Sujet Précédent Sujet Suivant

Virus Win32:Trojan-gen fichier temp

Résolu/Fermé
lilou30 - 25 juil. 2008 à 17:52
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 27 juil. 2008 à 23:12
Bonjour,
Depuis ce matin avast detecte un virus malgres mes mise en quarantaine il revien tjrs (Win32:Trojan-gen ) apparement il serait situé dans mes fichier temp.
Quelqu'un peut il m'aider a l'éliminer svp.
Je suis sous windows xp
Merci
A voir également:

49 réponses

Précédent
Réponse 21 / 49
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
25 juil. 2008 à 20:35
Pour navilog regarde dans C\

ensuite
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------

= Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
= Appuie sur Y pour commencer le processus de nettoyage.
= Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
= Appuie sur une touche pour redémarrer le PC.
= Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
= Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
= Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
= Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
= Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse
@+
0
Réponse 22 / 49
lilou30
26 juil. 2008 à 12:02
voici le rapport sdfix :
[b]SDFix: Version 1.208 [/b]
Run by Dorine ESTEVE on 26/07/2008 at 11:30

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\DORINE~1\Bureau\sdfix\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\Dorine ESTEVE\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted



Folder C:\Documents and Settings\Dorine ESTEVE\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 11:47:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Disabled:BF1942"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\counter-strike\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\ricochet\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\ricochet\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\condition zero\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\day of defeat\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\day of defeat\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"C:\\Program Files\\eMule\\Emule 0.49a\\eMule\\emule.exe"="C:\\Program Files\\eMule\\Emule 0.49a\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\DORINE~1\Bureau\sdfix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 16 Jun 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Wed 16 Jun 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Wed 16 Jun 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Fri 23 Jun 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 26 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT5.tmp"
Fri 18 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT2.tmp"
Thu 24 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a64132c19ebe83ca2559af592c19614f\BIT4.tmp"
Fri 23 Jun 2006 4,348 ...H. --- "C:\Documents and Settings\Dorine ESTEVE\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 16 Oct 2006 20 A..H. --- "C:\Documents and Settings\Dorine ESTEVE\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 30 Apr 2006 312 A.SH. --- "C:\Documents and Settings\Dorine ESTEVE\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\035933f8200812cad539195e91cbe107\BIT20.tmp"
Fri 11 Aug 2006 154,313 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\087c95038fa0513bb8de57c8b3f3084d\BITC.tmp"
Tue 8 Aug 2006 497,392 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1059f9fa18db5c659dd880c6bde1acd8\BITB.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1369c6d3d1e461b8f6eb4aab4a0a2c8a\BITD.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\15908649fc77adb6fd92a7a9d96363e8\BIT1F.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\175fcb601eafb4c2ac2a80afd20179a4\BIT1D.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\20b3cabb260cb882b3d8b497abda1f71\BIT12.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2188236ebfb773be9367bf47c988d6f4\BIT28.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2922e248dc4a80f30a47f8b5c778e508\BIT1C.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2ffcd6f975143621cd7ba191a25e7dee\BIT19.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\395d7c487b907ace6e3ab1717abb0401\BITC.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3dadfa52ea2998e88c1462cf025da476\BITE.tmp"
Tue 8 Aug 2006 165,562 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3ddfb8dcfb7fd1af11fe6b9f8854ab88\BITA.tmp"
Tue 8 Aug 2006 484,080 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4042804c2a776995a3f497dfcca87fe6\BIT8.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\46b6215de5d83b8828fa6f76b79196ef\BIT17.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\652df4481e78cf8db95f337e5e6fd06c\BIT26.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6b5f484130e76f990053cd368ea0c649\BIT29.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7551d9aad32dabb2ef3aa5108dd69f4c\BIT1E.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\813393cacabba48c35f9d086fb3055ff\BITF.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8a7f7c98df0a30ead57d10a0a13cfc46\BITB.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\92187aedab601bb25548bba6adc50cc9\BIT2B.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\96323f4b2477b2d772cfb04f3513215f\BIT23.tmp"
Tue 8 Aug 2006 155,904 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\967887277fa6d2b1bc642d5a1b513174\BIT9.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e754582377d850e2164a4adca20caa\BIT11.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\98091b7e393d32343cd6ee6419786bb1\BIT13.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\982e3592e6cb28f674d1d6319523b1b9\BIT22.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9d141fe443dceca575dc6e6f2f0eca89\BITE.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a1a09926ba55692e4bb839d62c2c1e21\BITD.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a42f4d4aec80f787c077283561db7334\BIT25.tmp"
Sun 6 Aug 2006 496,368 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a784624f51e504c24fcaaa117668f3b6\BIT2.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a9e93f8b9968640870c66d6cd37b81d2\BIT2A.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b2b9feec5d877dde28227c507e3c9f03\BIT16.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bec6ccdc2e87326a059fbc24a1ba98c2\BIT24.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c40c0e3d7dcfb5be7fb7777a31340af0\BIT11.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ce8dd34f24716c36effd4f314c91c35b\BIT10.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d34105cbc07cfc82a840c12d5e028679\BIT27.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d50db80046c205ad16f51b74e13487ba\BIT1B.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d8661e60d3aee3a77c6330f550a29252\BIT12.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\de3f6fa0352b869c41bbf510291a7322\BIT10.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\eb54cd851acca1509d7ffb5dc4f80842\BIT14.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f3e7858db8ebf255ea0c4b70d83969b2\BIT1A.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fda4a07ab7a56c6d4616537d15334ad6\BIT15.tmp"
Tue 8 Aug 2006 2,279,464 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1359cbc518ec3489223bb9aca1694d61\download\BIT32.tmp"
Tue 8 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5d517eaaa9133b0aeaba239b1f097b26\download\BIT3.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\602bff9cd5e4a4e7039bbbe857eb7ff2\download\BIT3.tmp"

[b]Finished![/b]
0
Réponse 23 / 49
lilou30
26 juil. 2008 à 12:02
voici le rapport sdfix :
[b]SDFix: Version 1.208 [/b]
Run by Dorine ESTEVE on 26/07/2008 at 11:30

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\DORINE~1\Bureau\sdfix\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\Dorine ESTEVE\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted



Folder C:\Documents and Settings\Dorine ESTEVE\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 11:47:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Disabled:BF1942"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\counter-strike\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\ricochet\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\ricochet\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\condition zero\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\day of defeat\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\day of defeat\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"C:\\Program Files\\eMule\\Emule 0.49a\\eMule\\emule.exe"="C:\\Program Files\\eMule\\Emule 0.49a\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\DORINE~1\Bureau\sdfix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 16 Jun 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Wed 16 Jun 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Wed 16 Jun 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Fri 23 Jun 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 26 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT5.tmp"
Fri 18 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT2.tmp"
Thu 24 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a64132c19ebe83ca2559af592c19614f\BIT4.tmp"
Fri 23 Jun 2006 4,348 ...H. --- "C:\Documents and Settings\Dorine ESTEVE\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 16 Oct 2006 20 A..H. --- "C:\Documents and Settings\Dorine ESTEVE\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 30 Apr 2006 312 A.SH. --- "C:\Documents and Settings\Dorine ESTEVE\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\035933f8200812cad539195e91cbe107\BIT20.tmp"
Fri 11 Aug 2006 154,313 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\087c95038fa0513bb8de57c8b3f3084d\BITC.tmp"
Tue 8 Aug 2006 497,392 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1059f9fa18db5c659dd880c6bde1acd8\BITB.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1369c6d3d1e461b8f6eb4aab4a0a2c8a\BITD.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\15908649fc77adb6fd92a7a9d96363e8\BIT1F.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\175fcb601eafb4c2ac2a80afd20179a4\BIT1D.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\20b3cabb260cb882b3d8b497abda1f71\BIT12.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2188236ebfb773be9367bf47c988d6f4\BIT28.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2922e248dc4a80f30a47f8b5c778e508\BIT1C.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2ffcd6f975143621cd7ba191a25e7dee\BIT19.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\395d7c487b907ace6e3ab1717abb0401\BITC.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3dadfa52ea2998e88c1462cf025da476\BITE.tmp"
Tue 8 Aug 2006 165,562 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3ddfb8dcfb7fd1af11fe6b9f8854ab88\BITA.tmp"
Tue 8 Aug 2006 484,080 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4042804c2a776995a3f497dfcca87fe6\BIT8.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\46b6215de5d83b8828fa6f76b79196ef\BIT17.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\652df4481e78cf8db95f337e5e6fd06c\BIT26.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6b5f484130e76f990053cd368ea0c649\BIT29.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7551d9aad32dabb2ef3aa5108dd69f4c\BIT1E.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\813393cacabba48c35f9d086fb3055ff\BITF.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8a7f7c98df0a30ead57d10a0a13cfc46\BITB.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\92187aedab601bb25548bba6adc50cc9\BIT2B.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\96323f4b2477b2d772cfb04f3513215f\BIT23.tmp"
Tue 8 Aug 2006 155,904 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\967887277fa6d2b1bc642d5a1b513174\BIT9.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e754582377d850e2164a4adca20caa\BIT11.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\98091b7e393d32343cd6ee6419786bb1\BIT13.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\982e3592e6cb28f674d1d6319523b1b9\BIT22.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9d141fe443dceca575dc6e6f2f0eca89\BITE.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a1a09926ba55692e4bb839d62c2c1e21\BITD.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a42f4d4aec80f787c077283561db7334\BIT25.tmp"
Sun 6 Aug 2006 496,368 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a784624f51e504c24fcaaa117668f3b6\BIT2.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a9e93f8b9968640870c66d6cd37b81d2\BIT2A.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b2b9feec5d877dde28227c507e3c9f03\BIT16.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bec6ccdc2e87326a059fbc24a1ba98c2\BIT24.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c40c0e3d7dcfb5be7fb7777a31340af0\BIT11.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ce8dd34f24716c36effd4f314c91c35b\BIT10.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d34105cbc07cfc82a840c12d5e028679\BIT27.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d50db80046c205ad16f51b74e13487ba\BIT1B.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d8661e60d3aee3a77c6330f550a29252\BIT12.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\de3f6fa0352b869c41bbf510291a7322\BIT10.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\eb54cd851acca1509d7ffb5dc4f80842\BIT14.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f3e7858db8ebf255ea0c4b70d83969b2\BIT1A.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fda4a07ab7a56c6d4616537d15334ad6\BIT15.tmp"
Tue 8 Aug 2006 2,279,464 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1359cbc518ec3489223bb9aca1694d61\download\BIT32.tmp"
Tue 8 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5d517eaaa9133b0aeaba239b1f097b26\download\BIT3.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\602bff9cd5e4a4e7039bbbe857eb7ff2\download\BIT3.tmp"

[b]Finished![/b]
0
Réponse 24 / 49
lilou30
26 juil. 2008 à 12:02
voici le rapport sdfix :
[b]SDFix: Version 1.208 [/b]
Run by Dorine ESTEVE on 26/07/2008 at 11:30

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\DORINE~1\Bureau\sdfix\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Documents and Settings\Dorine ESTEVE\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com\settings.sol - Deleted



Folder C:\Documents and Settings\Dorine ESTEVE\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.redtube.com - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 11:47:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Disabled:BF1942"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\muzapp.exe"="C:\\WINDOWS\\system32\\muzapp.exe:*:Enabled:MUZ AOD APP player"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\counter-strike\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\ricochet\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\ricochet\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\condition zero\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\day of defeat\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\gourdanak\\day of defeat\\hl.exe:*:Disabled:Half-Life Launcher"
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"C:\\Program Files\\eMule\\Emule 0.49a\\eMule\\emule.exe"="C:\\Program Files\\eMule\\Emule 0.49a\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\DORINE~1\Bureau\sdfix\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 16 Jun 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Wed 16 Jun 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Wed 16 Jun 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Fri 23 Jun 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 26 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT5.tmp"
Fri 18 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT2.tmp"
Thu 24 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a64132c19ebe83ca2559af592c19614f\BIT4.tmp"
Fri 23 Jun 2006 4,348 ...H. --- "C:\Documents and Settings\Dorine ESTEVE\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 16 Oct 2006 20 A..H. --- "C:\Documents and Settings\Dorine ESTEVE\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sun 30 Apr 2006 312 A.SH. --- "C:\Documents and Settings\Dorine ESTEVE\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\035933f8200812cad539195e91cbe107\BIT20.tmp"
Fri 11 Aug 2006 154,313 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\087c95038fa0513bb8de57c8b3f3084d\BITC.tmp"
Tue 8 Aug 2006 497,392 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1059f9fa18db5c659dd880c6bde1acd8\BITB.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1369c6d3d1e461b8f6eb4aab4a0a2c8a\BITD.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\15908649fc77adb6fd92a7a9d96363e8\BIT1F.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\175fcb601eafb4c2ac2a80afd20179a4\BIT1D.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\20b3cabb260cb882b3d8b497abda1f71\BIT12.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2188236ebfb773be9367bf47c988d6f4\BIT28.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2922e248dc4a80f30a47f8b5c778e508\BIT1C.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2ffcd6f975143621cd7ba191a25e7dee\BIT19.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\395d7c487b907ace6e3ab1717abb0401\BITC.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3dadfa52ea2998e88c1462cf025da476\BITE.tmp"
Tue 8 Aug 2006 165,562 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\3ddfb8dcfb7fd1af11fe6b9f8854ab88\BITA.tmp"
Tue 8 Aug 2006 484,080 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\4042804c2a776995a3f497dfcca87fe6\BIT8.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\46b6215de5d83b8828fa6f76b79196ef\BIT17.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\652df4481e78cf8db95f337e5e6fd06c\BIT26.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6b5f484130e76f990053cd368ea0c649\BIT29.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\7551d9aad32dabb2ef3aa5108dd69f4c\BIT1E.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\813393cacabba48c35f9d086fb3055ff\BITF.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\8a7f7c98df0a30ead57d10a0a13cfc46\BITB.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\92187aedab601bb25548bba6adc50cc9\BIT2B.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\96323f4b2477b2d772cfb04f3513215f\BIT23.tmp"
Tue 8 Aug 2006 155,904 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\967887277fa6d2b1bc642d5a1b513174\BIT9.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e754582377d850e2164a4adca20caa\BIT11.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\98091b7e393d32343cd6ee6419786bb1\BIT13.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\982e3592e6cb28f674d1d6319523b1b9\BIT22.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\9d141fe443dceca575dc6e6f2f0eca89\BITE.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a1a09926ba55692e4bb839d62c2c1e21\BITD.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a42f4d4aec80f787c077283561db7334\BIT25.tmp"
Sun 6 Aug 2006 496,368 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a784624f51e504c24fcaaa117668f3b6\BIT2.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a9e93f8b9968640870c66d6cd37b81d2\BIT2A.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b2b9feec5d877dde28227c507e3c9f03\BIT16.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bec6ccdc2e87326a059fbc24a1ba98c2\BIT24.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c40c0e3d7dcfb5be7fb7777a31340af0\BIT11.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\ce8dd34f24716c36effd4f314c91c35b\BIT10.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d34105cbc07cfc82a840c12d5e028679\BIT27.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d50db80046c205ad16f51b74e13487ba\BIT1B.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d8661e60d3aee3a77c6330f550a29252\BIT12.tmp"
Thu 10 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\de3f6fa0352b869c41bbf510291a7322\BIT10.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\eb54cd851acca1509d7ffb5dc4f80842\BIT14.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\f3e7858db8ebf255ea0c4b70d83969b2\BIT1A.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\fda4a07ab7a56c6d4616537d15334ad6\BIT15.tmp"
Tue 8 Aug 2006 2,279,464 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1359cbc518ec3489223bb9aca1694d61\download\BIT32.tmp"
Tue 8 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5d517eaaa9133b0aeaba239b1f097b26\download\BIT3.tmp"
Sun 6 Aug 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\602bff9cd5e4a4e7039bbbe857eb7ff2\download\BIT3.tmp"

[b]Finished![/b]
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 49
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
26 juil. 2008 à 12:10
Bonjour

très bien

refais un nouveau rapport HijackThis
et as tu trouver le rapport de navilog ?
0
Réponse 26 / 49
lilou30
26 juil. 2008 à 12:19
Est ce que le rapport navilog pourrai etre ça?

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-26 11:47:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
0
Réponse 27 / 49
Malan
26 juil. 2008 à 12:19
Il faut m'aidé à débloquer.
Sur mon ordinateur;windows demarre mais ce fameux virus vert apparait sur l'écran et bloque le systeme.
0
Réponse 28 / 49
lilou30
26 juil. 2008 à 12:22
rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:20:17, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (file missing)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [vkvthws] c:\documents and settings\dorine esteve\local settings\application data\vkvthws.exe vkvthws
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Registration Silent Hunter III.LNK = C:\Program Files\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://dorine013.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://roxypalace.microgaming.com/roxypalacefr/FlashAX.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
0
Réponse 29 / 49
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
26 juil. 2008 à 12:41
Tu as garder navilog sur ton Bureau

si oui relance le avec l'option 1 stp et poste le résultat
0
Réponse 30 / 49
lilou30
26 juil. 2008 à 12:57
Voici le rapport navilog option 1 que je viens de faire

Search Navipromo version 3.6.1 commencé le 26/07/2008 à 12:43:35,95

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Dorine ESTEVE"

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***

Favorit

*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Dorine ESTEVE\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Dorine ESTEVE\locals~1\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\Dorine ESTEVE\menudm~1\progra~1" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier Navipromo trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\Dorine ESTEVE\locals~1\applic~1" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\Dorine ESTEVE\locals~1\applic~1" :

vkvthws.dat trouvé !
vkvthws_nav.dat trouvé !
vkvthws_navps.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !
Certificat Electronic-Group trouvé !
Certificat OOO-Favorit trouvé !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 26/07/2008 à 12:56:20,26 ***
0
Réponse 31 / 49
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
26 juil. 2008 à 13:38
Il faut passer navilog en option 2 et poste le rapport stp
0
Réponse 32 / 49
lilou30
26 juil. 2008 à 13:49
Rapport navilog option 2 :

Clean Navipromo version 3.6.1 commencé le 26/07/2008 à 13:40:21,56

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Dorine ESTEVE"

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS

Mode suppression automatique
avec prise en charge résultats Catchme et GNS


Nettoyage exécuté au redémarrage de l'ordinateur


*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans "C:\WINDOWS\System32" *


* Suppression dans "C:\Documents and Settings\Dorine ESTEVE\locals~1\applic~1" *



*** Suppression dossiers dans "C:\WINDOWS" ***


*** Suppression dossiers dans "C:\Program Files" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***


*** Suppression dossiers dans "c:\docume~1\alluse~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Dorine ESTEVE\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Dorine ESTEVE\locals~1\applic~1" ***


*** Suppression dossiers dans "C:\Documents and Settings\Dorine ESTEVE\menudm~1\progra~1" ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Dorine ESTEVE\locals~1\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans "C:\WINDOWS\system32" *


* Dans "C:\Documents and Settings\Dorine ESTEVE\locals~1\applic~1" *


vkvthws.dat trouvé !
Copie vkvthws.dat réalisée avec succès !
vkvthws.dat supprimé !

vkvthws_nav.dat trouvé !
Copie vkvthws_nav.dat réalisée avec succès !
vkvthws_nav.dat supprimé !

vkvthws_navps.dat trouvé !
Copie vkvthws_navps.dat réalisée avec succès !
vkvthws_navps.dat supprimé !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !
Certificat Sunny-Day-Design-Ltdt absent !

*** Nettoyage terminé le 26/07/2008 à 13:46:00,79 ***
0
Réponse 33 / 49
lilou30
26 juil. 2008 à 13:58
Au fait je sais pas si c'est important mais le virus est mis en quarantaine dans avast
ca change quelque chose?
0
Réponse 34 / 49
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
26 juil. 2008 à 14:40
On verra à la fin

refais un nouveau rapport HijackThis stp
0
Réponse 35 / 49
lilou30
26 juil. 2008 à 14:44
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:44:06, on 26/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (file missing)
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Registration Silent Hunter III.LNK = C:\Program Files\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://dorine013.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://roxypalace.microgaming.com/roxypalacefr/FlashAX.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
0
Réponse 36 / 49
lilou30
27 juil. 2008 à 12:22
et maintenant je fais quoi?
merci
0
Réponse 37 / 49
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
27 juil. 2008 à 19:50
Bonjour

Relance hijack et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://roxypalace.microgaming.com/roxypalacefr/FlashAX.cab
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe


Une fois coché, ferme toutes les fenêtres et applications et clique sur "Fix checked"


ensuite

fait un scan en ligne

avec bitdefender et colle le rapport ( le scan peut être long)

https://www.bitdefender.com/toolbox/

Scan à faire sous Internet Explorer

un tuto
http://pageperso.aol.fr/rginformatique/mapage/defender.htm

ensuite un nouveau rapport hijack stp
@+
0
Réponse 38 / 49
lilou30
27 juil. 2008 à 20:06
apres avoir cliqué sur Fix checked"
on me demande de redemarrer mon ordi afin que les nouveaux parametre soit pris en compte (je le redemarre?)
0
Réponse 39 / 49
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
27 juil. 2008 à 21:10
oui tu peux le faire ;)
0
Réponse 40 / 49
lilou30
27 juil. 2008 à 21:23
voici le rapport de bitdefender : BitDefender Online Scanner - Rapport virus en temps réel
Généré à: Sun, Jul 27, 2008 - 21:19:36
--------------------------------------------------------------------------------
Info d'analyse
Fichiers scannés 142696
Infectés Fichiers 0

Virus Détectés Aucun virus trouvé.

------------------------------------------------------
et voici le rapport de hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:04, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?sourceid=navclient&hl=fr&ie=UTF-8&gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMult.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: AutoTBar.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: AutoTBar.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Registration Silent Hunter III.LNK = C:\Program Files\Ubisoft\SilentHunterIII\Support\Register\RegistrationReminder.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://dorine013.spaces.live.com/PhotoUpload/MsnPUpld.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
infecté par HackTool:Win32/AutoKMS
fredo1968 -
fredo1968 -

5 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses