TROJAN VIRUS???

novice42 · le 24 avril 2008

bonsoir et désolé si ce sujet existe déja mais je sais pas si tous les trojans sont les mème???

je suis un étudiant avec un ordinateur portable, qui me signal certain virus comme:

trojan.elitebar avec comme raport de norton celui ci

Infection :

c:\windows\silent_setup.exe

Base de registres :

HKEY_CLASSES_ROOT\CLSID\{0A1D22C3-37BE-470C-9C29-E3074EE0574B}

HKEY_CLASSES_ROOT\CLSID\{02C20140-76F8-4763-83D5-B660107B7A11}

HKEY_CLASSES_ROOT\CLSID\{02C20140-76F8-4763-83D5-B660107BABCD}

HKEY_CLASSES_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81ABC}

HKEY_CLASSES_ROOT\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81C3A}

HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF}

HKEY_CLASSES_ROOT\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA880F}

HKEY_CLASSES_ROOT\CLSID\{BE8D0059-D24D-4919-B76F-99F4A2203647}

HKEY_CLASSES_ROOT\CLSID\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}

HKEY_CLASSES_ROOT\CLSID\{E2E40140-76F8-4763-83D5-B660107BABCD}

HKEY_CLASSES_ROOT\TypeLib\{8AA59E15-6E81-415C-B299-1ADFB50C8E1A}

HKEY_CLASSES_ROOT\TypeLib\{a74cd7dd-ea6f-11d4-abf3-000102378429}

HKEY_CLASSES_ROOT\Interface\{A74CD7DE-EA6F-11D4-ABF3-000102378429}

HKEY_CLASSES_ROOT\Interface\{A74CD7DF-EA6F-11D4-ABF3-000102378429}

HKEY_CLASSES_ROOT\TypeLib\{CA9FC31A-6F35-4493-B629-E64BD6170A17}

HKEY_CLASSES_ROOT\TypeLib\{DF54D7DD-EA6F-11D4-ABF3-000102378429}

HKEY_CLASSES_ROOT\Interface\{276B0903-EB4B-46FF-8304-F093DEF69DE7}

HKEY_CLASSES_ROOT\Interface\{4AFF987A-773B-48E4-AEE8-08EBDDBDADF8}

HKEY_CLASSES_ROOT\Interface\{A9B28EF6-ABF3-463B-A3D8-4D0D0BADFADC}

HKEY_CLASSES_ROOT\Interface\{CAAB3B3F-E815-47D9-94FD-8BB9143C0077}

HKEY_CLASSES_ROOT\Interface\{DBF33E89-1784-42AC-ADE4-A428F56550A3}

HKEY_CLASSES_ROOT\Interface\{ED646219-20BF-41E5-80FD-EE49021DA599}

HKEY_CLASSES_ROOT\Interface\{DF54D7DE-EA6F-11D4-ABF3-000102378429}

HKEY_CLASSES_ROOT\EliteBar.EliteBarImpl

HKEY_CLASSES_ROOT\EliteBar.EliteBarImpl.1

HKEY_CLASSES_ROOT\EliteBar.Navigator

HKEY_CLASSES_ROOT\EliteBar.Navigator.1

HKEY_CLASSES_ROOT\PLOT.PlotCtrl.1

HKEY_CLASSES_ROOT\CGBand.UICGBandObj.1

HKEY_CLASSES_ROOT\CGBand.UICGBandObj

HKEY_CLASSES_ROOT\CGBand.CGBandObj.1

HKEY_CLASSES_ROOT\CGBand.CGBandObj

HKEY_CLASSES_ROOT\CGBand.BHO.1

HKEY_CLASSES_ROOT\CGBand.BHO

HKEY_LOCAL_MACHINE\Software\Elitum

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED103D9F-3070-4580-AB1E-E5C179C1AE41}

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81ABC}

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81C3A}

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{825CF5BD-8862-4430-B771-0C15C5CA880F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\elitemediagroup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar->{825CF5BD-8862-4430-B771-0C15C5CA8DEF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar->{825CF5BD-8862-4430-B771-0C15C5CA880F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->I downloaded pirated Software from P2P and now I post my Hijack log whining

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->etbrun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->kalvsys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->lsass

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->checkrun

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service62

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service63

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service65

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service66

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service67

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service70

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service72

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service73

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service74

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service75

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service76

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service77

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service78

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run->System Service79

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser->{825CF5BD-8862-4430-B771-0C15C5CA8DEF}

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser->{825CF5BD-8862-4430-B771-0C15C5CA8DEF}

HKEY_USERS\S-1-5-21-2000478354-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser->{825CF5BD-8862-4430-B771-0C15C5CA8DEF}

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser->{825CF5BD-8862-4430-B771-0C15C5CA8DEF}

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser->{825CF5BD-8862-4430-B771-0C15C5CA880F}

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser->{825CF5BD-8862-4430-B771-0C15C5CA880F}

HKEY_USERS\S-1-5-21-2000478354-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser->{825CF5BD-8862-4430-B771-0C15C5CA880F}

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser->{825CF5BD-8862-4430-B771-0C15C5CA880F}

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser->{89796427-6C3D-4710-951F-9DFB0D702DA8}

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser->{89796427-6C3D-4710-951F-9DFB0D702DA8}

HKEY_USERS\S-1-5-21-2000478354-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser->{89796427-6C3D-4710-951F-9DFB0D702DA8}

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser->{89796427-6C3D-4710-951F-9DFB0D702DA8}

HKEY_USERS\S-1-5-19\Software\LQ

HKEY_USERS\S-1-5-20\Software\LQ

HKEY_USERS\S-1-5-21-2000478354-1214440339-682003330-1004\Software\LQ

HKEY_USERS\.DEFAULT\Software\LQ

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer->SearchURL

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer->SearchURL

HKEY_USERS\S-1-5-21-2000478354-1214440339-682003330-1004\Software\Microsoft\Internet Explorer->SearchURL

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer->SearchURL

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main->Error Dlg Details Pane Open

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main->Error Dlg Details Pane Open

HKEY_USERS\S-1-5-21-2000478354-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main->Error Dlg Details Pane Open

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main->Error Dlg Details Pane Open

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main->Error Dlg Displayed on Every Error

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main->Error Dlg Displayed on Every Error

HKEY_USERS\S-1-5-21-2000478354-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main->Error Dlg Displayed on Every Error

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main->Error Dlg Displayed on Every Error

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform->iebar

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Settings->e

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\InternetSettings\User Agent\Post Platform->acc=jocker

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\InternetSettings\User Agent\Post Platform->acc=none

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform->acc=jocker

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform->acc=none

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform->(none)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform->acc=MrDrej

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform->(MrDrej)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform->acc=

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar->{8E718888-423F-11D2-876E-00A0C9082467}:...

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main->Search Bar:http://search.msn.com/spbasic.htm

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main->Search Bar:http://search.msn.com/spbasic.htm

HKEY_USERS\S-1-5-21-2000478354-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main->Search Bar:http://search.msn.com/spbasic.htm

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main->Search Bar:http://search.msn.com/spbasic.htm

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main->Start Page:http://securityresponse.symantec.com/avcenter/fix_homepage/index.html

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main->Start Page:http://securityresponse.symantec.com/avcenter/fix_homepage/index.html

HKEY_USERS\S-1-5-21-2000478354-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main->Start Page:http://securityresponse.symantec.com/avcenter/fix_homepage/index.html

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main->Start Page:http://securityresponse.symantec.com/avcenter/fix_homepage/index.html

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main->Search Page:http://www.microsoft.com/isapi.redir.dll?prd=ie&ar=iesearch

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main->Search Page:http://www.microsoft.com/isapi.redir.dll?prd=ie&ar=iesearch

HKEY_USERS\S-1-5-21-2000478354-1214440339-682003330-1004\Software\Microsoft\Internet Explorer\Main->Search Page:http://www.microsoft.com/isapi.redir.dll?prd=ie&ar=iesearch

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main->Search Page:http://www.microsoft.com/isapi.redir.dll?prd=ie&ar=iesearch

Cache du navigateur

un autre mais non trojan

Cookie :

Cookie:josselin@ad.cibleclick.com/

Cookie:josselin@i2as.idregie.com/

voila j'ai installer ad-aware peut ètre sa va m'aider...

voila comme je ne travaille pas j'aimerai des solutions gratuites si c'est possible...

un grand merci...

Apollo · le 24 avril 2008

Bonsoir,

Télécharge HijackThisV2 sur ton bureau.

Double-clique sur HJTInstall.exe et suis les instructions d'installation.
Tu trouveras un tutoriel pour l'installation et la génération d'un rapport ici: http://cybersecurite.xooit.com/t138-HijackThis-2-0-2.htm
Poste le rapport généré sur le forum.

voila j'ai installer ad-aware peut ètre sa va m'aider...

Pas à grand-chose va!

Préfère-lui celui-ci: http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

Modifié le 24 avril 2008 par Apollo.01

novice42 · le 24 avril 2008

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:46:03, on 24/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe

C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE

C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\dmadmin.exe

C:\Program Files\AntivirusFirewall\Common\FCH32.EXE

C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe

C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe

C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\AntivirusFirewall\Common\FSM32.EXE

C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

C:\WINDOWS\system32\hphmon05.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe

C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Wanadoo\GestionnaireInternet.exe

C:\Program Files\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\Wanadoo\Watch.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe

C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)

O4 - HKLM\..\Run: [rczur] C:\WINDOWS\rczur.exe

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [pFwX7VWpF] C:\WINDOWS\ouampfvw.exe

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HELPER] C:\WINDOWS\system32\temp532.exe -N

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash

O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW

O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot

O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe

O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\AntivirusFirewall\Anti-Spyware\blockpopups.htm

O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll

O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll

O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab

O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/...trolLite_EN.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1168171833640

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE

O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe

O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe

O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe

O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 11663 bytes

voila a quoid sa va servir???

mais merci bien

Apollo · le 24 avril 2008

Re,

Hijackthis nous sert à déterminer s'il y a plusieurs infections, et lesquelles.

Il n'y en a qu'une et on va la liquider illico:

Télécharge AVP Tool et enregistre-le sur ton bureau.

Installe-le en double-cliquant sur Setup_7.0.0.xxx.

-> ftp://ftp.kaspersky.com/devbuilds/AVPTool....2008_22-25.exe

Ignore l'avertissement.Si ta suite de sécurité rouspète, désactive-là un instant pour installer l'outil de désinfection de Kaspersky.

Redémarre le pc en mode sans échec:

Pour faire des analyses en mode sans echec faire comme suit:

Au démarrage ou redémarrage du pc tapoter la touche F8 jusqu'à avoir un écran noir et blanc avec plusieurs options.

A l'aide des flèches de direction du clavier, choisir:mode sans echec et presser la touche ENTER.

Le système sera plus lent et l'écran bizarre, c'est normal.

Faire les analyses avec l'antivirus.

Après ces analyses, redémarrer le pc normalement.

Autre méthode: TUTO SYMANTEC

Ouvre le dossier jaune de Kaspersky sur le bureau: double-clic sur le K rouge setup, coche TOUTES les cases puis clique sur Scan.

A la fin si des objets sont découverts, clique sur Neutralize all.

Clique sur Reports /Save to file --> nomme le fichier texte "Rapport kav" et colle ce rapport dans ta réponse.

Ferme l'outil, on le désinstallera plus tard selon le rapport, il ne doit pas rester sur le pc car il évolue tous les jours!

Après le redémarrage, poste aussi un nouveau log Hijackthis stp.

Désinstallation de l'outil: Ouvrir le dossier de Kaspersky sur le bureau et double-cliquer sur Unins.000

Si erreur de désinstallation, le faire en mode sans échec.

novice42 · le 25 avril 2008

BONJOUR, j'ai fais tous ce que tu as dis mais il ne trouve rien... je l'ai fais 2 fois et a chaque fois rien.

pourtant j'ai suivi tes recommendations a la lettre.

voila le rapport.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:03:23, on 25/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE

C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe

C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe

C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE

C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Maxtor\Sync\SyncServices.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe

C:\Program Files\AntivirusFirewall\Common\FCH32.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE

C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\AntivirusFirewall\Common\FSM32.EXE

C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\WINDOWS\system32\hphmon05.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\dmadmin.exe

C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe

C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\msiexec.exe