Win32:Onlinegames-CAZ [Trj]
Résolu/Fermé
manel b
Messages postés
31
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
3 mars 2010
-
6 févr. 2008 à 21:00
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 12 juil. 2009 à 15:27
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 12 juil. 2009 à 15:27
A voir également:
- Win32:Onlinegames-CAZ [Trj]
- Trojan win32 - Forum Virus
- Puabundler win32 - Forum Virus
- Win32:malware-gen ✓ - Forum Virus
- Win32/offercore ✓ - Forum Virus
- Hacktool win32 - Forum Virus
9 réponses
J'ai rencontré moi aussi le problème avec onlinegames-CAZ
voici mes résultats après, clean, SDFix et Hijackthis
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 11/02/2008 a 20:01:32.48
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\UnGins.exe
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
SDFix: Version 1.140
Run by Manue on 11/02/2008 at 20:06
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Manue\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 20:17:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:86,93,08,e1,71,a4,80,43,69,ef,31,75,f0,29,e7,5e,a2,bc,a3,7b,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:5b07bcd2
"s1"=dword:ef0b2ae9
"s2"=dword:3325cf0f
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:86,93,08,e1,71,a4,80,43,69,ef,31,75,f0,29,e7,5e,a2,bc,a3,7b,6a,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 113
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Outbreak\\OutBreak.exe"="C:\\Program Files\\Outbreak\\OutBreak.exe:*:Enabled:Codename: Outbrake"
"C:\\games\\RedFaction\\rf.exe"="C:\\games\\RedFaction\\rf.exe:*:Disabled:Red Faction"
"C:\\Program Files\\Cyanide\\Cycling Manager 4\\Cym2004.exe"="C:\\Program Files\\Cyanide\\Cycling Manager 4\\Cym2004.exe:*:Enabled:Cycling Manager 4"
"C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"="C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe:*:Enabled:Pro Cycling Manager"
"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
"C:\\Documents and Settings\\Manu\\Mes documents\\Ma musique\\Emule4\\eMule\\emule.exe"="C:\\Documents and Settings\\Manu\\Mes documents\\Ma musique\\Emule4\\eMule\\emule.exe:*:Disabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\BMW M3 Challenge\\BMW.exe"="C:\\BMW M3 Challenge\\BMW.exe:*:Enabled:BMW M3 Challenge"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
Remaining Files:
---------------
Files with Hidden Attributes:
Sat 15 Dec 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 12 Feb 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 26 Oct 2006 5,027 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti69.tmp"
Fri 23 Mar 2007 29,184 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP PHARMA\~WRL0752.tmp"
Fri 23 Mar 2007 36,352 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP PHARMA\~WRL2134.tmp"
Fri 23 Mar 2007 26,112 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP PHARMA\~WRL2563.tmp"
Fri 23 Mar 2007 26,112 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP PHARMA\~WRL3303.tmp"
Tue 29 Aug 2006 77,312 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BTS AG PME\~WRL0496.tmp"
Tue 29 Aug 2006 91,648 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BTS AG PME\~WRL0794.tmp"
Tue 29 Aug 2006 43,520 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BTS AG PME\~WRL1207.tmp"
Tue 29 Aug 2006 77,824 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BTS AG PME\~WRL3074.tmp"
Tue 29 Aug 2006 77,824 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BTS AG PME\~WRL3786.tmp"
Sat 25 Feb 2006 108,032 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL0079.tmp"
Thu 8 Jun 2006 48,640 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL0411.tmp"
Sat 25 Feb 2006 75,264 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL0610.tmp"
Sat 25 Feb 2006 75,264 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL0793.tmp"
Mon 20 Feb 2006 29,696 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL1823.tmp"
Sat 25 Feb 2006 58,368 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL2332.tmp"
Sat 25 Feb 2006 108,544 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL2393.tmp"
Sat 25 Feb 2006 112,128 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL2588.tmp"
Sat 25 Feb 2006 113,664 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL3017.tmp"
Sat 25 Feb 2006 108,544 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL3246.tmp"
Sat 25 Feb 2006 108,544 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL3356.tmp"
Sat 25 Feb 2006 108,032 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL3359.tmp"
Sat 25 Feb 2006 73,728 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL3456.tmp"
Sat 25 Feb 2006 76,800 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL3685.tmp"
Sun 11 Dec 2005 90,624 A..H. --- "C:\Documents and Settings\Manue\Mes documents\projet\~WRL3458.tmp"
Sun 11 Dec 2005 90,112 A..H. --- "C:\Documents and Settings\Manue\Mes documents\projet\~WRL3530.tmp"
Sat 14 May 2005 444 ...HR --- "C:\Documents and Settings\Manu\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sun 11 Dec 2005 90,624 A..H. --- "C:\Documents and Settings\Manue\Mes documents\CLE USB\projet\~WRL3458.tmp"
Sun 11 Dec 2005 90,112 A..H. --- "C:\Documents and Settings\Manue\Mes documents\CLE USB\projet\~WRL3530.tmp"
Sat 12 Feb 2005 4,348 A..H. --- "C:\Documents and Settings\Manue\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Fri 22 Sep 2006 20 A..H. --- "C:\Documents and Settings\Manue\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sat 12 Feb 2005 312 A.SH. --- "C:\Documents and Settings\Manue\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Wed 17 Oct 2007 232,960 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP COIFFURE\GESTION\devoirs\~WRL0737.tmp"
Wed 21 Feb 2007 44,544 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP COIFFURE\tp internet\creation entreprise\~WRL0001.tmp"
Thu 22 Feb 2007 45,056 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP COIFFURE\tp internet\creation entreprise\~WRL0005.tmp"
Tue 3 Oct 2006 188,416 ...H. --- "C:\Documents and Settings\Manu\Mes documents\Ma musique\Emule4\eMule\Incoming\~WRL0002.tmp"
Mon 5 Apr 2004 33,280 A..H. --- "C:\Documents and Settings\Manue\Mes documents\CLE USB\ECONOMIE\BTS ECONOMIE\economie d'entreprise\~WRL3372.tmp"
Fri 13 May 2005 24,064 A..H. --- "C:\Documents and Settings\Manue\Mes documents\CLE USB\ECONOMIE\BTS ECONOMIE\sujets bts eco\~WRL0002.tmp"
Finished!
Logfile of HijackThis v1.99.1
Scan saved at 00:00:52, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E730FEAE-0C68-4880-BDF0-BB66FC666D32}: NameServer = 194.117.200.10 194.117.200.15
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
voici mes résultats après, clean, SDFix et Hijackthis
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 11/02/2008 a 20:01:32.48
Microsoft Windows XP [version 5.1.2600]
*** Suppression des fichiers dans C:
*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\UnGins.exe
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe
SDFix: Version 1.140
Run by Manue on 11/02/2008 at 20:06
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Manue\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
Final Check:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-11 20:17:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:86,93,08,e1,71,a4,80,43,69,ef,31,75,f0,29,e7,5e,a2,bc,a3,7b,6a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s0"=dword:5b07bcd2
"s1"=dword:ef0b2ae9
"s2"=dword:3325cf0f
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:86,93,08,e1,71,a4,80,43,69,ef,31,75,f0,29,e7,5e,a2,bc,a3,7b,6a,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 113
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Outbreak\\OutBreak.exe"="C:\\Program Files\\Outbreak\\OutBreak.exe:*:Enabled:Codename: Outbrake"
"C:\\games\\RedFaction\\rf.exe"="C:\\games\\RedFaction\\rf.exe:*:Disabled:Red Faction"
"C:\\Program Files\\Cyanide\\Cycling Manager 4\\Cym2004.exe"="C:\\Program Files\\Cyanide\\Cycling Manager 4\\Cym2004.exe:*:Enabled:Cycling Manager 4"
"C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe"="C:\\Program Files\\Cyanide\\Pro Cycling Manager\\Cym2005.exe:*:Enabled:Pro Cycling Manager"
"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
"C:\\Documents and Settings\\Manu\\Mes documents\\Ma musique\\Emule4\\eMule\\emule.exe"="C:\\Documents and Settings\\Manu\\Mes documents\\Ma musique\\Emule4\\eMule\\emule.exe:*:Disabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\BMW M3 Challenge\\BMW.exe"="C:\\BMW M3 Challenge\\BMW.exe:*:Enabled:BMW M3 Challenge"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Disabled:Firefox"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
Remaining Files:
---------------
Files with Hidden Attributes:
Sat 15 Dec 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Sat 12 Feb 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 26 Oct 2006 5,027 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti69.tmp"
Fri 23 Mar 2007 29,184 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP PHARMA\~WRL0752.tmp"
Fri 23 Mar 2007 36,352 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP PHARMA\~WRL2134.tmp"
Fri 23 Mar 2007 26,112 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP PHARMA\~WRL2563.tmp"
Fri 23 Mar 2007 26,112 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP PHARMA\~WRL3303.tmp"
Tue 29 Aug 2006 77,312 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BTS AG PME\~WRL0496.tmp"
Tue 29 Aug 2006 91,648 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BTS AG PME\~WRL0794.tmp"
Tue 29 Aug 2006 43,520 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BTS AG PME\~WRL1207.tmp"
Tue 29 Aug 2006 77,824 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BTS AG PME\~WRL3074.tmp"
Tue 29 Aug 2006 77,824 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BTS AG PME\~WRL3786.tmp"
Sat 25 Feb 2006 108,032 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL0079.tmp"
Thu 8 Jun 2006 48,640 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL0411.tmp"
Sat 25 Feb 2006 75,264 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL0610.tmp"
Sat 25 Feb 2006 75,264 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL0793.tmp"
Mon 20 Feb 2006 29,696 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL1823.tmp"
Sat 25 Feb 2006 58,368 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL2332.tmp"
Sat 25 Feb 2006 108,544 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL2393.tmp"
Sat 25 Feb 2006 112,128 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL2588.tmp"
Sat 25 Feb 2006 113,664 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL3017.tmp"
Sat 25 Feb 2006 108,544 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL3246.tmp"
Sat 25 Feb 2006 108,544 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL3356.tmp"
Sat 25 Feb 2006 108,032 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL3359.tmp"
Sat 25 Feb 2006 73,728 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL3456.tmp"
Sat 25 Feb 2006 76,800 A..H. --- "C:\Documents and Settings\Manue\Mes documents\droit\~WRL3685.tmp"
Sun 11 Dec 2005 90,624 A..H. --- "C:\Documents and Settings\Manue\Mes documents\projet\~WRL3458.tmp"
Sun 11 Dec 2005 90,112 A..H. --- "C:\Documents and Settings\Manue\Mes documents\projet\~WRL3530.tmp"
Sat 14 May 2005 444 ...HR --- "C:\Documents and Settings\Manu\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sun 11 Dec 2005 90,624 A..H. --- "C:\Documents and Settings\Manue\Mes documents\CLE USB\projet\~WRL3458.tmp"
Sun 11 Dec 2005 90,112 A..H. --- "C:\Documents and Settings\Manue\Mes documents\CLE USB\projet\~WRL3530.tmp"
Sat 12 Feb 2005 4,348 A..H. --- "C:\Documents and Settings\Manue\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Fri 22 Sep 2006 20 A..H. --- "C:\Documents and Settings\Manue\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sat 12 Feb 2005 312 A.SH. --- "C:\Documents and Settings\Manue\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Wed 17 Oct 2007 232,960 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP COIFFURE\GESTION\devoirs\~WRL0737.tmp"
Wed 21 Feb 2007 44,544 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP COIFFURE\tp internet\creation entreprise\~WRL0001.tmp"
Thu 22 Feb 2007 45,056 A..H. --- "C:\Documents and Settings\Manue\Mes documents\BP COIFFURE\tp internet\creation entreprise\~WRL0005.tmp"
Tue 3 Oct 2006 188,416 ...H. --- "C:\Documents and Settings\Manu\Mes documents\Ma musique\Emule4\eMule\Incoming\~WRL0002.tmp"
Mon 5 Apr 2004 33,280 A..H. --- "C:\Documents and Settings\Manue\Mes documents\CLE USB\ECONOMIE\BTS ECONOMIE\economie d'entreprise\~WRL3372.tmp"
Fri 13 May 2005 24,064 A..H. --- "C:\Documents and Settings\Manue\Mes documents\CLE USB\ECONOMIE\BTS ECONOMIE\sujets bts eco\~WRL0002.tmp"
Finished!
Logfile of HijackThis v1.99.1
Scan saved at 00:00:52, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /dropdisc
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E730FEAE-0C68-4880-BDF0-BB66FC666D32}: NameServer = 194.117.200.10 194.117.200.15
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
manel b
Messages postés
31
Date d'inscription
samedi 17 mars 2007
Statut
Membre
Dernière intervention
3 mars 2010
6 févr. 2008 à 21:36
6 févr. 2008 à 21:36
aidez moi svp
Salut,
j'avais le meme probleme,
est-ce que le virus t'as été transmis par le biais d'une clé USB?
moi c'était le cas, j'ai lancé Flash disinfector et je me suis laissé guider
une fois terminé j'ai relancé un scan avast et plus rien, j'espère que c'est bon...
voici le lien pour Flash disinfector
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
j'avais le meme probleme,
est-ce que le virus t'as été transmis par le biais d'une clé USB?
moi c'était le cas, j'ai lancé Flash disinfector et je me suis laissé guider
une fois terminé j'ai relancé un scan avast et plus rien, j'espère que c'est bon...
voici le lien pour Flash disinfector
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
Salut,
J'ai eu le meme probléme que toi. Avast et d'autre anti spyware semblent avoir supprimer le trojan , Mais il restait des gros soucis dans window: je pouvais plus afficher les fichiers cachés.
Au final j'ai reformaté aprés avoir gardé quelques données soignesement scanné.
Bon courage à toi.
++
http://www.commentcamarche.net/forum/affich 4928084 win32 onlinegames caz?page=2#0
J'ai eu le meme probléme que toi. Avast et d'autre anti spyware semblent avoir supprimer le trojan , Mais il restait des gros soucis dans window: je pouvais plus afficher les fichiers cachés.
Au final j'ai reformaté aprés avoir gardé quelques données soignesement scanné.
Bon courage à toi.
++
http://www.commentcamarche.net/forum/affich 4928084 win32 onlinegames caz?page=2#0
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonjour j'ai egalement ce virus sur mon ordi.
j'ai suivi la procédure et voila le rapport d'erreur
Merci de m'indiquer maintenant la marche à suivre..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:53, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
j'ai suivi la procédure et voila le rapport d'erreur
Merci de m'indiquer maintenant la marche à suivre..
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:53, on 13/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
salut,
mon ordi est infecté c'est avast qui m'alerte lors du démarrage de windows (Xp), le message est le suivant :
C:/windows/systeme32/Kavao.dll
Win32olinegames.CIK[trj]
Cheval de troie.
voilà je crois que c'est un spy ? j'ai essayer un scan au démarrage mais ça donne rien.
je vous remercie d'avance.
mon ordi est infecté c'est avast qui m'alerte lors du démarrage de windows (Xp), le message est le suivant :
C:/windows/systeme32/Kavao.dll
Win32olinegames.CIK[trj]
Cheval de troie.
voilà je crois que c'est un spy ? j'ai essayer un scan au démarrage mais ça donne rien.
je vous remercie d'avance.
slim el gharbi
Messages postés
2
Date d'inscription
jeudi 10 avril 2008
Statut
Membre
Dernière intervention
26 avril 2008
26 avril 2008 à 09:38
26 avril 2008 à 09:38
Bonjour à tous et toutes .
Au démarrage de P.C l'antivirus 'avast' m'annonce la découverte d'un virus et m'affiche le rapport suivant:
Nom du fichier= C:\WINDOWS\system32\amvo0.dll
Nom du logiciel malveillant= Win32:OnLineGames-DIK [Trj]
Type de logiciel malveillant= Cheval de Troie
Version VPS= 080424-0, 24/04/2008
Action recommandée= Mettre en quarantaine.
Mais ni l'action recommandé ni la suppression totale du fichier ni même l'utilisation de CCleaner n'aboutissent au résultat souhaité; en effet il parrait que ce virus affecte les dossiers cachés ! au point que windows xp sous lequel je travaille ne peut faire apparaître ces fichiers même en cochant les cases concernées sous le menu 'outils'.
Trouverais-je de l'aide s'il vous plait surtout que ca profitera à tous le monde.
Merci infiniment.
Au démarrage de P.C l'antivirus 'avast' m'annonce la découverte d'un virus et m'affiche le rapport suivant:
Nom du fichier= C:\WINDOWS\system32\amvo0.dll
Nom du logiciel malveillant= Win32:OnLineGames-DIK [Trj]
Type de logiciel malveillant= Cheval de Troie
Version VPS= 080424-0, 24/04/2008
Action recommandée= Mettre en quarantaine.
Mais ni l'action recommandé ni la suppression totale du fichier ni même l'utilisation de CCleaner n'aboutissent au résultat souhaité; en effet il parrait que ce virus affecte les dossiers cachés ! au point que windows xp sous lequel je travaille ne peut faire apparaître ces fichiers même en cochant les cases concernées sous le menu 'outils'.
Trouverais-je de l'aide s'il vous plait surtout que ca profitera à tous le monde.
Merci infiniment.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
12 juil. 2009 à 15:27
12 juil. 2009 à 15:27
le samedi 26 avril 2008 à 09:38:25
je pense qu'il n'attend plus .....
pour ceux qui passerai par la : flash disinfector, RAV antivirus, findykill ... en vire ...
je pense qu'il n'attend plus .....
pour ceux qui passerai par la : flash disinfector, RAV antivirus, findykill ... en vire ...
