Trojan.Hideprocs.B

Re bonjour,
Merci de ta réponse aussi rapide

"> Ensuite, toujours en mode sans échec, fais un rapport

HijackThis: <URL:http://joke0.free.fr/ht.html> et poste-le ici.

Voila :

Logfile of HijackThis v1.99.0
Scan saved at 15:33:34, on 19/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
E:autorun.exe
C:Documents and SettingsLudoBureauhijackthisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Window Title = Internet
Explorer avec Club-Internet
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:Program FilesAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {09CB80C0-EFD2-8E8A-78ED-8E0E960CAEDC} -
C:WINDOWSsystem32winwd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:program filesgooglegoogletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program
filesgooglegoogletoolbar2.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM..Run: [MBM 5] "C:Program FilesMotherboard Monitor 5MBM5.EXE"
O4 - HKLM..Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [DAEMON Tools-1033] "C:Program
ilesD-Toolsdaemon.exe" -lang 1033
O4 - HKLM..Run: [PPMemCheck] C:PROGRA~1PESTPA~1PPMemCheck.exe
O4 - HKLM..Run: [CookiePatrol] C:PROGRA~1PESTPA~1CookiePatrol.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [PestPatrol Control Center]
C:PROGRA~1PESTPA~1PPControl.exe
O4 - HKLM..Run: [MSConfig]
C:WINDOWSPCHealthHelpCtrBinariesMSConfig.exe /auto
O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe"
/background
O4 - Startup: Vade Retro pour Outlook Express.lnk = C:Program FilesGoto
SoftwareVade RetroVaderetro_oe.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:Program
FilesLogitechSetPointKEM.exe
O4 - Global Startup: Raccourci vers BitDefender 8 Professional.lnk =
C:Program FilesSoftwinBitDefender8bdmcon.exe
O8 - Extra context menu item: &Google Search - res://c:program
filesgoogleGoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer -
res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide -
res://C:Program FilesCanonEasy-WebPrintResource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:Program
FilesCanonEasy-WebPrintResource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:Program
FilesCanonEasy-WebPrintResource.dll/RC_Preview.html
O8 - Extra context menu item: Envoyer à &Bluetooth - C:Program
FilesWIDCOMMLogiciel Bluetoothbtsendto_ie_ctx.htm
O8 - Extra context menu item: Pages liées - res://c:program
filesgoogleGoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:program
filesgoogleGoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://c:program filesgoogleGoogleToolbar2.dll/cmcache.html
O9 - Extra button: Créer un Favori de l'appareil mobile -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft
ActiveSyncINetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:Program FilesMicrosoft ActiveSyncINetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:Program FilesMicrosoft
ActiveSyncINetRepl.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} -
C:PROGRA~1ICQICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} -
C:PROGRA~1ICQICQ.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no
file)
O9 - Extra button: @btrez.dll,-4015 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMLogiciel
Bluetoothbtsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 -
{CCA281CA-C863-46ef-9331-5C8D4460577F} - C:Program FilesWIDCOMMLogiciel
Bluetoothbtsendto_ie.htm
O12 - Plugin for .spop: C:Program FilesInternet
ExplorerPluginsNPDocBox.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) -
http://encyclo.voila.fr/JS/tdserver.cab
O16 - DPF: {22A88341-AFCB-45F0-A856-C2BAE74F878E} (InstallX Class) -
http://www.20x2p.com/14cc12cf/enter.cab
O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} -
http://download.rfwnad.com/cab/ddm_control.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags
Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab27571.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus
scanner) -
http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating
System Class) -
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
http://207.188.7.150/275b6225d64c2edf5818/netzip/RdxIE601_fr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093029951359
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility
Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {8EC69950-F299-40AC-A004-3BF5176F8F7B} (FlowScan Control) -
http://www.checkspy.com/fr/FlowScan.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry
Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O23 - Service: ADSLAutoconnect - Unknown - C:Program FilesADSL
AutoconnectADSL Autoconnect.exe
O23 - Service: BitDefender Scan Server - Unknown - C:Program FilesFichiers
communsSoftwinBitDefender Scan Serverbdss.exe
O23 - Service: Bluetooth Service - WIDCOMM, Inc. - C:Program
FilesWIDCOMMLogiciel Bluetoothbinbtwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:WINDOWSSystem32CTSvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique -
Unknown - C:WINDOWSSystem32dmadmin.exe
O23 - Service: Journal des événements - Unknown -
C:WINDOWSsystem32services.exe
O23 - Service: GEARSecurity - GEAR Software -
C:WINDOWSSYSTEM32GEARSEC.EXE
O23 - Service: Service COM de gravage de CD IMAPI - Unknown -
C:WINDOWSSystem32imapi.exe
O23 - Service: InCD File System Service - AHEAD Software - C:Program
FilesAheadInCDInCDsrv.exe
O23 - Service: Iomega App Services - Iomega Corporation -
C:PROGRA~1IomegaSystem32AppServices.exe
O23 - Service: McAfee SecurityCenter Update Manager - Unknown -
C:PROGRA~1McAfee.comAgentmcupdmgr.exe (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting - Unknown -
C:WINDOWSSystem32mnmsrvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:Program
FilesIntelNCSSyncNetSvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation -
C:PROGRA~1NORTON~1NORTON~1NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Plug-and-Play - Unknown - C:WINDOWSsystem32services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance -
Unknown - C:WINDOWSsystem32sessmgr.exe
O23 - Service: Carte à puce - Unknown - C:WINDOWSSystem32SCardSvr.exe
O23 - Service: Speed Disk service - Symantec Corporation -
C:PROGRA~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
O23 - Service: Journaux et alertes de performance - Unknown -
C:WINDOWSsystem32smlogsvc.exe
O23 - Service: Cliché instantané de volume - Unknown -
C:WINDOWSSystem32vssvc.exe
O23 - Service: BitDefender Virus Shield - Unknown - C:Program
FilesSoftwinBitDefender8vsserv.exe
O23 - Service: Carte de performance WMI - Unknown -
C:WINDOWSSystem32wbemwmiapsrv.exe
O23 - Service: BitDefender Communicator - Softwin - C:Program
FilesFichiers communsSoftwinBitDefender Communicatorxcommsvr.exe
O23 - Service: Network Security Service (NSS) - Unknown -
C:WINDOWSsdkei.exe


Merci de ton aide

Salut,

Super_Bonbon:

E:autorun.exe

C'est quoi ça ? C'est normal ?

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
res://C:WINDOWSsystem32otxmx.dll/sp.html#44768

Aie, ton IE est hijacké par une belle saloperie :-(

Pour le virer, tu vas avoir besoin d'être au moins en mode sans
échec et peut-être utiliser:
http://babin.nelly.free.fr/spyware_1.htm
(passage sur Backdoor.Agent.ba)

O2 - BHO: (no name) - {09CB80C0-EFD2-8E8A-78ED-8E0E960CAEDC} -
C:WINDOWSsystem32winwd.dll

Probablement une saloperie. Fais-le scanner ici:
http://virusscan.jotti.dhs.org/

Vire l'entrée et le fichier.

O16 - DPF: {23B7A816-3647-49D2-9756-6F41CE8F9201} -
http://download.rfwnad.com/cab/ddm_control.CAB

Cheval de Troie. A virer.

Depuis le mode sans échec, coche et vire ces entrées. Reboot
toujours en mode sans échec et efface les fichiers détectés:
C:WINDOWSsystem32otxmx.dll
C:WINDOWSsystem32winwd.dll

--
joke0

Bonsoir, j'ai essayé ce soir tout ce que tu m'as indiqué mais ça change
rien....

E:autorun.exe

et concernant cela je ne sais pas... j'utilise deamon tools je sais pas si
c'est cela...


Merci de ton aide et de ta patience....

C'est encore moi,
je viens de m'appercevoir que j'ai ca aussi BehavesLike:Trojan.Downloader
Je crois qu'un formatage s'impose...
Bonne soirée