[virus] cheval de troie
Résolu
funy
Messages postés
4
Statut
Membre
-
j2m-marley -
j2m-marley -
Bonjour a tous
depuis quelque temps des applications du type
exssd.exe ou exhdd.exe exmodul32.j.exe n'arrette pas de demander l'acces a internet ZoneAlarm Pro m'affiche sans cese des messages. J'ai lancer un scan avec avast et aussi avec ewidos mais je n'arrive pas à m'en débarasser je post donc un scan avec HijackThis en espérant que vous pourez m'aider merci
Logfile of HijackThis v1.99.1
Scan saved at 20:41:29, on 24/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\Rar$EX00.583\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - Startup: E3TV Tray App.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
depuis quelque temps des applications du type
exssd.exe ou exhdd.exe exmodul32.j.exe n'arrette pas de demander l'acces a internet ZoneAlarm Pro m'affiche sans cese des messages. J'ai lancer un scan avec avast et aussi avec ewidos mais je n'arrive pas à m'en débarasser je post donc un scan avec HijackThis en espérant que vous pourez m'aider merci
Logfile of HijackThis v1.99.1
Scan saved at 20:41:29, on 24/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\Rar$EX00.583\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - Startup: E3TV Tray App.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:
- [virus] cheval de troie
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Cheval de troie virus comment le supprimer - Télécharger - Antivirus & Antimalwares
9 réponses
bonjour selection cette ligne dans hijack puis clike sur fixed checked
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
ensuite redemare en mode sans eche (redemarrage+tapotte sans arret sur F8 desque l'ordi s'allume)
puis cherche et surpprime le fichier en gras
C:\WINDOWS\system\smss.exe
NB: ne pas confondre avec C:\WINDOWS\System32\smss.exe qui est un fichier system c a dire necessaire au bon fonctionement de windows
vide la corbeille
redemare refait un scan antivirus et dit nous ce que ca donne
@++++
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
ensuite redemare en mode sans eche (redemarrage+tapotte sans arret sur F8 desque l'ordi s'allume)
puis cherche et surpprime le fichier en gras
C:\WINDOWS\system\smss.exe
NB: ne pas confondre avec C:\WINDOWS\System32\smss.exe qui est un fichier system c a dire necessaire au bon fonctionement de windows
vide la corbeille
redemare refait un scan antivirus et dit nous ce que ca donne
@++++
Bonsoir funy, salwa,
je me permets d'intervenir!
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
a+
je me permets d'intervenir!
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
a+
voila j'ai fait tous ce que vous m'avez dit je post donc le log et le rapport de SDFix
Logfile of HijackThis v1.99.1
Scan saved at 13:40:33, on 25/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\Rar$EX00.725\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - Startup: E3TV Tray App.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
voila pour le log hijackthis
passons au rapport de SDFix
SDFix: Version 1.43
-------------------
Scan run on:
Date:25/11/2006 Time:13:25:11,88
Microsoft Windows XP [version 5.1.2600]
Running from C:\SDFix
Stage One - Safe Mode
Checking Services...
Name:
-----
Path:
----
Repairing Registry...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two - Normal Mode
Checking For Malware:
--------------------
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\14exssd32.o.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\37exmodul32f.b.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\38exmodul32f.b.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\39exssd32.o.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\44exssd32.o.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\4exssd32.o.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\52exssd32.o.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\54exmodul32f.b.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\85exmodul32f.b.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\88exmodul32f.b.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\89exmodul32f.b.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\91exssd32.o.exe
C:\WINDOWS\system32\nvsvcd.exe
Backing Up and Removing any Files Found...
Final Check:
Services:
---------
Files:
------
Backups folder: - C:\SDFix\backups\backups.zip
AuthorizedApplication Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\70exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\70exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\74exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\74exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\71exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\71exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\59exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\59exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\99exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\99exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\28exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\28exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\90exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\90exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\79exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\79exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\31exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\31exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\15exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\15exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\52exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\52exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\84exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\84exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\56exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\56exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\75exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\75exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\62exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\62exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\94exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\94exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\33exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\33exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\83exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\83exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\69exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\69exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\87exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\87exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\36exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\36exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\25exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\25exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\58exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\58exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\13exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\13exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\13exmodul32d.2.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\13exmodul32d.2.exe:*:Enabled:Microsoft Update"
"C:\\WINDOWS\\system32\\lxcfcoms.exe"="C:\\WINDOWS\\system32\\lxcfcoms.exe:*:Enabled:730 Series"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\98exinjs.o.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\98exinjs.o.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\92exinjs.o.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\92exinjs.o.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\50exinjs.o.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\50exinjs.o.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exinjs.o.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exinjs.o.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\56exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\56exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\10exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\10exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\12exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\12exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\96exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\96exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\45exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\45exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\20exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\20exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\26exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\26exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\89exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\89exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\64exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\64exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\65exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\65exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\12exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\12exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\50exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\50exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\37exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\37exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\51exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\51exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\6exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\6exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\86exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\86exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\43exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\43exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\20exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\20exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\38exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\38exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\73exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\73exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\34exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\34exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\62exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\62exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\41exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\41exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\97exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\97exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\90exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\90exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\57exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\57exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\47exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\47exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\85exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\85exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\37exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\37exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\89exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\89exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\38exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\38exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\88exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\88exmodul32f.b.exe:*:Enabled:Microsoft Update"
Checking For Hidden Files:
FINISHED
sinon mon scan antivirus n'a rien détecter
ps: les applications se trouvant dans C:\DOCUME~1\Devilsun\LOCALS~1\Temp\... qu'a trouver SDFix je les supprimais tous le temps mais elle revenait
depuis que j'ai fait la manipe en mode sans echec il ne s'en est pas ajouter je vous tient au courent sinon est ce que je doit supprimmer C:\WINDOWS\system32\nvsvcd.exe
merci pour votre aide salwa et didi71
Logfile of HijackThis v1.99.1
Scan saved at 13:40:33, on 25/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\Rar$EX00.725\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.files-ftp.com/~unicorni/phpBB2/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - Startup: E3TV Tray App.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
voila pour le log hijackthis
passons au rapport de SDFix
SDFix: Version 1.43
-------------------
Scan run on:
Date:25/11/2006 Time:13:25:11,88
Microsoft Windows XP [version 5.1.2600]
Running from C:\SDFix
Stage One - Safe Mode
Checking Services...
Name:
-----
Path:
----
Repairing Registry...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two - Normal Mode
Checking For Malware:
--------------------
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\14exssd32.o.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\37exmodul32f.b.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\38exmodul32f.b.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\39exssd32.o.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\44exssd32.o.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\4exssd32.o.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\52exssd32.o.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\54exmodul32f.b.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\85exmodul32f.b.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\88exmodul32f.b.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\89exmodul32f.b.exe
C:\DOCUME~1\Devilsun\LOCALS~1\Temp\91exssd32.o.exe
C:\WINDOWS\system32\nvsvcd.exe
Backing Up and Removing any Files Found...
Final Check:
Services:
---------
Files:
------
Backups folder: - C:\SDFix\backups\backups.zip
AuthorizedApplication Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\70exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\70exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\74exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\74exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\71exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\71exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\59exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\59exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\99exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\99exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\28exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\28exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\90exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\90exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\79exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\79exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\31exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\31exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\15exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\15exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\52exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\52exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\84exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\84exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\56exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\56exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\75exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\75exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\62exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\62exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\94exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\94exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\33exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\33exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\83exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\83exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\69exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\69exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\87exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\87exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\36exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\36exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\25exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\25exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\58exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\58exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\13exmodul32d.1.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\13exmodul32d.1.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\13exmodul32d.2.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\13exmodul32d.2.exe:*:Enabled:Microsoft Update"
"C:\\WINDOWS\\system32\\lxcfcoms.exe"="C:\\WINDOWS\\system32\\lxcfcoms.exe:*:Enabled:730 Series"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\98exinjs.o.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\98exinjs.o.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\92exinjs.o.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\92exinjs.o.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\50exinjs.o.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\50exinjs.o.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exinjs.o.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exinjs.o.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\56exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\56exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\10exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\10exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\12exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\12exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\96exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\96exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\45exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\45exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\20exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\20exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\26exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\26exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\89exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\89exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\64exinjs.p.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\64exinjs.p.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\65exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\65exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\12exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\12exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\50exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\50exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\37exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\37exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\51exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\51exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\6exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\6exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\86exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\86exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\43exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\43exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\20exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\20exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\38exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\38exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\73exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\73exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\34exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\34exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\62exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\62exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\41exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\41exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\97exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\97exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\90exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\90exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\57exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\57exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\47exinjs.q.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\47exinjs.q.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\85exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\85exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\37exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\37exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\89exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\89exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\38exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\38exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\54exmodul32f.b.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\88exmodul32f.b.exe"="C:\\DOCUME~1\\Devilsun\\LOCALS~1\\Temp\\88exmodul32f.b.exe:*:Enabled:Microsoft Update"
Checking For Hidden Files:
FINISHED
sinon mon scan antivirus n'a rien détecter
ps: les applications se trouvant dans C:\DOCUME~1\Devilsun\LOCALS~1\Temp\... qu'a trouver SDFix je les supprimais tous le temps mais elle revenait
depuis que j'ai fait la manipe en mode sans echec il ne s'en est pas ajouter je vous tient au courent sinon est ce que je doit supprimmer C:\WINDOWS\system32\nvsvcd.exe
merci pour votre aide salwa et didi71
Bonjour,
SdFix a bien bossé!
Télécharge clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, suis les consignes.
Poste le rapport qui se trouve ici C:\rapport_clean.txt
a+
SdFix a bien bossé!
Télécharge clean.zip
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier Clean qui se trouve sur ton bureau.
Double-clic sur clean.cmd.
Une fenêtre noire va apparaître, suis les consignes.
Poste le rapport qui se trouve ici C:\rapport_clean.txt
a+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonjour j'ai suivit toutes les étapes car j'ai eu a peu pres le meme probleme parcontre j'obtien des résultats différents sur la fin:
voici le rapport de sdfix:
SDFix: Version 1.61
22/01/2007 - 11:37:10,82
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Path:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Files will be copied to Backups folder and removed:
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\13exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\17exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\23exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\28exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\37exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\43exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\45exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\49exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\63exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\68exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\6exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\71exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\76exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\88exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\90exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\91exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\93exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\96exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\98exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\hdd.z.exe.conf - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\modul32g.3.exe.conf - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\ssd32.a3.exe.conf - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\autorun.inf - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\setup.exe - Deleted
C:\WINDOWS\system\smss.exe - Deleted
Alternate Streams Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"D:\\Call of Duty 2\\CoD2MP_s.exe"="D:\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\sysreset\\mirc.exe"="C:\\sysreset\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\WebMediaPlayer\\WebMediaPlayer.exe"="C:\\Program Files\\WebMediaPlayer\\WebMediaPlayer.exe:*:Enabled:WebMediaPlayer"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\incoming\\wormsarm\\WA.exe"="D:\\incoming\\wormsarm\\WA.exe:*:Enabled:Worms Armageddon"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\NTDETECT.COM
C:\Documents and Settings\jean-michel\Local Settings\Application Data\Microsoft\Messenger\jeanmimi06@hotmail.com\Sharing Folders\kasebonbon@hotmail.com\Thumbs.db
C:\i386\cdplayer.exe.manifest
C:\i386\logonui.exe.manifest
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\i386\077467AA8D.sys
C:\i386\KGyGaAvL.sys
C:\WINDOWS\system32\077467AA8D.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\jean-michel\Application Data\Microsoft\Word\~WRL0005.tmp
Finished
et voici le rapport de clean:
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 22/01/2007 a 11:55:46,12
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\spool\drivers\setup.exe FOUND
"C:\Documents and Settings\All Users\Documents\setup.exe" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
apparament il reste des intrus sur mon pc que douit-je faire ?
merci
voici le rapport de sdfix:
SDFix: Version 1.61
22/01/2007 - 11:37:10,82
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Name:
Path:
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Files will be copied to Backups folder and removed:
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\13exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\17exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\23exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\28exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\37exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\43exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\45exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\49exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\63exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\68exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\6exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\71exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\76exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\88exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\90exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\91exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\93exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\96exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\98exmodul32g.3.exe - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\hdd.z.exe.conf - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\modul32g.3.exe.conf - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\ssd32.a3.exe.conf - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\autorun.inf - Deleted
C:\DOCUME~1\JEAN-M~1\LOCALS~1\Temp\setup.exe - Deleted
C:\WINDOWS\system\smss.exe - Deleted
Alternate Streams Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"="C:\\Program Files\\Windows Media Player\\wmplayer.exe:*:Enabled:Windows Media Player"
"D:\\Call of Duty 2\\CoD2MP_s.exe"="D:\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"C:\\sysreset\\mirc.exe"="C:\\sysreset\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\WebMediaPlayer\\WebMediaPlayer.exe"="C:\\Program Files\\WebMediaPlayer\\WebMediaPlayer.exe:*:Enabled:WebMediaPlayer"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"D:\\incoming\\wormsarm\\WA.exe"="D:\\incoming\\wormsarm\\WA.exe:*:Enabled:Worms Armageddon"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\NTDETECT.COM
C:\Documents and Settings\jean-michel\Local Settings\Application Data\Microsoft\Messenger\jeanmimi06@hotmail.com\Sharing Folders\kasebonbon@hotmail.com\Thumbs.db
C:\i386\cdplayer.exe.manifest
C:\i386\logonui.exe.manifest
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\i386\077467AA8D.sys
C:\i386\KGyGaAvL.sys
C:\WINDOWS\system32\077467AA8D.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\jean-michel\Application Data\Microsoft\Word\~WRL0005.tmp
Finished
et voici le rapport de clean:
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 22/01/2007 a 11:55:46,12
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\spool\drivers\setup.exe FOUND
"C:\Documents and Settings\All Users\Documents\setup.exe" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
apparament il reste des intrus sur mon pc que douit-je faire ?
merci
et voici le résultat apres avoir choisit l'option N°2 suppression ... mais pas en mode sans echec !!!
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 22/01/2007 a 11:55:46,12
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\spool\drivers\setup.exe FOUND
"C:\Documents and Settings\All Users\Documents\setup.exe" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 22/01/2007 a 11:55:46,12
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\spool\drivers\setup.exe FOUND
"C:\Documents and Settings\All Users\Documents\setup.exe" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
pardon voici le bon rapport :
Script execute en mode normal
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 22/01/2007 a 12:02:19,53
Microsoft Windows XP [version 5.1.2600]
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\spool\drivers\setup.exe
tentative de suppression de "C:\Documents and Settings\All Users\Documents\setup.exe"
tentative de suppression de "C:\Program Files\Viewpoint\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
Script execute en mode normal
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 22/01/2007 a 12:02:19,53
Microsoft Windows XP [version 5.1.2600]
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\spool\drivers\setup.exe
tentative de suppression de "C:\Documents and Settings\All Users\Documents\setup.exe"
tentative de suppression de "C:\Program Files\Viewpoint\"
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
bon bein le dernier rapport affiche:
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 22/01/2007 a 12:12:15,84
Microsoft Windows XP [version 5.1.2600]
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
donc j'en déduit que c'est bon
en tout cas merci
Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 22/01/2007 a 12:12:15,84
Microsoft Windows XP [version 5.1.2600]
*** Suppression de fichiers sur C:
*** Suppression des fichiers dans C:\WINDOWS\
*** Suppression des fichiers dans C:\WINDOWS\system32
*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
donc j'en déduit que c'est bon
en tout cas merci
