documents and Settings\Michel\Application Data\Hewlett-Packard
2008-01-19 18:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Cyberlink
2008-01-19 18:04 --------- d-----w C:\Program Files\CyberLink
2008-01-19 18:02 --------- d-----w C:\Program Files\Digital Photo Navigator 1.5
2008-01-19 17:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-01-19 17:51 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-01-19 17:51 60,808 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-01-19 17:51 136,496 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-01-19 17:51 10,652 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-01-19 17:51 --------- d-----w C:\Program Files\Symantec
2008-01-19 16:46 --------- d-----w C:\Program Files\Dell
2008-01-15 20:19 --------- d-----w C:\Program Files\Salaat Time
2008-01-15 19:38 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-15 09:30 --------- d-----w C:\Program Files\IVT Corporation
2008-01-15 09:24 --------- d-----w C:\Program Files\Pinnacle
2008-01-15 09:14 --------- d-----w C:\Documents and Settings\michel machet\Application Data\PC Suite
2008-01-15 08:50 --------- d-----w C:\Program Files\D-Link
2008-01-14 22:09 --------- d-----w C:\Program Files\CCleaner
2008-01-14 21:33 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-14 21:24 --------- d-----w C:\Program Files\e-Carte Bleue
2008-01-14 21:17 --------- d-----w C:\Program Files\VideoLAN
2008-01-14 20:53 --------- d-----w C:\Program Files\MSXML 4.0
2008-01-14 20:51 --------- d-----w C:\Program Files\Windows Live
2008-01-14 20:50 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-14 20:43 --------- d-----w C:\Documents and Settings\michel machet\Application Data\MSNInstaller
2008-01-14 20:11 --------- d-----w C:\Program Files\Real
2008-01-14 20:10 --------- d-----w C:\Program Files\Windows Media Components
2008-01-14 20:10 --------- d-----w C:\Program Files\Logitech
2008-01-14 20:10 --------- d-----w C:\Program Files\Fichiers communs\Logitech
2008-01-14 20:09 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-01-14 20:06 --------- d-----w C:\Documents and Settings\michel machet\Application Data\Hewlett-Packard
2008-01-14 20:05 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-14 20:02 --------- d-----w C:\Program Files\Fichiers communs\Hewlett-Packard
2008-01-09 21:00 --------- d-----w C:\Documents and Settings\test\Application Data\Roxio
2008-01-09 21:00 --------- d-----w C:\Documents and Settings\michel machet\Application Data\Roxio
2008-01-09 21:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Roxio
2008-01-09 21:00 --------- d-----w C:\Documents and Settings\Administrateur.CACHOTIER\Application Data\Roxio
2008-01-09 20:57 --------- d-----w C:\Program Files\Fichiers communs\supportsoft
2008-01-09 20:57 --------- d-----w C:\Program Files\Dell Support Center
2008-01-09 20:56 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-09 20:50 --------- d-----w C:\Program Files\Fichiers communs\Roxio Shared
2008-01-09 20:49 --------- d-----w C:\Program Files\Microsoft Works
2008-01-09 20:49 --------- d-----w C:\Program Files\Intel
2008-01-09 20:49 --------- d-----w C:\Documents and Settings\test\Application Data\InstallShield
2008-01-09 20:49 --------- d-----w C:\Documents and Settings\michel machet\Application Data\InstallShield
2008-01-09 20:49 --------- d-----w C:\Documents and Settings\Administrateur.CACHOTIER\Application Data\InstallShield
2008-01-09 20:45 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-01-09 20:44 --------- d-----w C:\Program Files\MSXML 6.0
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

------- Sigcheck -------

bef875af223dbe57f16b4519e3bb74da C:\WINDOWS\explorer.exe
----a-w 1,122,030 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 1,037,312 2007-06-13 13:10:53 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,036,288 2004-08-05 12:00:00 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c--a-w 1,122,030 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-08-06 03:08 115560]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-02 11:18 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Activer l'ensemble clavier et souris sans fil Labtec.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Activer l'ensemble clavier et souris sans fil Labtec.lnk
backup=C:\WINDOWS\pss\Activer l'ensemble clavier et souris sans fil Labtec.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^hpoddt01.exe.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\hpoddt01.exe.lnk
backup=C:\WINDOWS\pss\hpoddt01.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
--a------ 2007-01-19 11:49 49152 C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Athan]
--a------ 2007-09-06 20:25 1003520 C:\Program Files\Athan\Athan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-05 13:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link D-Link Wireless N DWA-140]
--a------ 2007-03-14 18:29 1388544 C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-CLEO]
--a------ 2006-02-07 10:07 200704 C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA Cleo\ECB-CLEO.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
--------- 2006-11-22 21:10 151552 C:\Program Files\CyberLink\PCM4Everio\EverioService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2007-07-16 20:45 162584 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2007-07-16 20:45 142104 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-10-03 12:35 221184 C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2006-10-03 12:37 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2007-07-16 20:45 138008 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
--a------ 2004-03-11 00:26 406016 C:\WINDOWS\system32\\PSDrvCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
--a------ 2006-11-05 12:22 221184 C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-02 11:18 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XP]
C:\Program Files\CHRYOPROD\Spy-IT\spy-it.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"C:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\eMule\\emule.exe"=

R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-02-08 20:05]
R1 lusbaudio;Microphone USB Logitech;C:\WINDOWS\system32\drivers\OVSound2.sys [2001-08-17 22:05]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2004-10-11 15:28]
R1 MUsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\MUsbFltr.sys [2005-12-21 21:32]
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2005-12-21 21:31]
R3 QCEmerald;QuickCam Web Logitech;C:\WINDOWS\system32\DRIVERS\OVCE.sys [2001-08-17 22:05]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2007-05-29 13:55]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-03-13 12:35]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 21:04:45
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-01 21:06:25
ComboFix-quarantined-files.txt 2008-03-01 20:06:22
.
2008-02-13 08:09:30 --- E O F ---

cachotier
Profil : IDNaute
Plus d'informations
n°285957
01-03-2008 à 21:14:15

voici hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:13:38, on 01/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update