cheval de troie C/WINDOWS/SYSTEME32/TEMP2EXE

Question

slt j'ai un virus de type cheval de troie   C:/ WINDOWS/SYSTEME32/TEMP2EXE                                                                              WIN 32:SMALL-ABY tlj

green day · Answer

Salut


Télécharge ceci sur ton bureau :

Lien : hijackthis

Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm

Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.

++

green day · Answer

re
 
oups !  désolée, erreur de manip :

 voici le lien pour le télécharger :hijackthis

 Soit le bienvenu ;-)

@+

drd · Answer

merci, je viens de shooter 3 trojan et maintenant tout tourne nicquel.

rfb · Answer

slt, moi aussi j arrive pas a virer ses trojan de mon pc ?si tu peut m aidre merci d avance

green day · Answer

Salut

 poste un hijack stp

++

rfb · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:58:21, on 03/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [PeerFactor] "C:\Documents and Settings\farid\Bureau\PeerFactor[1].exe" 0
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\DOCUME~1\farid\LOCALS~1\Temp\E_S2D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.cognacqjayimage.com/en/homepage/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113983435781
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

green day · Answer

salut

Télécharge ceci: (by Moe) : 

http://sosvirus.changelog.fr/Green_day/Lopxpsetup.exe 

Double clic sur Lopxpsetup.exe pour lancer l'installation 
Au menu, choisir l'option 1 
Patienter jusqu'à que l'on demande d'appuyer sur une touche, appuyer ! 
Une rapport sera alors crée, à copie/colle en entier sur le forum. 


++

rfb · Answer

Rapport Lopxp fait le 03/11/2007 à 23:28:30

Exécuté dans : C:\Program Files\Lopxp

___________________________________________________________________________

[Threads Internet Explorer]




___________________________________________________________________________

[Tâches planifiées]


C:\WINDOWS	asks\MP Scheduled Scan.job 

Fichier exécuté :  C\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges
Tâche crée le : 05/10/2007 à 00:07
Dernière modification le : 03/11/2007 à 20:51


C:\WINDOWS	asks\Symantec NetDetect.job 

Fichier exécuté :  C\Program Files\Symantec\LiveUpdate\NDETECT.EXE 
Tâche crée le : 14/12/2006 à 22:47
Dernière modification le : 03/11/2007 à 20:50


C:\WINDOWS	asks\Vérifier les mises à jour de Windows Live Toolbar.job 

Fichier exécuté :  C\Program Files\Windows Live Toolbar\MSNTBUP.EXE 



___________________________________________________________________________

[Listing des dossiers Application Data]


Cr = Date Création | Mo = Date Modification


C:\Documents and Settings\Administrateur\Application Data

Cr: 14/10/2007 00:05:19 | Mo: 19/04/2005 17:58:49 - - Identities
Cr: 14/10/2007 00:05:19 | Mo: 14/10/2007 00:08:26 - - Microsoft
Cr: 14/10/2007 00:05:18 | Mo: 20/04/2005 08:38:58 - - OFFICE One v6

C:\Documents and Settings\Administrateur\Local Settings\Application Data

Cr: 14/10/2007 00:05:18 | Mo: 14/10/2007 00:10:46 - - Microsoft

C:\Documents and Settings\All Users\Application Data

Cr: 03/12/2006 03:01:17 | Mo: 03/12/2006 03:21:57 - - ACD Systems
Cr: 19/09/2007 23:43:18 | Mo: 19/09/2007 23:43:18 - - Adobe
Cr: 20/04/2005 08:43:18 | Mo: 20/04/2005 08:43:18 - - CyberLink
Cr: 30/09/2006 21:06:34 | Mo: 11/10/2006 21:43:28 - - GamesBar
Cr: 02/12/2006 23:45:18 | Mo: 03/11/2007 09:43:01 - - Google
Cr: 03/05/2007 22:21:36 | Mo: 03/11/2007 20:49:30 - - Kaspersky Lab
Cr: 19/04/2005 19:44:56 | Mo: 05/10/2007 00:03:55 - - Microsoft
Cr: 03/12/2006 03:04:48 | Mo: 03/12/2006 03:04:48 - - QuickTime
Cr: 13/12/2006 11:32:26 | Mo: 21/04/2007 12:54:23 - - Symantec
Cr: 10/05/2007 17:37:02 | Mo: 10/05/2007 17:37:22 - - TEMP
Cr: 02/01/2007 22:56:10 | Mo: 02/01/2007 22:59:20 - - UDL
Cr: 08/03/2006 17:15:06 | Mo: 08/03/2006 17:15:06 - - Viewpoint
Cr: 16/03/2007 12:34:58 | Mo: 24/03/2007 10:36:59 - - WholeSecurity
Cr: 04/08/2006 11:06:51 | Mo: 04/08/2006 11:06:51 - - Windows Genuine Advantage
Cr: 15/10/2007 12:15:17 | Mo: 15/10/2007 12:15:17 - - Windows Live Toolbar
Cr: 19/12/2006 13:42:24 | Mo: 19/12/2006 13:42:24 - - Yahoo!
Cr: 11/12/2006 21:52:52 | Mo: 11/12/2006 21:54:14 - - Yahoo! Companion

C:\Documents and Settings\farid\Application Data

Cr: 07/09/2005 08:59:33 | Mo: 07/09/2005 08:59:33 - - Adobe
Cr: 20/09/2007 00:02:10 | Mo: 20/09/2007 00:02:10 - - AdobeUM
Cr: 06/05/2007 22:06:32 | Mo: 06/05/2007 23:13:23 - - Ahead
Cr: 08/03/2006 17:15:08 | Mo: 08/03/2006 17:15:08 - - Aim
Cr: 01/03/2007 22:26:37 | Mo: 01/03/2007 22:26:37 - - COWON
Cr: 07/09/2005 09:02:13 | Mo: 07/09/2005 09:02:13 - - Creative
Cr: 12/06/2005 22:31:44 | Mo: 12/06/2005 22:31:44 - - CyberLink
Cr: 01/09/2005 19:04:23 | Mo: 01/09/2005 19:04:23 - - eConf
Cr: 16/03/2007 12:40:20 | Mo: 16/03/2007 12:49:24 - - EoRezo
Cr: 03/01/2007 02:48:26 | Mo: 03/01/2007 02:48:26 - - EPSON
Cr: 21/10/2006 22:50:41 | Mo: 21/10/2006 22:50:41 - - funkitron
Cr: 02/12/2006 23:46:25 | Mo: 30/12/2006 00:36:22 - - Google
Cr: 17/08/2005 11:49:18 | Mo: 17/08/2005 11:49:18 - - Help
Cr: 06/06/2005 22:22:56 | Mo: 19/04/2005 17:58:49 - - Identities
Cr: 07/09/2005 08:59:32 | Mo: 07/09/2005 08:59:32 - - InterTrust
Cr: 16/03/2007 12:40:59 | Mo: 16/03/2007 12:40:59 - - ItsLabel
Cr: 26/08/2005 16:51:21 | Mo: 20/03/2006 22:34:34 - - Macromedia
Cr: 06/06/2005 22:22:55 | Mo: 23/09/2007 17:22:37 - - Microsoft
Cr: 05/01/2007 21:42:37 | Mo: 05/01/2007 21:42:41 - - Mozilla
Cr: 06/06/2005 22:22:55 | Mo: 13/12/2006 13:21:07 - - OFFICE One v6
Cr: 30/10/2006 12:14:43 | Mo: 30/10/2006 12:14:43 - - PF
Cr: 23/07/2007 21:33:57 | Mo: 23/07/2007 21:33:57 - - Real
Cr: 02/11/2007 15:52:05 | Mo: 02/11/2007 15:52:05 - - Simply Super Software
Cr: 15/04/2006 21:59:55 | Mo: 15/04/2006 21:59:55 - - Steinberg
Cr: 14/11/2006 17:42:40 | Mo: 14/11/2006 17:42:40 - - Sun
Cr: 13/12/2006 11:32:35 | Mo: 13/04/2007 22:45:49 - - Symantec
Cr: 04/10/2007 09:21:25 | Mo: 04/10/2007 10:03:04 - - VirusGarde
Cr: 08/11/2005 15:44:08 | Mo: 02/12/2006 23:34:47 - - WholeSecurity
Cr: 23/09/2005 20:16:44 | Mo: 23/09/2005 20:16:44 - - Yahoo!

C:\Documents and Settings\farid\Local Settings\Application Data

Cr: 20/09/2007 00:00:39 | Mo: 20/09/2007 00:00:59 - - Adobe
Cr: 06/05/2007 22:27:35 | Mo: 06/05/2007 23:12:01 - - Ahead
Cr: 14/04/2007 19:10:08 | Mo: 15/04/2007 10:11:38 - - ApplicationHistory
Cr: 02/12/2006 23:46:25 | Mo: 30/12/2006 00:36:22 - - Google
Cr: 17/08/2005 11:49:18 | Mo: 17/08/2005 11:49:18 - - Help
Cr: 17/08/2005 12:14:39 | Mo: 28/08/2005 00:25:04 - - Identities
Cr: 06/06/2005 22:22:55 | Mo: 24/10/2007 21:47:36 - - Microsoft
Cr: 05/01/2007 21:42:41 | Mo: 05/01/2007 21:42:41 - - Mozilla
Cr: 03/12/2006 03:15:15 | Mo: 03/12/2006 03:15:15 - - Showtime
Cr: 10/06/2005 12:51:34 | Mo: 26/02/2007 19:36:56 - - WMTools Downloaded Files



C:\Documents and Settings\issam\Application Data

Cr: 22/12/2005 13:36:18 | Mo: 22/12/2005 13:36:18 - - Creative
Cr: 30/08/2005 09:20:16 | Mo: 19/04/2005 17:58:49 - - Identities
Cr: 30/08/2005 09:23:22 | Mo: 30/08/2005 09:23:22 - - Macromedia
Cr: 30/08/2005 09:20:16 | Mo: 22/12/2005 13:36:19 - - Microsoft
Cr: 30/08/2005 09:20:16 | Mo: 20/04/2005 08:38:58 - - OFFICE One v6
Cr: 22/12/2005 13:36:23 | Mo: 22/12/2005 13:36:23 - - WholeSecurity

C:\Documents and Settings\issam\Local Settings\Application Data

Cr: 30/08/2005 09:20:16 | Mo: 21/04/2005 10:01:08 - - Microsoft

C:\Documents and Settings\laetitia\Application Data

Cr: 21/03/2006 16:42:46 | Mo: 21/03/2006 16:42:46 - - Creative
Cr: 20/01/2007 00:47:32 | Mo: 20/01/2007 00:47:32 - - Google
Cr: 21/03/2006 16:49:27 | Mo: 21/03/2006 16:49:27 - - Help
Cr: 21/03/2006 16:42:10 | Mo: 19/04/2005 17:58:49 - - Identities
Cr: 21/03/2006 16:42:10 | Mo: 19/01/2007 22:27:13 - - Microsoft
Cr: 20/01/2007 00:45:18 | Mo: 20/01/2007 00:45:18 - - Mozilla
Cr: 21/03/2006 16:42:09 | Mo: 20/04/2005 08:38:58 - - OFFICE One v6
Cr: 21/03/2006 16:42:47 | Mo: 21/03/2006 16:42:47 - - WholeSecurity

C:\Documents and Settings\laetitia\Local Settings\Application Data

Cr: 23/10/2007 16:43:31 | Mo: 23/10/2007 16:43:31 - - Ahead
Cr: 20/01/2007 00:47:32 | Mo: 20/01/2007 00:50:51 - - Google
Cr: 21/03/2006 16:49:27 | Mo: 21/03/2006 16:49:27 - - Help
Cr: 19/01/2007 22:27:13 | Mo: 19/01/2007 22:27:13 - - Identities
Cr: 21/03/2006 16:42:09 | Mo: 19/01/2007 22:26:01 - - Microsoft
Cr: 20/01/2007 00:45:18 | Mo: 20/01/2007 00:45:18 - - Mozilla

___________________________________________________________________________

[Listing du dossier Program Files]

C:\Program Files

Cr: 02/01/2007 22:55:21 | Mo: 09/05/2007 21:25:41 - - ABBYY FineReader 6.0 Sprint
Cr: 07/09/2005 08:59:32 | Mo: 19/09/2007 23:33:12 - - Adobe
Cr: 16/07/2006 15:00:15 | Mo: 16/07/2006 15:00:15 - - Alwil Software
Cr: 16/03/2007 23:40:24 | Mo: 16/03/2007 23:40:24 - - Anuman Interactive
Cr: 20/04/2005 08:25:29 | Mo: 20/04/2005 08:25:54 - - ATI Technologies
Cr: 20/03/2006 21:19:45 | Mo: 16/07/2006 14:45:11 - - AxBx
Cr: 16/04/2006 18:24:15 | Mo: 03/05/2007 22:25:22 - - BitComet
Cr: 20/04/2005 09:39:11 | Mo: 25/04/2005 09:09:08 - - BurnInTest
Cr: 06/05/2007 23:31:01 | Mo: 06/05/2007 23:31:51 - - CCleaner
Cr: 04/07/2005 20:09:21 | Mo: 04/07/2005 20:09:31 - - Cocktails
Cr: 11/12/2006 21:52:58 | Mo: 11/12/2006 21:52:58 - - Common Files
Cr: 19/04/2005 17:52:36 | Mo: 19/04/2005 17:52:36 - - ComPlus Applications
Cr: 07/09/2005 08:57:15 | Mo: 07/09/2005 09:00:21 - - Creative
Cr: 20/04/2005 08:43:12 | Mo: 20/04/2005 08:43:16 - - CyberLink
Cr: 02/09/2006 23:02:15 | Mo: 05/09/2006 07:53:45 - - EasyBurning
Cr: 08/11/2005 15:44:00 | Mo: 08/11/2005 15:44:00 - - eBay
Cr: 16/03/2007 12:40:19 | Mo: 16/03/2007 12:49:25 - - eoRezo
Cr: 02/01/2007 22:47:56 | Mo: 02/01/2007 23:14:33 - - epson
Cr: 19/05/2007 10:00:43 | Mo: 02/11/2007 00:59:16 - - EuroPoker
Cr: 19/04/2005 19:47:17 | Mo: 04/10/2007 09:21:13 - - Fichiers communs
Cr: 18/09/2007 21:21:18 | Mo: 18/09/2007 21:21:18 - - Free
Cr: 20/04/2005 09:18:06 | Mo: 20/04/2005 09:18:06 - - Generic
Cr: 02/12/2006 23:44:51 | Mo: 03/11/2007 09:43:04 - - Google
Cr: 04/07/2005 18:19:06 | Mo: 04/07/2005 18:19:08 - - greenstreet
Cr: 20/04/2005 09:33:41 | Mo: 20/04/2005 09:33:41 - - HighMAT CD Writing Wizard
Cr: 27/09/2006 20:40:53 | Mo: 27/09/2006 20:40:53 - - ICom Plugins
Cr: 20/04/2005 08:08:33 | Mo: 20/09/2007 15:20:03 - - InstallShield Installation Information
Cr: 20/04/2005 08:09:11 | Mo: 20/04/2005 08:09:11 - - Intel
Cr: 19/04/2005 17:52:49 | Mo: 10/10/2007 08:42:30 - - Internet Explorer
Cr: 23/01/2007 15:52:10 | Mo: 23/01/2007 15:52:10 - - Inventel
Cr: 17/08/2005 11:48:14 | Mo: 03/11/2007 09:42:17 - - Java
Cr: 01/03/2007 22:25:58 | Mo: 23/07/2007 21:33:44 - - JetAudio
Cr: 03/05/2007 22:21:36 | Mo: 03/05/2007 22:21:36 - - Kaspersky Lab
Cr: 06/05/2007 21:03:19 | Mo: 06/05/2007 21:03:19 - - Lavalys
Cr: 01/09/2005 19:03:24 | Mo: 01/09/2005 19:20:52 - - Livecom
Cr: 03/11/2007 23:24:21 | Mo: 03/11/2007 23:28:41 - - Lopxp
Cr: 19/04/2005 17:51:58 | Mo: 20/04/2005 09:27:03 - - Messenger
Cr: 19/04/2005 17:55:32 | Mo: 19/04/2005 17:55:32 - - microsoft frontpage
Cr: 26/12/2006 10:58:18 | Mo: 26/12/2006 10:58:29 - - Microsoft Office
Cr: 06/07/2005 19:37:53 | Mo: 06/07/2005 19:38:16 - - Mindscape
Cr: 17/09/2005 20:28:19 | Mo: 17/09/2005 20:28:19 - - Montorgueil
Cr: 19/04/2005 17:53:08 | Mo: 19/04/2005 17:53:11 - - Movie Maker
Cr: 05/01/2007 21:42:29 | Mo: 14/04/2007 22:00:36 - - Mozilla Firefox
Cr: 19/04/2005 17:51:25 | Mo: 10/06/2005 11:49:28 - - MSN
Cr: 19/04/2005 17:51:55 | Mo: 19/04/2005 17:51:55 - - MSN Gaming Zone
Cr: 26/08/2005 20:10:22 | Mo: 10/10/2007 11:01:25 - - MSN Messenger
Cr: 06/05/2007 21:51:05 | Mo: 06/05/2007 21:51:05 - - Nero
Cr: 19/04/2005 17:52:58 | Mo: 19/04/2005 17:53:23 - - NetMeeting
Cr: 20/04/2005 08:32:19 | Mo: 20/04/2005 08:34:32 - - OFFICE One6.5
Cr: 19/04/2005 17:52:03 | Mo: 19/04/2005 17:52:03 - - Online Services
Cr: 19/04/2005 17:52:55 | Mo: 13/06/2007 22:55:52 - - Outlook Express
Cr: 13/12/2006 22:50:41 | Mo: 12/04/2007 21:18:06 - - PerformanceTest
Cr: 15/02/2007 13:04:43 | Mo: 26/02/2007 15:00:07 - - SDLL
Cr: 19/04/2005 17:54:04 | Mo: 03/10/2007 09:46:30 - - Services en ligne
Cr: 14/12/2006 22:39:52 | Mo: 05/05/2007 22:52:24 - - Symantec
Cr: 13/10/2007 23:22:52 | Mo: 13/10/2007 23:22:52 - - Trend Micro
Cr: 19/04/2005 17:58:48 | Mo: 19/04/2005 17:58:48 - - Uninstall Information
Cr: 08/03/2006 17:15:06 | Mo: 08/03/2006 17:15:06 - - Viewpoint
Cr: 20/04/2005 09:06:34 | Mo: 20/04/2005 09:06:34 - - WinBBT
Cr: 05/10/2007 00:03:54 | Mo: 05/10/2007 00:03:57 - - Windows Defender
Cr: 20/04/2005 09:33:37 | Mo: 20/04/2005 09:33:37 - - Windows Journal Viewer
Cr: 15/10/2007 12:16:30 | Mo: 15/10/2007 12:16:30 - - Windows Live Favorites
Cr: 15/10/2007 12:14:54 | Mo: 15/10/2007 12:16:38 - - Windows Live Toolbar
Cr: 24/12/2006 15:17:56 | Mo: 02/03/2007 13:21:39 - - Windows Media Connect 2
Cr: 19/04/2005 17:52:03 | Mo: 24/12/2006 15:17:55 - - Windows Media Player
Cr: 19/04/2005 17:51:23 | Mo: 19/04/2005 17:51:47 - - Windows NT
Cr: 19/04/2005 17:54:07 | Mo: 19/04/2005 17:54:07 - - WindowsUpdate
Cr: 16/03/2007 23:34:03 | Mo: 25/06/2007 12:55:01 - - WinRAR
Cr: 19/04/2005 17:55:32 | Mo: 19/04/2005 17:55:32 - - xerox
Cr: 07/09/2005 10:38:35 | Mo: 11/12/2006 21:52:57 - - Yahoo!
Cr: 17/08/2005 11:48:38 | Mo: 17/08/2005 11:48:38 - - ZTE Corporation

___________________________________________________________________________

[Recherche programmes connus, liés à CiD]



___________________________________________________________________________

[Clés registre de démarrage]


___________________________________________________________________________

[Popups autorisés]


[-] Internet Explorer :

www.tv-radio.com

[-] Mozilla Firefox


[-] Suite Mozilla / SeaMonkey


___________________________________________________________________________

[Suggestion nettoyage registre] 

- Aucune suggestion.

- Fin du rapport -

rfb · Answer

merci,pour ton aide a++

green day · Answer

ok,

Télécharge SDFix sur ton bureau 

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. 
Redémarre ton ordinateur en mode sans échec 
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script. 
Appuie sur Y pour commencer le processus de nettoyage. 
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
Appuie sur une touche pour redémarrer le PC. 
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis ! 


++

rfb · Answer

he j ai SDFIX,après guide moi pour allez sur le bureau...ect...merci

rfb · Answer

ok j y suis arrivé sur le bureau...mais pour redemarer sans echec je me rappel + ...

green day · Answer

voir ici : http://www.commentcamarche.net/faq/sujet 5004 windows xp d marrage en mode sans chec

@+++

rfb · Answer

enfin ...
SDFix: Version 1.113

Run by farid on 04/11/2007 at 01:09

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\farid\Bureau\sdfix\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1253 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-04 01:25:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Overnet\overnet.exe"="C:\Program Files\Overnet\overnet.exe:*:Enabled:Overnet Application"
"C:\Program Files\Livecom\Application\eConfv4\ftplayer.exe"="C:\Program Files\Livecom\Application\eConfv4\ftplayer.exe:*:Enabled:eConf player"
"C:\Program Files\Yahoo!\Messenger\YPager.exe"="C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\Program Files\Orange Link\Application\Exe\Orange Link.exe"="C:\Program Files\Orange Link\Application\Exe\Orange Link.exe:*:Enabled:Orange Link"
"C:\Program Files\Orange Link\Application\eConfv4\olinkp.exe"="C:\Program Files\Orange Link\Application\eConfv4\olinkp.exe:*:Enabled:Orange Link Player"
"C:\PROGRA~1\ORANGE~1\APPLIC~1\Exe\ORANGE~1.EXE"="C:\PROGRA~1\ORANGE~1\APPLIC~1\Exe\ORANGE~1.EXE:*:Enabled:Orange Link"
"C:\PROGRA~1\ORANGE~1\APPLIC~1\Exe\..\EconfV4\olinkp.exe"="C:\PROGRA~1\ORANGE~1\APPLIC~1\Exe\..\EconfV4\olinkp.exe:*:Enabled:Livecom Media"
"C:\Documents and Settings\farid\Local Settings\Temporary Internet Files\Content.IE5\SHY7K123\PeerFactor[1].exe"="C:\Documents and Settings\farid\Local Settings\Temporary Internet Files\Content.IE5\SHY7K123\PeerFactor[1].exe:*:Enabled:PeerFactor Provider"
"C:\Program Files\NeoNapster 4.0\NeoNapster.exe"="C:\Program Files\NeoNapster 4.0\NeoNapster.exe:*:Enabled:TODO: <File description>"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\PROGRA~1\ORANGE~1\APPLIC~1\Exe\ORANGE~1.EXE"="C:\PROGRA~1\ORANGE~1\APPLIC~1\Exe\ORANGE~1.EXE:*:Enabled:Orange Link"
"C:\PROGRA~1\ORANGE~1\APPLIC~1\Exe\..\EconfV4\olinkp.exe"="C:\PROGRA~1\ORANGE~1\APPLIC~1\Exe\..\EconfV4\olinkp.exe:*:Enabled:Livecom Media"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

Sun 19 Mar 2006         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 22 Jul 2002       418,816 A..HR --- "C:\WINDOWS\system32\Tools\All.exe"
Fri 19 Jul 2002       390,144 A..HR --- "C:\WINDOWS\system32\Tools\Change.exe"
Fri 19 Jul 2002       574,464 A..HR --- "C:\WINDOWS\system32\Tools\CheckPath.exe"
Tue 20 Aug 2002       430,592 A..HR --- "C:\WINDOWS\system32\Tools\Counter.exe"
Tue 23 Jul 2002       390,656 A..HR --- "C:\WINDOWS\system32\Tools\DelFolders.exe"
Fri 22 Nov 2002       399,872 A..HR --- "C:\WINDOWS\system32\Tools\DirectSetup.exe"
Fri 19 Jul 2002       388,096 A..HR --- "C:\WINDOWS\system32\Tools\RegClean.exe"
Fri 19 Jul 2002       388,608 A..HR --- "C:\WINDOWS\system32\Tools\Regexe.exe"
Mon  2 Dec 2002       431,616 A..HR --- "C:\WINDOWS\system32\Tools\Restart.exe"
Fri 19 Jul 2002       388,096 A..HR --- "C:\WINDOWS\system32\Tools\RunRegexe.exe"
Sun 24 Dec 2006             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"

Finished!

green day · Answer

Salut

 fais ce qui est indiqué ici stp : 

http://www.commentcamarche.net/faq/sujet 3174 virus m thode pr liminaire de d sinfection version fr

++

Cheval de troie C/WINDOWS/SYSTEME32/TEMP2EXE

15 réponses

Votre réponse

Newsletters